On Trial: File Transfer in the Legal Industry

24
Sep
2014

Ken Allen

Email has become the business standard for communication with colleagues and customers. In legal institutions, email can be an efficient and important conduit for conducting attorney-client communications. However, law firms can be caught between a proverbial “rock and a hard place” with regards to this form of correspondence. While clients demand a simple way to work together, it is essential that electronic communication does not lead to security risks: i.e. someone other than the client or privileged third party obtaining confidential documents.

While this may seem obvious, a recent study of law firms’ file sharing processes revealed that a minority of law firms are using security technology to protect electronic communications: email encryption (22%), password protected documents (14%), use a secure file sharing site (13%). 

While email is the foundation of work processes, the digital environment in which we operate is constantly changing. Every organization is vulnerable to cyber threats and attacks are constant across industries. Let’s take a deeper dive into just how secure file sharing is in the legal industry.

The recent study by LexisNexis finds that file sharing is an integral part of a law firm’s day-to-day operations. Yet, while firms are keenly aware of the consequences of IT security risks, unencrypted emails, which are merely reinforced by a statement of confidentiality, remains the primary line of defense when sharing confidential files. Seventy-seven percent of law firms include a confidentiality statement in emails and use that statement as their main line of defense against security threats. The majority surveyed (57 percent) said if someone other than a client or privileged third party were to obtain documents shared via email the results would be “very consequential.” The survey, however, also revealed that while nine in 10 law firms use email for business purposes, only about one in four encrypt those communications. Lastly, when law firms were asked if other employees were using free file sharing services, about one-third said “yes,” another third said “no,” and the final third were “unsure.” It seems like the consequential results may fall to the wrong side (It should be noted that this data does have a caveat: tending to be truer among smaller firms than it is of larger firms).

The data not only reveals a true disconnect between security concerns and the measures employed to protect law firms and their clients, but underscores the need for clearer processes, policy and IT tools. Key management has traditionally represented a challenge for small organizations using PGP encrypted email.  If keys are not carefully managed then encryption can be easily cracked. This could be a reason for their hesitancy in employing encryption. Needless to say, a firm that fails to protect sensitive client information faces the threat of class-action lawsuits, damage to reputation and the loss of competitive advantage. As the number of files being transferred – and the costs related to those transfers – continues to increase, and as compliance and security demands grow, legal organizations must rectify the security holes in their systems. A managed file transfer solution (MFT) is one method to ensure data is completely secure during electronic communication. 

With the right MFT solution, organizations can reduce security risk incidents while increasing efficiency and productivity. MFT systems support efficient file transfer as part of a business process – and therefore allow IT to better manage to the data. IT must stay on top of data movement whether it’s through another system, a desktop user or a mobile user, to identify whether an external breach has occurred or the organization has an internal threat in the event of file abuse. Within the same study, when asked what top three features law firms demand in file sharing, the ability to revoke or modify access privileges after a document was sent ranked second. MFT provides this visibility into all data activities, including files, events, people, policies, processes and audits, as well as the ability to proactively manage and automate all internal and external file interactions. Legal professionals can further gain more control of logging activity and have better visibility into their systems, in addition to increased maintenance of security profiles by performing self-administration. Users can also receive a receipt or notification of download, which is increasingly useful in maintaining a secure file transfer environment among coworkers as well as throughout client communication. 

In order for legal industry professionals to protect themselves and their respective clients, they must ensure that that files are transferred securely and compliantly. This also means that their IT departments have visibility into what files are going where – whether the file is being exchanged between processes or among people, internally or externally. Before it is too late, the legal industry must reevaluate its current security protocols, and not merely rely on a confidentiality statement in their emails as main line of defense against security threats.