Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Email was first introduced into the workplace more than 30 years ago — and the platform quickly became the de facto way for colleagues to communicate and share data, documents, and information among one another. With the mass adoption of smartphones and devices, email is one of the easiest and quickest ways to communicate.
Specifically, in the legal community, professionals have embraced the tool — coming in directly behind healthcare as the industry that leverages email the most for sending and sharing information. However, as increasing concerns and regulations around data security continue to evolve, the future of digital communication via email may not meet the more stringent requirements.
|Trust, in the legal industry, has become the foundation between maintaining relationships between lawyers and their clients. But, with the increase of cyber hacks, phishing, and mistakes — such as accidentally sending information to the wrong person — the conveniences of email are putting the most sensitive data, and client confidentiality at risk.
Today, most law firms recognize this issue, and there's been a major increase in investment in solutions that provide security, encryption and auditing. But while many firms have deployed secure messaging systems and secure file transfer tools to help protect external communication and documents, a recent survey by Biscom shows the downside of those investments.
The report reveals that 88% of firms invest in data protection with secure information and sharing tools. However, a whopping 80% of legal employees admitted to using insecure email to share sensitive data, including private client information such as medical and financial data. Additionally, the survey found that a majority of legal employees didn't even know using email to share confidential information was a problem. In fact, 69% of legal employees believed that email was actually a secure way to share information, and 50% use whatever is easiest to share confidential data, with 75% believing email to be the easiest method.
Let's try to unpack this. Almost 9 out of 10 survey respondents claim their firm utilizes secure sharing tools. With high profile data breaches, General Data Protection Regulation (GDPR) concerns, HIPAA, and business associate agreements, in addition to similar regulatory requirements, firms are responding to the need for more secure communications. Additionally, there's an expectation of trust and confidentiality between an attorney and his or her client. But, while a majority of firms have implemented solutions to try and secure their communication channels, more than half of their employees are still unaware of the risks of email, and ultimately, resort to whatever is easiest — no matter the security risks. The survey also found that employees were using Google Drive, personal Dropbox accounts, and other “shadow IT” applications to share information both internally and externally.
Some of the reasons behind employees' non-compliance? Thirty-seven and a half percent of employees expressed not using secure data transfer/sharing tools because of a lack of consequences when it came to following their firms' security policies. This was true throughout organizations, regardless of their role or seniority. Additionally, two out of three junior and mid-level employees simply believe that compliance “doesn't matter” when it comes to risky behavior. Noncompliance was also found among senior employees — with half of senior management and partners admitting they don't believe compliance lessened a firm's security risks. In addition, the survey found that employees aren't motivated to follow security policies, with more than half reporting that a lack of reward for following their firms' security policies reduces their motivation to comply.
|It's a good sign that so many firms have made the investment to use secure sharing tools. However, it's not enough to simply put the tools in place. It's up to the firm to ensure every employee knows about the secure tools available and how and when to use them. As new employees are on-boarded, their initiation should prioritize training around information security policies and how to use the provided tools. Beyond on-boarding, training and education should be performed on a regular basis to keep things top of mind.
For those firms that have provided secure solutions yet seem to have low adoption, it's important to understand the root cause. An internal questionnaire can help gauge employees' understanding of cybersecurity best practices.
One of the biggest reasons for low adoption rates when using secure sharing and communication tools in law firms has been complexity. Biscom's data revealed that, on average, it takes employees eight additional minutes per transaction to perform a task when using a secure tool compared with their “normal” method, which is most likely email. Not including the time to write an email, it usually takes only a few seconds to address and send an email. Eight additional minutes to use a more secure method is quite a bit of time that people would rather use performing their primary job function.
Biscom found that ease-of-use is paramount in increasing those adoption numbers. In addition, minimizing changes to existing behaviors, creating a good user experience, and providing additional capabilities that are otherwise unavailable also increase adoption. Understanding this data, firms can better implement tools that meet the needs of their employees, while knowing sensitive data remains secure. For example, implementing a secure messaging tool that easily integrates with employees' existing email platforms is simple to use and complies with policy rules for automating the delivery — all while providing tracking and auditing — will help meet all of these needs of employees and employers, while also only marginally adding to a worker's time.
On the other hand, complexity is an issue that goes both ways. Firms work with a diverse group of clients, and as some may not be technically savvy, ensuring an intuitive client experience is also important. Being able to receive communications that are not only secure, but also easy to access, can make all the difference in customer satisfaction.
|With stricter regulations such as GDPR, as well as the costly impact of the loss of a firm's intellectual property, and breaches of confidentiality, it is now more vital than ever to make sure your firm clearly understands threats and how to address them in the form of policies, processes and tools. While vetting a solution, security is often the most important requirement, but ensuring the solution also has a great user experience can help with better adoption and compliance. Once you've selected your secure sharing solutions, providing regular employee training, oversight, and accountability can ensure you're achieving the level of threat protection you've invested in.
*****
Bill Ho is CEO of Biscom, a secure document and messaging solutions company that enables firms to share and store documents securely. Over his 20 year career, Bill has worked closely with various companies in the legal, healthcare, financial services, and government spaces. Recognized as a security expert, Bill speaks frequently, including recent engagements at Secure World and Harvard Business School.
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.
During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.
The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.
Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.
As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.