Posted by Derek Fitzpatrick, General Manager – EMEA, at Legal Futures Associate Clio
Fitzpatrick: If your cloud provider is not using encryption, then run, don’t walk, the other way
With great data comes great responsibility, and law firms are no exception. Data breaches, hacking attempts or embarrassing leaks due to human error are becoming commonplace, with the legal sector particularly vulnerable due to the sensitive data they traffic in. And while law firms must employ increasingly sophisticated solutions to mitigate damaging data breaches, a simple solution is often neglected or ignored.
Some 70% of data breaches directly involve laptops and portable devices. In the UK, a laptop is stolen every 53 seconds, the vast majority of these being in bars and on public transport. In 2015, 5.2m business mobiles were lost. Even though “I left my laptop in the back of a taxi” is markedly less dramatic than “my firewall was hacked by cyber criminals”, the threat isn’t any less persistent – in fact, if your law firm does face any kind of data breach, it will likely be for this reason.
Enter encryption. Applicable to everything from cloud applications to internet browsers to local hard drive to e-mail, encryption is a form of cryptography that is able to scramble and unscramble data via the use of an algorithm. Here’s how to use it.
Encrypt your cloud
First, the good news; if you’re utilising cloud-based SaaS services in your practice, they’re probably already taking care of encryption on their end.
When you connect to a website via a web browser, you can connect via one of two protocols: HTTP or HTTPS. When connecting via HTTPS, all data is transmitted between your web browser and the web server using encryption; no one is able to intercept or view the information you are sending, whether you’re at home, at the office, or using a public network such as a coffee shop.
When connecting via HTTP, however, you may as well be transmitting information via megaphone: any and all information being transmitted can be easily intercepted and viewed by third parties, government agencies, even your internet service provider.
It’s easy to tell if your connection to a site is secured using HTTPS. On most modern browsers, there will be a small padlock icon next to the web address. Clicking the icon should reveal the security certificates for the website you’re visiting and whether they’re valid.
If you don’t see the icon or security certificates available in the browser, you may want to reach out to the cloud vendor to confirm that they’re using encryption and how you can confirm this on your end. If they aren’t, then run, don’t walk, the other way.
Encrypt your laptop
Now, the bad news: if you’re storing data locally on your hard drive, it’s your responsibility to encrypt it yourself. As long as you’re using a Mac OSX or Windows computer, it’s as simple as turning on a setting. It should take no more than a minute or two.
Once your local files are encrypted, that’s it. All you have to do is make sure your device is password protected, and your data should be safe in the event of theft or loss (just don’t save your password on the computer itself).
Encrypt your mobile
Now, more good news. If you’re using a mobile device that was built in the past few years, it should have encryption enabled out of the box. If not, you can easily find directions for doing so online. Make sure you’re password protecting your device with a relatively complex passcode; failing to do so will render any encryption useless.
Encrypt your e-mail
Only a third of lawyers utilise e-mail encryption when sending confidential or privileged documents to their clients. The other two-thirds? They rely on nothing more than a confidentiality statement, a meaningless block of text, to protect sensitive data.
If you want to beef up your data security with a little more, you’re in luck – most web e-mail providers such as Gmail now include encryption on messages by default. If you’re an Outlook user, you may need to enable encryption manually depending on which version you’re utilising; Office 365 users may have to pay an additional surcharge to receive e-mail encryption rights.
What to do next
- Confirm your cloud services utilise HTTPS
- Encrypt your laptop
- Encrypt your mobile
- Encrypt your email
- Ensure you’re utilising strong passwords
- Enable two-factor authentication (if available)
While you may not be able to stop losing your phones, laptops, or assorted other devices, these steps will help you avoid costly data breaches and maintain client confidentiality.
Leave a comment
* Denotes required field