What Lawyers Need to Know About Encryption

Written by

With great data comes great responsibility, and law firms are no exception. Data breaches, hacking attempts, or embarrassing leaks due to human error are commonplace, and the legal sector is particularly vulnerable due to the highly sensitive client data that lawyers traffic in.

While law firms must employ increasingly sophisticated solutions to mitigate enormously damaging data breaches, there’s a surprisingly simple step that is often neglected or ignored—encrypting your data.

Consider: 41 percent of all data breaches between 2005 and 2015 were the result of lost devices. A laptop is lost or stolen every 53 seconds. Roughly 70 million smartphones are lost each year—and only 7 percent are recovered.

Even though “I forgot my laptop in the back of a cab” is markedly less dramatic than “my firewall was hacked by a team of nefarious cybercriminals,” the threat is just as persistent—in fact, if your law firm does face any kind of data breach, it will likely be for this reason.

Enter encryption. Able to be applied to everything from cloud applications to internet browsers to local hard drives to email, encryption is a form of cryptography that scrambles and unscrambles data via the use of an algorithm.

In order to keep your law firm’s data secure, you’ll need to encrypt everything, including your laptop, email communications, and any data stored in the cloud. Below, we’ll go over the places you’ll need to encrypt your firm’s data to ensure your information is safe.

1. Cloud encryption

First, the good news; if you’re using cloud-based SaaS services in your practice, they’re probably already taking care of encryption on their end. (If you’re unsure, ask.)

When you connect to a website via a web browser, you can connect via one of two protocols: HTTP or HTTPS. When connecting via HTTPS, all data is transmitted between your web browser and the web server using encryption. No one can intercept or view the information you are sending, whether you’re at home, at the office, or using a public network such as a one in a coffee shop.

When connecting via HTTP, however, you may as well be transmitting information via megaphone. Any and all information being transmitted can be easily intercepted and viewed by third parties, government agencies, or even your internet service provider.

Luckily, it’s easy to tell if your connection to a site is secured using HTTPS.

On most modern browsers, there will be a small padlock icon next to the web address. Clicking the icon should reveal the security certificates for the website you’re visiting and whether they’re valid.

Of course, at Clio, we ensure our security certificates and encryption standards are always easily accessible.

If you don’t see the icon or security certificates available in the browser, you may want to reach out to the cloud vendor to confirm that they’re using encryption—and to find out how you can confirm this on your end. If they aren’t using encryption, run, don’t walk, the other way.

Tip: For an extra layer of security, use CloudMask to protect your firm’s data. Even in the event of a data breach, data that has been “masked” by CloudMask will stay protected, meaning that you can rest easy even in a worst-case scenario.

2. Laptop encryption

Now, the bad news: If you’re storing data locally on your hard drive, you’re on the hook for encrypting it yourself.

Don’t despair, though; as long as you’re using a Mac OSX or Windows computer, you just need to turn on a setting to enable encryption on your laptop (instructions here for Mac users and here for PC users). 

Once you’ve encrypted the files on your computer, that’s it. All you have to do is make sure your device is password protected (using strong passwords), and your data should be safe in the event of theft or loss. Just don’t store your password on the computer itself.

3. iPhone and Android encryption

More good news—if you’re using a mobile device that was built in the past few years, it should have encryption enabled out of the box. If not, you can follow the directions for iOS encryption here and Android encryption here.

Then, there’s one key step you’ll need to take—password protect your device with a relatively complex passcode. Failing to do so will render any encryption useless.

4. Email encryption

Only a third of lawyers use email encryption when sending confidential or privileged documents to their clients. The other two-thirds? They exclusively rely on a confidentiality statement to protect sensitive data.

That’s right: If you’re receiving sensitive data from a lawyer, a meaningless block of text is all that’s preventing malicious parties from accessing it.

If you want to beef up your email data security, you’re in luck: Most web email providers such as Gmail now include encryption on all messages by default.

If you’re an Outlook user, you may need to enable encryption manually depending on which version you’re using. Office 365 users may have to pay an additional surcharge to receive email encryption rights.

What To Do Next

Congratulations, you’ve read a blog post on how to enable encryption and secure your client data. To recap, these are the steps you need to take to ensure your firm’s data is secure:

  1. Confirm your cloud services utilize HTTPS
  2. Encrypt your laptop
  3. Encrypt your mobile device
  4. Encrypt your email

Finally, when encrypting all of your devices, we can’t stress this enough: Make sure you use strong password. That means a password with more than 12 characters, no dictionary words, and a mix of numbers and upper and lower case letters.

By checking off the items on this list, you’ll be able to avoid costly data breaches and maintain client confidentiality. While you may not be able to avoid losing your phones, laptops, or other assorted devices, encryption should help you avoid a much bigger problem.

If you’re running a mobile law firm, keeping your data secure is just one step to success. Get the data you need to run your firm effectively in our free report, The Mobile Revolution: What Law Firms Need to Know.

Download: The Mobile Revolution: What Law Firms Need to Know

Categorized in: Business

The Ethics and Security of Cloud Computing Guide

A complete list of ethical obligations regarding data security, and best practices for evaluating a cloud vendor

Download Now