Everyone in the legal industry is or should be concerned about the security and digital rights management of their sensitive documents and control over their email attachments. In today’s highly networked, mobile world, any information sent electronically is subject to theft or leakage. And it doesn’t matter if you’re at a small firm or company or a large one. A breach or leak can and will come your way, and the only question is how prepared are you to identify the source and shut down access to the compromised material immediately.
And yet, despite the concern over security, most firms and companies continue to use consumer-grade file sharing and collaboration tools, virtual data rooms and unprotected email attachment software to transfer their critical documents. Services like Dropbox, Dropbox alternatives and Google Drive have minimal security mechanisms in place, and a document that’s accidentally shared with an unintended party is immediately and forever beyond your control. The party can save it locally, print it, take a screen shot, and so on. Unprotected email attachments are potentially even worse, because you have no way of knowing where your information has been forwarded and who has the unencrypted document. And while using unsecure email attachment and consumer file sharing platforms puts you at a huge risk, it’s hardly a recent practice in the legal industry. Lawyers and legal professionals have been rolling the dice with their confidential documents for years. Frankly, it’s time to stop. The industry should set standards for document handling and firms should start using a secure enterprise file sharing, secure FTP/Dropbox alternative and DRM platform.
It wasn’t too many years ago that a lot of communication between a lawyer and a client was done via facsimile. One or the other would print an item on a piece of paper or create and electronic .tiff file, place the document in a fax machine (do you still have one in your office?), dial a number and the document printed out at the other end for anyone to see and retrieve. Talk about a lack of security. But security wasn’t the primary focus then, speed and ease of use were the keys to making this method of document delivery successful as it was much better than using the Post Office.
Flash forward a few years and now everyone is sending emails with attachments. This was a much improved but still unsecure method of delivery. Not only could you address it to a specific individual but you could get a “return receipt” when they opened it. The only issue was that as file sizes for attachments grew many companies had size restrictions in place with their messaging environments. In addition, someone could take the email and attachment and forward them to whomever they wanted. If you were especially savvy and concerned about security, you could encrypt the message, making it next too impossible to read unless you shared the encryption keys with the intended reader. But this was complicated and most people did not use this to secure the delivery of their important legal documents.
Then came the consumer grade, cloud based, file sharing products that allowed people to share larger files outside of the confines of company IT size limitations. But, once again, where was the security? Who was the data being shared with? Who could see the data? Is there any kind of audit trail? Where was it actually stored? Was it being backed up? And, most importantly, does the law firm even know that their and their client’s data was not contained within the confines of the legal firm’s IT department?
Today, law firms large and small should be looking at secure file sharing products that provide robust encryption capabilities. This means that the data should be encrypted from when it is first created until it has reached the end of its useful lifecycle. That lifecycle should be defined by data retention policies based on either the law firm’s requirements or the clients. De-duplication for storage considerations especially with longer retention policies should be utilized to minimize overall storage requirements. Specific numbers of versions should also be identified so that if there is an investigation, all versions of the data item can be reviewed. Permissions should be associated with the data that allows people to edit or print or potentially even share with others if required.
With more and more revelations about data repositories being hacked and data being compromised, law firms should place an emphasis on secure file sharing. It is imperative that law firms maintain their data and integrity as well as the data and the integrity of their clients.
To learn more about how you can better protect your sensitive data with Vaultize's data security platform, DRM tools and secure file sharing software, contact our solutions architects.
If you have any questions about this blog post or others, please feel free to reach out.