What Lawyers Need to Know About Law Firm Data Encryption

You want to keep your legal information safe but aren’t sure how to set up law firm data encryption. It’s no secret that a lawyer’s hard drive is a literal treasure trove of sensitive information. Every lawyer has plenty of confidential files, from trade secrets and medical records to intellectual property and skeletons in a client’s closet.

However, having that information also comes with a responsibility to protect it. Many lawyers overlook some of the most straightforward cybersecurity measures, such as data encryption. 

Don’t think you need to worry about data encryption? What about the fact that a laptop is stolen every 53 seconds? And it’s now common for data found on stolen laptops to be uploaded and sold online. In fact, laptop theft is so prevalent that some estimates suggest there is a one in 10 chance a laptop will get stolen in its lifespan.  

While many law firms take care to secure their office networks, the same attention isn’t given to how employees secure information stored on their devices, and that can cause significant problems. Of the laptops stolen each year, half lead to a data breach. It’s safe to say that a lost or stolen laptop can cost a lot more than just replacing it.

So, how can you avoid the threat of a data breach after losing your laptop at airport security or forgetting it at a coffee shop? That’s where data encryption is so important. 

Here’s a look at what lawyers need to know about law firm data encryption.

What Is Law Firm Data Encryption?

Would you have a confidential meeting with a client in a crowded elevator? Of course not; you’d wait until you were somewhere private to discuss matters. So you probably wouldn’t want someone else gaining access to confidential electronic exchanges with your client either. Encryption is essentially a method for ensuring that private communications and files remain private by making the information unreadable.

And the concept is far from new. Ancient civilizations used different types of encryption to send private messages. The earliest evidence of encryption can be traced back nearly 4,000 years to when unusual hieroglyphics were used on tombs in ancient Egypt to obscure the original message. 

Of course, encryption typically happens through software rather than symbols carved into stone these days. 

Law firms should be aware of two types of encryption: encryption in transit and encryption at rest. Encryption in transit refers to encrypting data while it’s changing locations, like being uploaded. Meanwhile, encryption at rest means that data is encrypted while stored on a server or device.

Fortunately, many of the encryption options around today are inexpensive and don’t require you to be a tech wizard to implement. 

Why Do Lawyers Need to Know About Law Firm Data Encryption?

So why should lawyers pay attention to law firm data encryption? It all comes down to protecting the confidential data of clients.

While email and file sharing make communicating with clients convenient and fast, they also come with some substantial risks, particularly regarding confidentiality. And that risk is something that lawyers need to take seriously to protect their clients’ data. 

Attorneys have an ethical responsibility to take competent and reasonable measures to protect client information, not to mention contractual and regulatory duties to safeguard confidential information. There are several ethics rules in the ABA Model Rules of Professional Conduct that deal with protecting client information, including competence (Rule 1.1), communications (Rule 1.4), confidentiality of information (Rule 1.6), and supervision (Rules 5.1, 5.2, and 5.3).

According to the ABA, “contrary to popular belief, most attorneys will need to use encryption at some time during their career to avoid ethics violations.” As proof, look no further than the new data vulnerabilities that have come along with the rise in remote work. 

Lawyers who don’t properly secure information risk losing clients, damaging their reputation, or even facing malpractice claims in the aftermath of a data breach.

“Attorneys who do not use encryption on laptops, smartphones, and portable devices should consider the question: Is failure to employ what many consider to be a no-brainer solution taking competent and reasonable measures?” the ABA wrote in its 2021 TechReport.

Types of Law Firm Data Encryption for Lawyers

Not sure where to start when it comes to law firm data encryption? To keep your confidential information secure, you’ll want to encrypt everything, including your device and email. That may sound daunting, but encryption is quite simple to implement, leaving no excuse for not using it. 

Email Encryption

We ALL use email. We use email so much that we take it for granted and forget it has significant security risks. Sure, it’s an easy way to communicate with clients, but it’s also easy for unauthorized individuals to access sensitive information if you’re not careful. 

The ABA’s 2020 Legal Technology Survey Report found that just 39% of lawyers in the U.S. use email encryption. The remaining majority often rely on a confidentiality disclaimer at the end of an email as a way to protect client information. Here’s the thing about email disclaimers: 1) they won’t make a difference to any hacker, and 2) they don’t actually carry any legal weight.

What’s more, a recent survey found that one in four companies had at least one email security breach in 2020.

The most common email encryption protocol is S/MIME (Secure/Multipurpose Internet Mail Extensions). That’s a mouthful of a name, but luckily, you probably won’t have to remember it since S/MIME functionality is built into large web-based email platforms, including Gmail and Outlook.

Cloud Storage

Cloud storage, like Dropbox, has become a popular way for lawyers to store and share data. Of course, as with most things, cloud storage isn’t perfect. Anything connected to the internet comes with security risks; cloud storage is no exception. That means law firms that use cloud storage need to ensure they’re using a reputable service that has encryption.

The good news is that your cloud-based storage provider is likely already using encryption on their end. But if you’re not 100% sure, definitely double-check. For example, you want to ensure that the cloud storage service you use encrypts information during transmission and when files are at rest in storage.

Once again, a strong password is vital – there’s no point in using encrypted cloud storage if your password is 12345.

Device Encryption

No doubt you have a ton of information stored locally on your device. So, how can you protect that data in the event of a theft? Most modern devices offer a way to encrypt all of the data stored, known as full-disk encryption. 

Once full-disk encryption is set up, data stored locally remains encrypted to anyone who doesn’t have the passcode or pin. Best of all, the information remains unreadable without the proper authentication code, even if the hard drive is removed and placed in another machine.

Despite the benefits of full-disk encryption, overall usage among U.S. lawyers is only 20%, according to the ABA’s 2021 TechReport.

Full-disk encryption may sound intimidating, but it’s actually dead easy to put it into place. Windows and Mac devices offer full-disk encryption, which takes just a few clicks to set up and doesn’t require any special attention afterward. Your mobile device probably already has encryption enabled, but if you want to double-check, you can find the steps for Apple here and Android here. Just remember to ensure your device is protected with a strong password and never store your password on the device.

File Encryption

If you want to up your encryption game, consider using applications that offer file encryption.

File encryption protects individual files by separately encrypting them with a unique key. It is an effective way to safeguard stored files and allows them to be securely transferred to someone who also has the key or password. File encryption is particularly useful for keeping files secure on a removable device like a USB drive. 

There are lots of applications that will encrypt individual files. For example, it’s possible to create a password to encrypt files created with Microsoft Office. There are also many third-party encryption tools, such as AxCrypt or Cypherix Secure IT.

Final Thoughts on Data Encryption

Keeping confidential data secure goes hand in hand with being a lawyer. And that means taking the necessary steps to ensure that information stays safe from prying eyes. Encryption is a quintessential step in safeguarding your data and should be part of any cybersecurity best practices and protocols. Plus, it’s simple and affordable to use. Simply put, there’s no excuse for lawyers not to use data encryption.

It’s also crucial for lawyers to monitor risks to data security in the changing digital landscape and use the appropriate tools to prevent data breaches. Staying up to date on tech trends and innovations can go a long way toward safeguarding your data and your law firm.

Of course, even the most sophisticated security measures aren’t entirely foolproof. That’s why having cyber liability insurance needs to be part of any law firm’s cybersecurity measures. If a data breach occurs, cyber insurance can protect your law firm by covering expenses, providing a crisis PR response, and dealing with client notifications. If you’re interested in learning how cyber insurance can benefit your law firm, reach out to one of our experienced brokers, or visit Embroker’s digital platform to get an online quote.