Finance Corner

4 Ways to Enhance the Security of Your Law Firm Information

Written by Donald Tucker, Esq. | Deputy General Counsel | Mar 1, 2019 4:32:59 PM

In the modern age of technology and constant communication, attorneys have to worry about things that wouldn’t cross the minds of previous generations. One of the largest concerns currently facing modern attorneys is the ever-evolving issue of cyber document security. Since 2011, 80 out of the 100 biggest law firms in the country have experienced security breaches to some degree. Now, more than ever, law firms of all shapes and sizes are upping the degree of thought and funding that’s applied to protecting sensitive client and company information. The following provides a breakdown of what you need to know: 

1. Usability/Affordability v. Security 

Everyone likes a bargain. However, when it comes to your firm’s cyber security, finding the best deal should not be your primary concern. Cyber security is becoming a huge part of the legal profession since maintaining client confidentiality is a cornerstone of the practice of law. With the access we now have to countless devices and mediums to communicate and share information, it is imperative that security leads between these competing interests. Invest time and money now when it comes to cyber security to avoid having to pay the price (and then some) at a later date. Malpractice claims rose 30% over the last two years pertaining to breaches in client confidentiality. One option is Sync.com for your document security needs. According to Cloudwards.net, it ranks #1 in security for all cloud-based services used by lawyers and monthly packages start at a mere $4.08.  

2. Be Wary of Email and USB Drives 

When it comes to the use of email and USB drives, it is important to remember that what we’re comfortable with is not always best. Many of us have become very comfortable with sending emails and handling USB drives; however, just because we use these modes of information-sharing regularly doesn’t mean they are always the most secure means of communication. Here are some ways to tighten up security when file-sharing in the office:

Email: On a micro level, when communicating with a client via email, explicitly warn the client about the risks involved when exchanging privileged information over this type of medium. It’s important that they are fully aware of any significant risk where a third party may come into contact with their information. If it’s mutually decided to go this route, make sure you’re using the most current version of Microsoft Office or Adobe Acrobat, password protect it with a “strong” password (will be defined later), and then provide the password in another document, or verbally over a secure phone line.

USB Drives: Again, using a USB drive may seem like a convenient way to save data, however most IT professionals will tell you that USB drives are one of the worst forms of storage due to the sheer fact that they are physically small and tend to get lost easily. In fact, 68% of IT respondents reported that they had likely experienced a theft or loss of data stored on a USB drive. Therefore, it is highly advisable to refrain from using any such device when it comes to client or confidential documents.

3. The Cloud Can Be Okay… 

It’s important to remember that most consumer file-sharing services were not created with security measures to safeguard business-critical files, let alone withstand the confidentiality requirements of law firms. When choosing a cloud service—a choice almost all firms will face at some point—be sure it provides an HSM-based encryption with tamper-detection circuitry for full encryption at rest and in transit, capable of satisfying even the strictest regulations. Since the Cloud’s genesis, countless new algorithms and software have been fortified to meet the needs of users from all walks of life, making it exponentially more secure for confidential documents and for law firms to use. For lawyers, state of the art “zero-knowledge” technology is pivotal when choosing an online data-storage service. A zero-knowledge algorithm does not allow the data host (i.e. Sync) to know of or have access to any of its clients’ content, and it also encrypts data in transit (uploads/downloads) and at rest (in storage). The downside to the airtight security that such cryptography generates is a decrease in usability. What would normally take seconds to access may take several minutes and may require a daunting verification process. Security, however, will always reign victorious over usability. 

4. How to Create the Perfect Password 

One of the biggest errors lawyers can make when it comes to document security is creating their own password. After going through the painstaking process of properly encrypting a document, a password is needed to “officially” lock it. Avoid negating your meticulous work and use a password manager to create one for you. Software like this will create passwords that take hackers and password-cracking programs up to 66 million years to decrypt, while passwords generated in the human mind take about…6 seconds. When tested, the strongest password was comprised of 20 random upper and lowercase letters, numbers and punctuation. While seemingly daunting, by using a password manager to produce a password of this fortitude, you eliminate any anxieties of having sensitive documents breached and you can focus your energy elsewhere while the software does the dirty work for you and your colleagues.                                        

Adhering to these guidelines and applying the foundations of document security to your own internal policies can help the threat of a full-on security breach should be exponentially diminished.

Remember, the success of your security is in the details:

  • Chose the perfect cloud service
  • Spend the extra dollar
  • Lock every single shared document
  • Generate the most complicated password
  • Keep information on a strict “need-to-know basis”
  • Always log out of your work account 

All are easy provisions to make to work to ensure the safe and secure future of your firm.

Disclaimer: This is intended as a guide only and not as a guarantee to secure your sensitive client and company information