How Secure and Private Are Encrypted Files?

Attorneys have a duty to protect client information. With so much information being shared between attorneys and clients via email, web or server-based portals and messaging platforms, attorneys must protect that data in transit and at rest from anyone who has a malicious motive to obtain it.

A highly effective way to protect client information is to encrypt it. Encryption uses a complex mathematical algorithm to scramble data to the point of making it so unintelligible that no unauthorized individuals can read it. Data can be encrypted for storage and transmission, protecting privacy and ensuring data integrity.

But don’t worry, there’s no need to get a secret decoder ring to manually encrypt your data. From eDiscovery to case management, financial management to human resources, most legal platforms today are highly secure and offer complex encryption. Encryption and decryption tools are built directly into platforms and require no human intervention to execute. It is a good idea to ask your platform providers whether encryption is included in their offering.

Even with encryption built in, law firms should not rest on their laurels when it comes to data security. Though difficult to do, all encrypted data has the potential to be hacked. Hacking encrypted data requires extremely advanced software, deep technical knowledge, and hours and hours of time. One way to close any potential points of entry for hackers is to ensure that any on-premise software has been updated and is always running on the latest version. Web-based applications offer the advantage of ensuring a firm is continuously running on the latest version. A VPN offers another layer of security protection.

The weakest link in security continues to be humans. We’ve all heard stories of unsuspecting employees clicking on links in emails that turn out to be scams and inadvertently allowing hackers access to otherwise secure systems. It is important for law firms to develop good security practices that include continual training, two-factor authentication, strong password policies like using complex passwords and changing them frequently, locking devices, managing risk from third parties, making sure systems are up to date with current antivirus and malware protection, hiring responsible security experts and support from upper management. While you can never make everything 100% secure, you can raise the security bar high enough to avoid hackers who mostly look for easy prey.

At Gulfstream, we recently upped our security game. You can read about it here. Also, our data center offers world-class data security, which you can read about here.

For more information on encryption as it pertains to lawyers, read this article from the ABA. Click here.