Tips for Safeguarding Client Information
Safeguarding client information isn't as easy as you might think. In the digital age, safeguarding information is something even the most tech-savvy corporations struggle with. To ensure that your clients' information is safe, you actually have to be proactive about your security. Let's start from the beginning.
Rule 1.6
Back in what seems like ages ago, the FBI first ominously warned that law firms were prime targets for hackers. The industry collectively yawned. When government officials repeated their worries of law firm vulnerabilities to outside attackers, we kinda stretched a little.
The problem is that law firms are repositories of extremely sensitive information and ought to treat that information as such. In fact, they are technically required to expend at least "reasonable efforts" to prevent inadvertent or unauthorized disclosure to confidential client information, as stated in ABA Model Rule 1.6(c).
Today, the standard is the same, but the world is different. What's reasonable today is much different than what "reasonable" meant 50 years ago.
We know this sounds pathetic, but we're all a bit naive when it comes to our online security efforts. Chinese and Russian hackers must love us. Year after year, despite the danger, we continue to use "123456" as the password required to keep others out.
Another key issue, though less ridiculous, is encryption. A number of email platforms and devices actually do this for you. But as an attorney, you really should take a weekend to learn the basics of encryption and apply it to your data and email. If you get sued for malpractice, you may be able to convince the ethics committee that failing to encrypt was not a breach of the "reasonable efforts" standard, but we doubt you'll get away with that same trick with regards to "123456." Change you password to something longer and more complex, and begin encryption of your email.
Wi-Fi
This is another big one, but we can be forgiven slightly. Personal devices including phones and tablets are all designed to allow the consumer to get Internet access now -- security be damned. If you're a busy attorney, you might not notice how you've moved out of your password protected network into a public wi-fi area. And whaddya know? You're about to send confidential information to another attorney over the Cafe's free network -- or some individual's.
Data that is transferred in packets is generally okay so long as it is encrypted. Again, this gets complicated, but it should be rather clear now that with an open network, unencrypted data is basically open for any teen hacker to see who happens to be hanging out nearby.
The Basics
If there's one thing lawyers know how to do, it's research. You should first explore options for encrypting your email. If you use Gmail, there are dozens of programs out there you can easily research and download that will get you started. This will basically at least delay hackers as they first target the lame and the infirm -- I mean, the unencrypted folks.
Second, change your password to something with at least enough inherent entropy that it will give brute force machines some run for their money. Your client's security your reputation are on the line.
Related Resources:
- Ethics and Cybersecurity: Obligations to Protect Client Data (American Bar Association)
- Is Your Email Secure Enough for Client Communications? (FindLaw's Technologist)
- 5 Reasons Why Encryption Won't Be Enough to Protect Your Data (FindLaw's Technologist)
- What Can Big Data Bring to a Law Practice? (FindLaw's Technologist)