Every day attorneys will “hit send” as they email back and forth a myriad of confidential documents to their clients and colleagues. While this is a seemingly harmless business task, a new study from LexisNexis shows that electronic file sharing might not be as safe as some attorneys think it is.
The study, File Sharing in the Legal Industry, found that while a majority (89%) of law firms use email for business purposes daily, just 22% are encrypting that information. This means the bulk of firms are sending unprotected client files over email, despite being acutely aware that they are taking a big risk in doing so.
In contrast, the study showed that the majority of law firms (77%) favor confidentiality statements in the body of an email as their main line of defense. However, warn security experts, a mere confidentiality statement won’t do very much to protect a client’s private information.
How then can firms better protect their clients’ confidential information in an industry that shows no signs of slowing down its use of email, BYOD devices and cloud-based technology? The good news is there are several ways firms can protect their clients’ privileged information. The first step involves understanding the risks involved.
Download the complete white paper:
A Law Firm Guide to Protecting the Confidentiality
of Shared Client Files
6 Risks That Every Firm Needs to Know
1. Be read and intercepted at:
- Router points
- Internet service provider (ISP)
- Internal IT departments
2. Be inadvertently sent to the wrong recipient
3. Be forwarded to unauthorized recipients
4. Be printed, then read by unauthorized recipients
5. Be accidentally caught up in litigation holds
6. Get lost in spam filter
While some attorneys are likely cringing at the thought of any of the above scenarios from happening, the reality is they happen, and more often than you think.
3 Ways to Protect Your Firm
1. Use Enterprise File-Sharing Sites
Enterprise file-sharing sites are a great option for firms who want to ensure the utmost protection for their clients. Enterprise file-sharing services invest heavily in beefing up security for their customers. Many enterprise file-sharing solutions will embed security into each document rendering the file unreadable in the event its gets into the wrong hands.
Conversely, consumer file-sharing sites were never created with the intention of protecting the kind of confidential information lawyers pass along to their colleagues and clients, on a daily basis.
Many enterprise file sharing sites will enable attorneys to set controls in terms of how and when files can be viewed. This empowers firms to:
- Define who is allowed to access a document
- Control how a file is viewed and duplicated, including the ability to allow or block printing, editing, copying and forwarding
- Set expiration dates, or revoke permission to view a document at will
- Create an audit trail of where documents were viewed, on which devices and at what times
Other things to think about when considering an enterprise file-sharing solution:
- How much storage does the solution provide?
- Does the solution include easy-to-use features like drag and drop capabilities?
- What happens if files are lost or stolen, can they be viewed by outside parties?
2. Encrypt Email:
Another way to protect confidential email is by using email encryption. However, it is important to note that email encryption doesn’t protect against copying, forwarding and downloading once the message has been decrypted. It also requires recipients to decode encrypted email, which can be a time consuming and complicated task for clients.
Here are some things to look for when shopping for encryption services:
- Does the solution encrypt messages that will be copied and forwarded e.g. while the information is in transit?
- Is the encryption solution too complicated for clients to handle?
- Does the solution provide full-disk encryption for portable devices and lap tops?
3. Enforce a Company Policy
According to the study, more than half or 53 percent of attorneys at small firms are using consumer file sharing sites to send confidential client information. This can pose a big risk to a small firm just getting off the ground because the loss of client files can translate into the loss of business. The best defense is to take a proactive stance and set clear policies about which file-sharing sites and acceptable to use for work purposes and which ones are not. Firms can’t assume their employees know the difference so education and regular reminders are key.
Beware of Hidden Dangers
While there’s never 100 percent assurance that a breach won’t happen, there are other hidden security risks out there that law firms should be aware of:
- USB Thumb/Flash Drives- While these portable devices are great tools for attorneys to use when travelling, they can be easily misplaced due to their small size and just about anyone who gets their hands on one can open them easily. Moral of the story, use caution when travelling with USB drives.
- Public Computers-Most attorneys know not to use public computers to open confidential files, but many clients aren’t aware of the risks. The best bet is to inform clients not to use public computers to communicate with the firm and remind them no public computer, whether it’s at a library, business center, hotel, airport, etc. offers adequate protections against privacy or security breakdowns.
- Laptops- Almost all firms use laptops or desktops daily, but are not necessarily as careful about protecting confidential data on them. Make sure that all firm computers and portable back-up/hard drives are protected with passwords that include upper and lower case letters, numbers and symbols. Having a strong password is a critical first step in protecting files. Also remember that devices such as old computers and laptops should be wiped with military grade software before they are discarded.
- Fax- While email is undoubtedly the communication vehicle of choice, there are clients who prefer to share confidential information over fax. For those clients who insist on using fax to communicate make sure to warn them to take precautions such as putting the machine in direct proximity to a scanner and shredder. That way, after scanning them into a secure computer, they can safely dispose of the originals.
As law firms continue to navigate through and increased level of sophistication in online threats, there is light at the end of the tunnel. In this case, knowledge is power. Just as any great attorney knows, the best way to win the case is to learn all the facts and develop the best possible defense. In this case, why not take a page out of the attorney playbook?
If you enjoyed this post, you might also like:
Law Firms: Soft Targets; Hard Truths