e-Mail Risk Mitigation For Law Firms

Unfortunately, most e-mail service providers offer no or precious little security at all. Consequently, everything you send or receive ' usernames, passwords, e-mail content, attachments, identities of senders and recipients ' is susceptible to being viewed by unwanted third parties.

To better secure sensitive information ' to mitigate the risk of e-mail ' law firms must implement electronic communications best practices throughout the firm ' from senior partners all the way to temporary part-timers. Best practices to reduce the risk of data theft via e-mail exchange include:

1. Create and discuss a policy on the use, purpose and scope of e-mails.

An impactful e-mail policy that achieves those goals is illustrated by the introductory language for a firm's policy:

The purpose of this e-mail policy is to ensure the proper use of e-mail system and make users aware of what deems as acceptable and unacceptable use of its e-mail system. This policy outlines the minimum requirements for use of e-mail within Network.
This policy should cover all appropriate use of any e-mail sent from our e-mail address and applies to all employees, vendors, and agents operating on our behalf.

2. Deploy encryption for e-mails and attachments.

Encryption is used to protect the e-mail content from being read by other entities, other than the intended recipients. Most full-featured e-mail clients (like Apple Mail, Microsoft Outlook or Mozilla Thunderbird) provide native support for S/MIME secure e-mail (digital signing and message encryption using certificates).

However, encryption can be difficult for users. Security and compliance managers can automate the process by using encryption services that automate encryption. Instead of relying on voluntary cooperation, automated encryption, based on defined policies, takes the decision and the process out of the users' hands. e-Mails are routed through a “gateway” or “service” that has been configured to ensure compliance with regulatory and security policies. e-Mails can be automatically encrypted and sent.

3. Invest in confidential communication platforms.

In addition to encryption, the handling of critical client confidential data and documents must be electronically safeguarded. The same audit capabilities used in the transmission of e-mails should also be extended to the handling of data itself. Collaboration with clients and colleagues cannot, and need not, occur at the expense of security. Collaboration can be both fluid and robust, and still remain in accordance with national data protection laws and other confidentiality requirements. It is possible to fulfill all these requirements, without compromise, by investing in confidential communication platforms, such as secure electronic datarooms. This approach allows all digital files ' whether e-mails or documents ' to remain fully protected, at all times.

Conclusion

With cyber-attacks making regular headlines and news of governmental figures turning to personal e-mail to manage work-related tasks, legal professionals should be aware of the danger that lurks before pressing “send.” After all, there is nothing more valuable to a firm and its clientele than its sensitive information. That is why hackers want in on your e-mail.

William O'Brien is an attorney and the chief operating officer of Brainloop, a national provider of secure solutions for enterprise-wide storage and exchange of confidential information. Bill is also former speaker of the New Hampshire House of Representatives.

Each day, law firms are entrusted with valuable and sensitive client information. Moreover, attorneys create and handle documents that require strict confidentiality to avoid loss of evidentiary privileges. In today's digital workplace, many of these files are exchanged via e-mail. While e-mail allows for convenience, speed and portability, each attorney using e-mail must ask before sending: “Am I putting my client's confidentiality needs and expectations, as well as my ethical obligations, at risk?”

Now more than ever, data security ' whether when exchanging documents via e-mail, storing them in the cloud, or using other forms of digital collaboration ' must be at the forefront of law firms' priorities. Law firms and individual attorneys are becoming top targets for hackers, which is no surprise based on the volume of intellectual property and financial information handled by lawyers. Opportunities for data breaches abound and they occur among law firms more often than is publicized. Consider, for example, that the New York Times Dealbook published a piece on Citigroup's finding that major U.S. law firms are frequently experiencing data breaches, but they are rarely disclosing this publically to avoid loss of clientele and damage to their reputation.

The Outlook on e-Mail: Best Practices for a More Secure Firm

Unfortunately, most e-mail service providers offer no or precious little security at all. Consequently, everything you send or receive ' usernames, passwords, e-mail content, attachments, identities of senders and recipients ' is susceptible to being viewed by unwanted third parties.

To better secure sensitive information ' to mitigate the risk of e-mail ' law firms must implement electronic communications best practices throughout the firm ' from senior partners all the way to temporary part-timers. Best practices to reduce the risk of data theft via e-mail exchange include:

1. Create and discuss a policy on the use, purpose and scope of e-mails.

An impactful e-mail policy that achieves those goals is illustrated by the introductory language for a firm's policy:

The purpose of this e-mail policy is to ensure the proper use of e-mail system and make users aware of what deems as acceptable and unacceptable use of its e-mail system. This policy outlines the minimum requirements for use of e-mail within Network.
This policy should cover all appropriate use of any e-mail sent from our e-mail address and applies to all employees, vendors, and agents operating on our behalf.

2. Deploy encryption for e-mails and attachments.

Encryption is used to protect the e-mail content from being read by other entities, other than the intended recipients. Most full-featured e-mail clients (like Apple Mail, Microsoft Outlook or Mozilla Thunderbird) provide native support for S/MIME secure e-mail (digital signing and message encryption using certificates).

However, encryption can be difficult for users. Security and compliance managers can automate the process by using encryption services that automate encryption. Instead of relying on voluntary cooperation, automated encryption, based on defined policies, takes the decision and the process out of the users' hands. e-Mails are routed through a “gateway” or “service” that has been configured to ensure compliance with regulatory and security policies. e-Mails can be automatically encrypted and sent.

3. Invest in confidential communication platforms.

In addition to encryption, the handling of critical client confidential data and documents must be electronically safeguarded. The same audit capabilities used in the transmission of e-mails should also be extended to the handling of data itself. Collaboration with clients and colleagues cannot, and need not, occur at the expense of security. Collaboration can be both fluid and robust, and still remain in accordance with national data protection laws and other confidentiality requirements. It is possible to fulfill all these requirements, without compromise, by investing in confidential communication platforms, such as secure electronic datarooms. This approach allows all digital files ' whether e-mails or documents ' to remain fully protected, at all times.

Conclusion

With cyber-attacks making regular headlines and news of governmental figures turning to personal e-mail to manage work-related tasks, legal professionals should be aware of the danger that lurks before pressing “send.” After all, there is nothing more valuable to a firm and its clientele than its sensitive information. That is why hackers want in on your e-mail.

William O'Brien is an attorney and the chief operating officer of Brainloop, a national provider of secure solutions for enterprise-wide storage and exchange of confidential information. Bill is also former speaker of the New Hampshire House of Representatives.