Law Firm Data Encryption: What Lawyers Need to Know

Written by Derek Bolen
Download This Article as a PDF
Loading ...

With great data comes great responsibility, Making law firm data encryption integral. Data breaches, hacking attempts, or embarrassing leaks due to human error are commonplace. And unfortunately, the legal sector is particularly vulnerable due to the highly sensitive client data that lawyers traffic in. 

While law firms must employ increasingly sophisticated solutions to mitigate enormously damaging data breaches, there’s a surprisingly simple step that’s usually missing—encrypting your data.

Consider: 41 percent of all data breaches between 2005 and 2015 were the result of lost devices. A laptop is lost or stolen every 53 seconds. Roughly 70 million smartphones are lost each year—and only seven percent are recovered.

Even though “I forgot my laptop in the back of a cab” is markedly less dramatic than “my firewall was hacked by a team of nefarious cybercriminals,” the threat is just as persistent. In fact, if your law firm does face any kind of data breach, it will likely be for this reason.

Enter law firm data encryption. Encryption can be applied to everything from cloud applications to internet browsers to local hard drives to email. So, what is encryption? Encryption is a form of cryptography that scrambles and unscrambles data via the use of an algorithm.

In order to keep your law firm’s data secure, you’ll need to encrypt everything, including your laptop, email communications, and any data stored in the cloud. Below, we’ll go over the places you’ll need to encrypt your firm’s data to ensure your information is safe.

The different kinds of data encryption for law firms to know 

Unfocused image of a lawyer working at a laptop encrypting their law firm's data

1. Cloud encryption

First, the good news; if you’re using cloud-based SaaS services in your practice, they’re probably already taking care of encryption on their end. (If you’re unsure, ask.)

When you connect to a website via a web browser, you can connect via one of two protocols: HTTP or HTTPS. When connecting via HTTPS, all data is transmitted between your web browser and the web server using encryption. No one can intercept or view the information you are sending, whether you’re at home, at the office, or using a public network such as a one in a coffee shop.

When connecting via HTTP, however, you may as well be transmitting information via megaphone. Third parties, government agencies, or even your internet service provider can intercept this information.

Luckily, it’s easy to tell if your connection to a site is secure using HTTPS.

On most modern browsers, there will be a small padlock icon next to the web address. Clicking the icon should reveal the security certificates for the website you’re visiting and whether they’re valid.

Of course, at Clio, we ensure our security certificates and encryption standards are always easily accessible.

If you don’t see the icon or security certificates available in the browser, you may want to reach out to the cloud vendor to confirm that they’re using encryption—and to find out how you can confirm this on your end. If they aren’t using encryption, run, don’t walk, the other way.

Tip: For an extra layer of security, use CloudMask to protect your firm’s data. Even in the event of a data breach, data that has been “masked” by CloudMask will stay protected, meaning that you can rest easy even in a worst-case scenario.

2. Laptop encryption

Now, the bad news: If you’re storing data locally on your hard drive, you’re on the hook for encrypting it yourself.

Don’t despair, though; as long as you’re using a Mac OSX or Windows computer, you just need to turn on a setting to enable encryption on your laptop (instructions here for Mac users and here for PC users). 

Once you’ve encrypted the files on your computer, that’s it. All you have to do is make sure your device is password protected (using strong passwords), and your data should be safe in the event of theft or loss. Just don’t store your password on the computer itself.

3. iPhone and Android encryption

More good news—if you’re using a mobile device that was built in the past few years, it should have encryption enabled out of the box. If not, you can follow the directions for iOS encryption here and Android encryption here.

Then, there’s one key step you’ll need to take—password protect your device with a relatively complex passcode. Failing to do so will render any encryption useless.

4. Email encryption

Only a third of lawyers use email encryption when sending confidential or privileged documents to their clients. The other two-thirds? They exclusively rely on a confidentiality statement to protect sensitive data.

That’s right: If you’re receiving sensitive data from a lawyer, a meaningless block of text is all that’s preventing malicious parties from accessing it.

If you want to beef up your email data security, you’re in luck: Most web email providers such as Gmail now include encryption on all messages by default.

If you’re an Outlook user, you may need to enable encryption manually depending on which version you’re using. Office 365 users may have to pay an additional surcharge to receive email encryption rights.

Ensure your third-party vendors are secure 

It’s integral to evaluate the security practices of your vendors. For example, if you use Clio Manage as your practice management software, you can rest assured given their industry-leading security

For example, Clio applies both in-transit and at-rest encryption using industry best practices (such as HTTPS and TLS) to ensure your firm’s data is stored and transmitted securely. Clio’s web interfaces are also verified by DigiCert, a trusted certificate authority. With two factor authentication and login safeguards, it’s no wonder Clio is recommended by over 70+ bar associations and law societies. 

What comes after learning about law firm data encryption 

A photo of a lawyer sitting at a desk writing a checklist on law firm data encryption

Congratulations, you’ve read a blog post on how to enable encryption and secure your client data. To recap, these are the steps you need to take to ensure your firm’s data is secure:

  1. Confirm your cloud services utilize HTTPS.
  2. Encrypt your laptop.
  3. Encrypt your mobile device.
  4. Encrypt your email.

Finally, when encrypting all of your devices, we can’t stress this enough: Make sure you use a strong password. That means a password with more than 12 characters, no dictionary words, and a mix of numbers and upper and lower case letters.

By checking off the items on this list, you’ll be able to avoid costly data breaches and maintain client confidentiality. While you may not be able to avoid losing your phones, laptops, or other assorted devices, encryption should help you avoid a much bigger problem.

Categorized in: Business

The Ethics and Security of Cloud Computing Guide

A complete list of ethical obligations regarding data security, and best practices for evaluating a cloud vendor

Download Now
  • Work wherever and whenever you want

    What's Clio?

    We're the world's leading provider of cloud-based legal software. With Clio's low-barrier and affordable solutions, lawyers can manage and grow their firms more effectively, more profitably, and with better client experiences. We're redefining how lawyers manage their firms by equipping them with essential tools to run their firms securely from any device, anywhere.

    See Clio in Action