File Sharing for Lawyers | How to Keep Your Client Docs Safe
Are you exposing your client’s data and jeopardizing attorney-client confidentiality? Secure file sharing for lawyers and attorneys can help – and here’s how.
Can lawyers use Dropbox? Yes, lawyers can use Dropbox but they do so at their own peril. Dropbox has a history of exposing sensitive information to unauthorized parties because they prioritize ease-of-use over security and compliance. To be fully protected, look at other options.
What is Secure File Sharing and How Can That Impact Client Communication?
First, let’s talk about file sharing for those practicing law.
In our increasingly digital world in which people email, share files and carry digital documents on their phones and tablets, having a secure and efficient way to share information is critical.
Electronic file sharing has been a game changer for lawyers and their clients. File sharing is much more than email, by the way. File sharing includes file folders and sub-folders, controlling who has access to those folders, and what administrative rights those users have, e.g. download vs. view-only privileges, etc. File sharing solutions therefore must be secure, governable, and functional to ensure lawyers communicate efficiently and confidentially with their clients.
The American Bar Association (ABA) requires lawyers to maintain attorney-client privilege. This means lawyers shouldn’t share information they receive from a client. It also means they should secure the information they send and receive from a client. Encryption allows lawyers and their firms to protect data in storage and during transit.
Dropbox secures its servers and maintains privacy, but it is also a major target for hackers. Cybercriminals monitor Dropbox access and phishthose users with fake Dropbox emails.
You’re better off using a more secure and business-focused platform that will protect client docs and maintain compliance with ABA guidelines. There are several reasons to do this, but three major ones are:
- Security: With Dropbox, you don’t really have much control over security, much less how it is managed. Private cloud storage is not an option, so if law enforcement comes knocking, you won’t know Dropbox has handed over your encryption keys.
- Business Operations: Dropbox is all about storage and collaboration. It isn’t a business platform, necessarily, outside of some basic features, and it certainly isn’t a platform that can tailor secure file sharing for law firms.
- Compliance: While ABA compliance is important, many lawyers work with clients in a variety of industries, which means having more specific compliance regulations to meet, like HIPAA for healthcare, PCI for retail, or even GDPR for EU citizens.
What About File Sharing in Regulated Industries?
The ABA recommends law firms use encryption to protect client data. If you work in regulated industries like government contracting or healthcare, however, data privacy regulations require you to maintain high (or higher) levels of security and risk management or face legal ramifications, financial penalties, or even disbarment.
Some regulated industries that require special secure file sharing considerations include:
- Healthcare: If working with clients on healthcare-related issues, you will most likely handle electronic Personal Health Information (ePHI). If you handle ePHI, you are now under the jurisdiction of the Health Insurance Portability and Accountability Act (HIPAA), which has rigorous security and reporting requirements.
- Government: If you’re an NGO, contractor or subcontractor supporting a federal agency, especially the Department of Defense (DoD), you’re likely handling citizens’ personally identifiable information (PII) or Controlled Unclassified Information (CUI). In these cases, you’ll have to demonstrate NIST 800-53 or CMMC compliance at a minimum, if not something more specific under NIST, like 800-171.
- Retail or Payment Processing: If you handle customer payment data in any way, your file sharing system , your technology must be PCI DSS compliant.
- Consumer protections in the EU: The European Union has stringent guidelines on how companies can use EU-based customer data or market to those customers. Financial penalties – levied based on a percentage of your annual revenue – are costly.
This might seem like a lot to digest, but having a secure file sharing solution can make your life easier both in terms of supporting clients and staying on the right side of rigorous regulations in any field, including your own.
What Should I Look for in a File Transfer Solution?
So, it’s time to update your technology, and you want a solid file transfer solution that allows you to share information safely and easily with clients without breaking your oath to your profession. To do that, you need a file transfer platform that offers a specific set of security and compliance capabilities:
High Levels of Encryption: Most file transfer solutions eschew unencrypted transfer protocols like FTP for more secure SFTP, FTPS or additional algorithms. A solid and secure solution will include AES-256 encryption for data stored in a server and TLS 1.2 or higher for data in transit between endpoints.
Secure Email: Standard email is not a secure file transfer platform. It may include secure components, but most public email providers don’t encrypt email content or attachments.
A defensive file transfer solution will send secure hyperlinks, rather than content or attachments, to your clients who must authenticate themselves before accessing the email contents . This security capability protects your data and also provides a record of when a recipient downloaded an attachment, critical for auditing and forensic purposes.
Immutable Audit Trails: Audit trails provide an unbroken line of evidence in case of a security breach. Furthermore, they give your firm the tools it needs to demonstrate compliance, namely only authorized users have access to PII, ePHI, or customer data.
Business Analytics: While you may not handle terabytes of data, having built-in analytics capabilities in your file sharing solution will help you better understand what documents are most often shared and flag an attorney’s recent spike in downloading activity.
Share Client Docs Securely and in Compliance with the Kiteworks® Content Firewall
The Accellion Kiteworks platform provides everything you need as a lawyer to share information with your clients without breaking confidentiality or data privacy regulations. Kiteworks includes:
- Secure Emails with encrypted servers using AES-256 and TLS 1.2+ encryption standards.
- A CISO Dashboard to see, inspect, protect, and trace every file coming into or leaving the firm.
- Immutable audit trails.
- Secure email integration with Microsoft Outlook and Office 365.
- Private, hybrid, and FedRAMP cloud environments for maximum data security.
To learn more about the Kiteworks platform and how it empowers lawyers and in their client communications, then be sure to read our eBook, Defend Your Clients, Defend Your Data. And make sure to sign up for the Accellion newsletter to get the latest updates on Accellion events, products and news.