The use of cloud technology among lawyers risks the safety of client information. An expert lays down a few tips on mitigating the risks of the cloud.
By Dr. Asaf Cidon, Software Engineer
As the usage of mobile devices booms, the cloud is revolutionizing the way lawyers work. According to MyCase, 77% of lawyers use smartphones for work-related functions, more than 50% use tablets, and 56% use web-based storage. That’s a lot of work being done away from firm-sanctioned computers and firewalls – and, no doubt, a lot of sensitive client data.
On one hand, the cloud makes storing files, communicating promptly with clients, and working on the go much easier; on the other hand, is your clients’ information really safe when synced across mobile devices, emailed back and forth, and stored online? The simple answer is: probably not. But it can be – if you take the right precautions to ensure security in the cloud. The most important precaution to consider is end-to-end encryption.
Much of the fear of the cloud stems from worries about hackers pilfering sensitive information from (what may seem like) the ether. This fear, however, is unfounded; while the random hacker does pose some threat, the vast majority of security breaches occur due to employee negligence. For instance, let’s say you’re working on a high-profile divorce case. It seems natural to sync your files to your smartphone to make sure they’ll be at your fingertips when your client calls at any hour. This kind of up-to-the-minute counsel certainly keeps your clients happy, and your efficiency enhances the time you’re able to devote to the case. But, if you leave your smartphone in a cab or have it stolen at an airport, your sensitive client files are suddenly easily accessible to anyone – and with 4.5 million smartphones lost or stolen in 2013, the odds are good that if it’s not you losing your phone, it’s one of your colleagues. Lost or stolen devices pose one of the highest security risks to businesses, but the world today is mobile, so professionals need to be, too.
Mitigating the Risks of the Cloud: Add An Extra Security Layer
Fortunately, there are ways to be mobile while maintaining the utmost security, enabling you to keep sensitive files consistently protected. End-to-end file-level encryption allows you to integrate an extra layer of security into your existing workflow. For example, there are programs that work within cloud-based storage platforms to encrypt files before they ever reach the cloud. This means that in the event of a security breach, your files will appear unreadable. The proper encryption technology separates the keys from the content – meaning that not only do malicious actors not have access to your files, neither do the parties handling the storage or security. With this kind of encryption, your sensitive briefs, tax documents, or case files will appear as an incomprehensible jumble to anyone who’s not supposed to see them.
Encryption also helps mitigate the cloud’s double-edged sword of productivity and problems: file synchronization. Syncing files duplicates them across mobile devices. So even if files are secured at rest on the cloud, they’re unencrypted on devices – unless they’re encrypted at the file-level, which isn’t the default for most cloud storage providers. As a lawyer, you’re likely accustomed to reading between the lines of contracts, but the truth is you won’t find many caveats about this risky workflow, and making sure to employ file-level encryption is the only route to ensuring maximum protection.
The other elephant in the room is email. For all of email’s popularity – not to mention its preference among clients – it is not a secure form of communication. (Just ask President Obama.) This can pose considerable issues for the legal community, but, again, encryption presents a solution. When documents are encrypted, you can rest assured when you’re emailing them that you’re sharing them with intended colleagues and clients, and no one else inadvertently.
Finally, knowing how others on your team are handling client information is also an important step to ensuring security. Auditing the files you store in the cloud lets you keep tabs on when files are opened, moved, or modified (and by whom). If an unfamiliar user suddenly accesses your files, you’ll know and be able to stop them before they do any damage. Similarly, revoking access to files is crucial when working in a fast-paced environment. If a co-counsel is taken off your case, or you work with summer associates or paralegals who come and go, you probably don’t want them retaining access to your case files. After all, with so much work being done from home and from mobile devices, just because an associate no longer comes to the office doesn’t mean her passwords, downloads, and files still aren’t saved on her laptop at home. Cloud-based storage solutions can let you revoke users’ access with the touch of a button, denying any further access.
As clients themselves are more and more mobile, their expectations are equally mobile, and the cloud helps lawyers deliver. The only solution that guarantees mobile security is to embrace the cloud – and implement the safeguards necessary to protect your and your clients’ security.
Asaf Cidon is the co-founder and CEO of Sookasa, a cloud security and encryption company that enables safe adoption of popular cloud services such as Dropbox to store sensitive information. Asaf previously worked at Google and in the Israeli intelligence. He holds a Ph.D. and MS in Electrical Engineering from Stanford University and a BS in Computer Engineering from the Technion. www.sookasa.com