How many emails have you sent or received in the past week? How many times have you shared a document through a thumb drive? Or how many documents have you shared through a consumer file sharing service? Whether you know it or not, all of these document sharing methods place you or your firm at risk.
Can you be trusted?
Your reputation depends on your clients’ trust. So, it follows that protecting their privileged information should be a top priority. But cyber hacking and simple human error can put that trust at risk when you share documents through insecure methods. Tax records, intellectual property, health information, and more could be exposed to others with less than noble intentions.
A lawyer or firm that allows confidential information to be compromised, even if unintentionally, could be held responsible. Most jurisdictions have rules that require lawyers to properly protect their clients’ confidential information. The Law Society of Ontario, for example, spells this out in the Rules of Professional Conduct1.
No Email is Completely Secure
Email makes document sharing easy. No need to wait for a courier. All you need to do to share a document with a client, opposing firm, or third party is specify the recipient, attach your document, and press “send”.2
Whether you know it or not, this process exposes you to all kinds of risks, from “bad actors” to human error. Yet, nearly 90 per cent of firms surveyed said their firms use email to collaborate with clients or third parties on matters, with almost 75 per cent using it daily.3
Email can expose your confidential information even when you take measures to protect it. The most common risks? Emails can be:
- Intercepted and read at routers, internet service providers, or IT departments
- Inadvertently sent to the wrong person
- Forwarded to an unauthorized recipient
- Printed and then read by an unauthorized recipient
- Lost in a spam filter4
In the worst case, your emails may be the target of malicious hackers seeking to profit from your clients’ data. No email platform is completely immune to security breaches, and just one compromised inbox could put an entire firm’s data at risk. In a survey of IT professionals, 71% believed they had likely experienced a theft or loss of email attachments.4
There are measures you can take to reduce risk, but they aren’t foolproof. Encryption won’t protect against copying, forwarding, or downloading once the message has been decrypted. Confidentiality statements are no better. As licensed attorney Christopher T. Anderson states, “confidences, once let into an unsafe ether, are put at risk, and no ‘confidentiality statement’ can mitigate that.”3
Are You All Thumbs?
Thumb drives are a convenient way to share documents, or take work home or on the road. They’re compact, plug into any USB port and can be read by anyone (provided the documents were created in common software).
But the thumb drive’s benefits are also its drawbacks. Because they are small they are easily lost. And because they can be read by anyone, their data is far from secure. In fact, LexisNexis found that 68 per cent of IT professionals said they had likely or very likely experienced a theft or loss of data stored on a USB drive.4
Consumer File Sharing is for Consumers
Online file sharing services have become the go-to document sharing method for many consumers. They are especially useful for sharing documents too large to attach to an email. Once set up, they are easy to use and can even be integrated with your computer’s folder structure.
On the other hand, consumer file sharing services were never designed to protect your data. They don’t come with the security measures lawyers should be seeking for confidential documents. Even worse, because sharing is so easy, one mistaken keystroke could share every folder on your computer.
Why are these services a particular problem for law firms? In the LexisNexis survey, over half of respondents said they had put confidential information on free consumer file-sharing sites. And in many cases, the firm was not aware this was happening. Aside from security issues, what if the lawyer using these services leaves the firm? How easy will it be to locate the documents?
Secure Document Sharing
The preferred alternative to email, thumb drive, or consumer file sharing is a service built specifically for exchanging confidential documents. These internet-based services take strict security measures to ensure that data is kept safe. Email may still play a role, but documents are shared through a link or by logging in to the service, rather than through an attachment.
Not all secure document sharing is the same. Your system should include these essential features:
- A secure hosting facility in your country of origin. You want your cloud provider to adhere to the data protection and privacy laws of your local jurisdiction.
- Backup services for the data you are storing in the cloud.
- Parties invited individually for each matter and required to authenticate through a password or multi-factor authentication before they can access a document.
- An audit trail that tracks and records document receipt and open date and notifies the sender by email or text message.
- Secure document access from anywhere through desktop or laptop computers, or through a mobile device.
Concluding Thoughts
Secure document exchange addresses virtually all the risks of traditional methods. If hackers get into your email system, your documents are safe because they aren’t stored on your email server. There are no thumb drives that can fall into the wrong hands. And your documents are protected by a team of security experts in a secure facility 24/7.
These cloud-based platforms provide cost benefits, too. Your cloud provider will regularly update hardware and software so it always adheres to the latest performance and security standards. These services are typically much less costly than maintaining your own systems.
Don’t you owe it to your clients and your firm to explore secure document sharing?
About the Author
Michael Sauber leads the marketing program for Korbitec, producer of Automated Civil Litigation Software (ACL). He has worked with document production technologies and professional services for over 30 years and is a frequent blogger on these topics.
1 Rules of Professional Conduct, Chapter 3, Section 3.3. Law Society of Ontario. Amended October 2014.
2 Fox-Mills, Alexis. The importance of secure file sharing for law firms. workshare.com. February 1, 2017.
3 File-Sharing in the Legal Industry. LexisNexis. 2014.
4 Christopher T. Anderson and Dan Barahona. When “secure enough” isn’t enough: A Law Firm Guide to Protecting the Confidentiality of Shared Client Files. LexisNexis. January 8, 2018.