Lawyers Are Failing at Secure File Sharing
How do you correspond with clients and other privileged parties? Unless you're on the Supreme Court, which apparently still uses memos on ivory paper, you probably use email. And if you need to send documents or files to a client, you probably attach them to the email.
What else are you doing? Not much, according to a recent survey -- the majority of lawyers do little more than include a confidentially statement in the email.
The Problem
Bob Ambrogi, discussing the survey's findings of failure, noted:
If I were to leave a document on a table entitled, "My Deepest, Darkest Secrets," under which I wrote, "Please do not read this unless you are someone I intended to read this," how securely would you think I'd protected myself?
That, effectively, is all the majority of lawyers do to protect confidential documents they share with clients and colleagues, according to a LexisNexis survey published this week.
How about some numbers? According to the survey:
- 77 percent include a confidentiality statement;
- 22 percent encrypt emails;
- 22 percent include a confidentiality statement in the subject line;
- 17 percent require clients' written consent for transmission (compared to 13 percent that require oral consent);
- 14 percent password protect documents;
- 13 percent share links to documents shared on a secure site.
Why is this a problem? After all, it's not like clients' email accounts aren't password protected. You're not leaving the files on their door stoop, or as Ambrogi stated, on a table.
But in a way, you are. Take, for example, a family law dispute. You email important documents to a client. Her spouse, if he doesn't know her password already, probably knows the typical information required to gain access to the account (birth date, mother's maiden name, etc.). Or, even more simple: he's stopped by to pick up the kids and clicks around on her unattended computer.
We could think of hypothetical examples in other contexts as well, but you get the point: two passwords, or two layers of security, one which you control, is better than relying on a client's email, which could be secured by something as ridiculous as the password "password."
The Solution
Do you use a cloud practice management platform? Most of these include secure client portals where you can store documents. Generic cloud storage providers, like DropBox, Box, and Google Drive may also have password protection features that are superior to an email attachment.
There's also encrypted email and password protection on the documents themselves.
In fact, there are a ton of better ways to securely send files to clients, which itself might be part of the problem (too many choices). We'll take an in-depth look at your options next week.
How do you handle secure file sharing? Join the discussion on Facebook and we might feature your tips in next week's post.
Related Resources:
- Mary Meeker Report: It's All About Mobile (FindLaw's Technologist Blog)
- 4 Ways to Protect Yourself on Free Public Wi-Fi Networks (FindLaw's Technologist Blog)
- WordPress Security Bug: Don't Log In From Public Wi-Fi (FindLaw's Technologist Blog)