Secure File Sharing for Law Firms: Must-Have Features

File sharing for law firms can be a risky exercise, especially if you want to keep your client’s documents and information protected from hackers.

Why would I need a file sharing solution for my law firm? You need a file sharing solution for your firm because attorney-client privilege is paramount and using unsecured email jeopardizes client confidentiality. To keep information private, law firms should use a file sharing solution that encrypts these files and emails.

What is Secure File Sharing?

File sharing is one of the most fundamental tasks in computing. Protocols like FTP are almost as old as the Internet, and in modern parlance, we can see consumer and business cloud storage solutions like Dropbox or Microsoft OneDrive as file sharing solutions as well.

Secure file sharing, then, is the use of technology like encryption to secure a file transfer. SFTP includes encryption for data as it is stored on the server (“at rest”) and when it is transmitted between readers (“in transit”).

Why is Secure File Sharing Important to Law Firms?

According to the American Bar Association’s 2019 Solo and Small Firm Tech Report, less than 50% of respondents use encryption for file transfers or email transmission, data storage, or hacking prevention.

This data point is alarming when you consider the sensitivity of most attorney-client communications. A data breach that exposes sensitive client information therefore could be catastrophic. As a result, lawyers and law firms are obligated to maintain attorney-client privilege, per the ABA. In a blog article and associated webinar, lawyers with the ABA in fact highlight the importance of cybersecurity technology like encryption for protecting data. They view data protection as an ethical obligation and part of their oath to protect lawyer-client privilege.

ABA requirements include:

• Rule 1.1: Providing competent representation for a client, including managing their privilege with secure communications.
• Rule 1.4: Protecting communication with clients regarding their representation and decisions they make thereof.
• Rule 1.6: Maintaining confidentiality for client data and communications related to representation and their legal case.
• Rules 5.1, 5.2 and 5.3: Law firms demonstrating that their lawyers understand their obligations under ABA regulations and the law.

The ABA article also notes that the primary form of communication and file sharing used by law firms remains primarily unencrypted email, which threatens to undermine client confidentiality and breach ABA ethical concerns.

The ABA subsequently released several Formal Opinions to articulate their standing on secure transfers. Formal Opinion 477, for example, outlines how law firms are bound to protect client data to demonstrate competence, confidentiality and protected communications. Specifically, this opinion couples secure file sharing and encryption with a lawyer’s legal and ethical obligation to his/her clients.

How Can Law Firms Achieve Secure File Sharing?

The ABA neither defines nor suggests a proper level of encryption, nor a required form of file sharing. It is up to law firms therefore to use their best judgment in implementing secure file sharing.

Secure sharing examples include:

• Hard media: This includes a hard drive, USB stick or “thumb drive,” DVD, or CD ROM. Hard media is suboptimal for exchanging documents that are frequently updated, like contracts. Hard media is also subject to loss or theft, especially during transport. Hard media however serves effectively as a backup for important documents.
• Encrypted emails: Modern email encryption allows the user to encrypt not only emails but often their attachments as well. But there’s a catch. Encrypted emails work both ways, so both you and your clients need to use the same email encryption and decryption methods for all emails. A lawyer or a client may look for an unencrypted (read: less secure) workaround if the senders encryption technology is too cumbersome.
• Secure servers with protected messaging: This option is much more secure, as all communications are held in an encrypted server. An encrypted server that stores messages and attachments is a very secure option, however, it requires both parties to use the system exclusively, complicating file and message management.
• Secure email links: This approach combines secure servers equipped with email to make it easier for your clients to access information. In this configuration, a lawyer sends only a secure link to the client. The link provides access to a secure server that stores the email body and any attachments . Clients must authenticate themselves to access the email contents. Secure email links all but negate the risk of an unauthorized user accessing a client’s email.

Secure File Transfer and Business Operations for Law Firms

A secure file transfer solution, properly configured, can do much more than just encrypt documents.

A robust and file transfer solution, perhaps an enterprise file sharing or secure managed file transfer platform utilizing SFTP and secure email links, will provide mission-critical features that can empower law firms to more effectively manage data, protect their interests and perform business functions.

Automated audit logs and reports that demonstrating file access and system events are a critical capability for secure file transfer solutions. These logs help your operations in multiple ways, including:

1. Diagnostics and compliance: Immutable audit trails are necessary to demonstrate that you’re working to maintain client confidentiality. Likewise, audit trails can help you better understand the cause of a breach of that confidentiality so that you can mitigate breaches in the future.
2. eDiscovery: Immutable audit logs are considered admissible evidence in the event of legal action. By providing audit logs to a judge or other legal authority you can demonstrate the legality of your actions and protect your practice from accusations of malpractice.
3. Optimization: With logging and reporting connected to file transfers, you can see who accesses specific documents, where and when they do it, and with whom they share it. Over time, this intelligence can help you maximize communication and business workflows for improved efficiency.

Serve Clients with Confidentiality Using the Kiteworks® Platform

Law firms that need an IT platform that can support secure document sharing, business operations, and internal or regulatory compliance can turn to the Kiteworks Platform for all their needs. Kiteworks includes:

1. Secure email links: Our platform allows you to send secure email links via general-purpose email that directs users to a secure server where they can retrieve emails and legal documents. Sharing and storing confidential legal documents is simple and intuitive.
2. CISO Dashboard: Law firms can benefit from understanding how their data is being used. Draw actionable intelligence from your clients and lawyers to optimize your operations and better serve your customers.
3. Audit trails and compliance reports: Immutable audit trails are critically important for law firms to demonstrate adherence to the law and their responsibilities to clients.

Learn more about secure email and secure file sharing for lawyers by accessing our eBook on the 5 Essentials for Secure Legal Communications. And make sure to sign up for our newsletter for Accellion news, product updates and upcoming events.

*** This is a Security Bloggers Network syndicated blog from Cyber Security on Security Boulevard – Kiteworks authored by Robert Dougherty. Read the original post at: https://www.kiteworks.com/secure-file-transfer/file-sharing-for-law-firms/