Being able to share digital files easily is a must. Gone are the days of reams of paper files in folders. Today’s law firms need the ability to quickly send over a PDF or Word document via text or email to keep their business productive.
But those files being shared online and stored in cloud storage platforms need to also be secure. The costs of a data breach or having sensitive information end up in the wrong hands can be devastating in a law practice.
According to the American Bar Association (ABA) Standing Committee on Ethics and Professional Responsibility Formal Opinion 483 “the potential for an ethical violation occurs when a lawyer does not undertake reasonable efforts to avoid data loss or to detect cyber-intrusion, and that lack of reasonable effort is the cause of the breach.”
During the first quarter of 2020, 100% of surveyed law firms were targeted by cyberattacks and nearly half showed signs of suspicious cyber activity.
While law firms can’t really go back to paper and file folders, they can adopt best practices to share files more securely, and ensure they’re fulfilling their obligation for taking reasonable efforts to avoid data loss, leakage, or breach.
How to Share Your Law Office Files Securely
Ensure You’re Using a Secure Platform
First, you need to ensure the file sharing platform you’re using is secure. This is especially true if you’re not using one from a major SaaS provider, like Microsoft Dropbox, Google, etc.
It should have advanced encryption throughout the platform’s containers. For example, according to Microsoft, OneDrive and SharePoint use Advanced Encryption Standard (AES) with 256-bit keys and is Federal Information Processing Standard (FIPS) 140-2 compliant.
If you need to adhere to specific data privacy policies, such as GDPR, make sure the platform you’re using is compliant.
Put Document Protection Policies in Place
When files are stored in the cloud, they don’t just stay in one place. They often travel from app to app and are easily moved from a computer to a mobile device.
Keeping that information secure no matter what device it’s on is vital to protecting your law firm’s digital documents from being compromised. This requires the use of data policies that protect at the file level and are persistent, meaning the security policy travels with the document and is in place no matter where the document is being accessed.
Some of the security policies to consider when setting up document protections include:
- Do not copy
- Read only
- Do not print
- Inability to share via social media
- Watermarks (confidential, etc.)
- Document encryption
- Restrict access from unmanaged devices
Use the Rule of Least Privilege
Data leaks are becoming a much bigger problem with so much information online. Where data breaches are intentional acts to steal or compromise data, data leakage usually happens by accident, for example through an employee emailing a sensitive case file to the wrong person.
Data leakage also occurs due to insecure cloud applications and APIs that access and can “overshare” data on a device, such as a mobile phone.
You can help prevent data leakage by limiting who has access to sensitive files. Instead of giving everyone access to everything, only grant the lowest level of access to documents that is required for a person to do their job. This also helps avoid issues with important files being accidentally overwritten or deleted.
Enable Multi-Factor Authentication for Account Security
It’s important to properly secure your cloud storage and sharing accounts so your files aren’t breached by a hacker. While it’s great to have strong passwords and use a password manager, you should also deploy multi-factor authentication (MFA).
MFA requires that a passcode sent to an approved device is entered at login along with the user’s credentials. Using MFA can block 99.9% of fraudulent account sign-in attempts.
Enact File Lifecycle Policies to Declutter File Storage
The more cluttered your online file storage gets, the harder it is for your law office team to find the files they need. It also makes it easier to grab the wrong file or folder when sending a sharing link.
It’s important to have a file lifecycle policy in place that serves as the digital equivalent of moving old files into the archives.
Have an evaluation process in place for files once they reach a certain age (e.g., 2 years). Evaluate whether or not they can be deleted, such as an old sales brochure, or if they need to be kept for legal or regulatory reasons.
If they need to be kept, but aren’t used on a regular basis any longer, file them in a secure archiving system that gets them out of your main cloud storage traffic area.
Put Document Protections in Place with Help from ProdigyTeks!
ProdigyTeks can help your Chicago law office set up secure file sharing, using smart security policies that follow your documents and keep them from being compromised.
Schedule a free phone consultation today! Call 312-600-8357 or reach us online.