Exposing your law firm to the dangers of file sharing: What are the 3 ways to protect your firm?

Posted on 09-23-2014 by
Tags: Latst Headlines & Stories , cyber security , BYOD , Privacy , cloud storage


Photo Credit: zippy / Shutterstock.com

Every day attorneys will “hit send” as they email back and forth a myriad of confidential documents to their clients and colleagues. While this is a seemingly harmless business task, a new study from LexisNexis shows that electronic file sharing might not be as safe as some attorneys think it is.

The study, File Sharing in the Legal Industry, found that while a majority (89 percent) of law firms use email for business purposes daily, just 22 percent are encrypting that information. This means the bulk of firms are sending unprotected client files over email, despite being acutely aware that they are taking a big risk in doing so.

In contrast, the study showed that the majority of law firms (77%) favor confidentiality statements in the body of an email as their main line of defense. However, warn security experts, a mere confidentiality statement won’t do very much to protect a client’s private information.

How then can firms better protect their clients’ confidential information in an industry that shows no signs of slowing down its use of email, BYOD devices and cloud-based technology? The good news is there are several ways firms can protect their clients’ privileged information, and ultimately protecting their firm.

1. Use Enterprise File-Sharing Sites

Enterprise file-sharing sites are a great option for firms who want to ensure the utmost protection for their clients. Enterprise file-sharing services invest heavily in beefing up security for their customers. Many enterprise file-sharing solutions will embed security into each document rendering the file unreadable in the event its gets into the wrong hands.

Conversely, consumer file-sharing sites were never created with the intention of protecting the kind of confidential information lawyers pass along to their colleagues and clients, on a daily basis.

Many enterprise file sharing sites will enable attorneys to set controls in terms of how and when files can be viewed. This empowers firms to:

  • Define who is allowed to access a document
  • Control how a file is viewed and duplicated, including the ability to allow or block printing, editing, copying and forwarding
  • Set expiration dates, or revoke permission to view a document at will
  • Create an audit trail of where documents were viewed, on which devices and at what times

Other things to think about when considering an enterprise file-sharing solution:

  • How much storage does the solution provide?
  • Does the solution include easy-to-use features like drag and drop capabilities?
  • What happens if files are lost or stolen, can they be viewed by outside parties?

2. Encrypt Email:

Another way to protect confidential email is by using email encryption. However, it is important to note that email encryption doesn’t protect against copying, forwarding and downloading once the message has been decrypted. It also requires recipients to decode encrypted email, which can be a time consuming and complicated task for clients.

Here are some things to look for when shopping for encryption services:

  • Does the solution encrypt messages that will be copied and forwarded e.g. while the information is in transit?
  • Is the encryption solution too complicated for clients to handle?
  • Does the solution provide full-disk encryption for portable devices and lap tops?

3. Enforce a Company Policy

According to the study, more than half or 53 percent of attorneys at small firms are using consumer file sharing sites to send confidential client information. This can pose a big risk to a small firm just getting off the ground because the loss of client files can translate into the loss of business. The best defense is to take a proactive stance and set clear policies about which file-sharing sites and acceptable to use for work purposes and which ones are not. Firms can’t assume their employees know the difference so education and regular reminders are key.

Just remember to beware of hidden dangers

While there’s never 100 percent assurance that a breach won’t happen, there are other hidden security risks out there that law firms should be aware of:

  • USB Thumb/Flash Drives- While these portable devices are great tools for attorneys to use when travelling, they can be easily misplaced due to their small size and just about anyone who gets their hands on one can open them easily. Moral of the story, use caution when travelling with USB drives.
  •  Public Computers-Most attorneys know not to use public computers to open confidential files, but many clients aren’t aware of the risks. The best bet is to inform clients not to use public computers to communicate with the firm and remind them no public computer, whether it’s at a library, business center, hotel, airport, etc. offers adequate protections against privacy or security breakdowns.
  • Laptops- Almost all firms use laptops or desktops daily, but are not necessarily as careful about protecting confidential data on them. Make sure that all firm computers and portable back-up/hard drives are protected with passwords that include upper and lower case letters, numbers and symbols. Having a strong password is a critical first step in protecting files. Also remember that devices such as old computers and laptops should be wiped with military grade software before they are discarded.

  • Fax- While email is undoubtedly the communication vehicle of choice, there are clients who prefer to share confidential information over fax. For those clients who insist on using fax to communicate make sure to warn them to take precautions such as putting the machine in direct proximity to a scanner and shredder. That way, after scanning them into a secure computer, they can safely dispose of the originals.

As law firms continue to navigate through and increased level of sophistication in online threats, there is light at the end of the tunnel. In this case, knowledge is power. Just as any great attorney knows, the best way to win the case is to learn all the facts and develop the best possible defense. In this case, why not take a page out of the attorney playbook?

The above article is courtesy of the Business of Law Blog.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close