Login | November 14, 2018

Encryption overview because you need this

RICHARD WEINER
Technology for Lawyers

Published: September 7, 2018

It’s been a while since we covered encryption in any detail in this column, so when Law technology Today posted a detailed overview of the topic, it seemed like a good time to go over the field again.

Hopefully without belaboring the point, lawyers at this point in the history of technology are basically required to at least enough to safeguard their clients’ data. That used to mean locking the office door. Now it means monitoring a dizzying array of communications and storage devices and methods to make sure that client data is secure and that the secrets that lawyers keep aren’t let out into the wild, wild world of data compromise.

Encrypting that data makes it more difficult (although not impossible) for non- authorized parties to access it by turning the data into gibberish unless the end-user has the “key” to unlock the data.

And, importantly, encrypting data probably meets the “reasonable effort” qualifier under the rules of ethical conduct (read ABA Formal Opinion 477R for a taste of this area). Additionally, encryption is now cheap or free.

So, for the last time, encrypt everything!

There are two primary areas where client or law firm data needs to be safeguarded: in storage (called “at rest”), and in transit.

Encryption in transit covers two areas: communications like emails and texting, and data transfer via a firm website or client portal.

All websites that gather client data should be secured, whether it is your firm site or any site you do business with. You can tell that a website is secure if it has the “S” at the end of the “HTTP” in the address bar. That is also accompanied by a padlock icon.

Securing communication data in transit requires some work. There are end-to-end (device-to-device) texting apps like WhatsApp and others that should be used. For emails, Gmail, Outlook, and other email apps have encryption options, and there are numerous third-party providers. There are also super-secure email clients like ProtonMail, CounterMail, Hushmail, Mailfence, and Tutonota.

Encrypting data at rest can be done on a firm device or server, or in the cloud in apps like DropBox. If you use cloud storage, make sure that it is encrypted at the file level. On a private server, Windows PCs can use an app called BitLocker; Apple devices can use File Vault. For your phones, Android devices can also be encrypted, and iPhones are automatically encrypted.

Finally, a substantial amount of data is lost and therefore compromised when devices are lost or stolen. Encrypting these devices on a file level will keep the data on the devices from being stolen.


[Back]