File Sharing for Lawyers | How to Keep Your Client Docs Safe

Are you exposing your client’s data and jeopardizing attorney-client confidentiality? Secure file sharing for lawyers and attorneys can help—and here’s how.

Can lawyers use one of the cloud-based file sharing and storage solutions? Yes, lawyers can use them, but they do so at their own peril. Many of them have a history of exposing sensitive information to unauthorized parties because they prioritize ease-of-use over security and compliance. To be fully protected, look at other options.

What is Secure File Sharing and How Can That Impact Client Communication?

First, let’s talk about file sharing for those practicing law.

In our increasingly digital world in which people email, share files and carry digital documents on their phones and tablets, having a secure and efficient way to share information is critical.

Electronic file sharing has been a game changer for lawyers and their clients. File sharing is much more than email, by the way. File sharing includes file folders and sub-folders, controlling who has access to those folders, and what administrative rights those users have (e.g., download vs. view-only privileges, etc.). File sharing solutions therefore must be secure, governable, and functional to ensure lawyers communicate efficiently and confidentially with their clients.

The American Bar Association (ABA) requires lawyers to maintain attorney-client privilege. This means lawyers shouldn’t share information they receive from a client. It also means they should secure the information they send and receive from a client. Encryption allows lawyers and their firms to protect data in storage and during transit.

Dropbox secures its servers and maintains privacy, but it is also a major target for hackers. Cybercriminals monitor cloud-based file sharing access and phish those users with fake emails for those respective sites.

You’re better off using a more secure and business-focused platform that will protect client docs and maintain compliance with ABA guidelines. There are several reasons to do this, but three major ones are:

  1. Security: With many of the file sharing solutions, you don’t really have much control over security, much less how it is managed. Private cloud storage is not an option, so if law enforcement comes knocking, you won’t know if those cloud-base sites have handed over your encryption keys.
  2. Business Operations: These cloud-based file sharing sites are all about storage and collaboration. It isn’t a business platform, necessarily, outside of some basic features, and it certainly isn’t a platform that can tailor secure file sharing for law firms
  3. Compliance: While ABA compliance is important, many lawyers work with clients in a variety of industries, which means having more specific compliance regulations to meet, like the Health Insurance Portability and Accountability Act (HIPAA) for healthcare, Payment Card Industry Data Security Standard (PCI DSS) for retail, or even General Data Protection Regulation (GDPR) for EU citizens.

What About File Sharing in Regulated Industries?

The ABA recommends law firms use encryption to protect client data. If you work in regulated industries like government contracting or healthcare, however, data privacy regulations require you to maintain high (or higher) levels of security and risk management or face legal ramifications, financial penalties, or even disbarment.

Some regulated industries that require special secure file sharing considerations include:

  • Healthcare: If working with clients on healthcare-related issues, you will most likely handle electronic Personal Health Information (ePHI). If you handle ePHI, you are now under the jurisdiction of the Health Insurance Portability and Accountability Act (HIPAA), which has rigorous security and reporting requirements.
  • Government: If you’re an NGO, contractor or subcontractor supporting a federal agency, especially the Department of Defense (DoD), you’re likely handling citizens’ personally identifiable information (PII) or Controlled Unclassified Information (CUI). In these cases, you’ll have to demonstrate National Institute of Standards & Technology (NIST) 800-53 or Cybersecurity Maturity Model Certification (CMMC) compliance at a minimum, if not something more specific under NIST, like 800-171.
  • Retail or Payment Processing: If you handle customer payment data in any way, your file sharing system must be PCI DSS compliant.
  • Consumer protections in the EU: The European Union has stringent guidelines on how companies can use EU-based customer data or market to those customers. Financial penalties—levied based on a percentage of your annual revenue—are costly.

This might seem like a lot to digest but having a secure file sharing solution can make your life easier both in terms of supporting clients and staying on the right side of rigorous regulations in any field, including your own.

What Should I Look for in a File Transfer Solution?

So, it’s time to update your technology, and you want a solid file transfer solution that allows you to share information safely and easily with clients without breaking your oath to your profession. To do that, you need a file transfer platform that offers a specific set of security and compliance capabilities:

  1. High Levels of Encryption: Most file transfer solutions eschew unencrypted transfer protocols like FTP for more secure SFTP, FTPS, or additional algorithms. A solid and secure solution will include AES-256 encryption for data stored in a server and TLS 1.2 or higher for data in transit between endpoints.

  2. Secure Email: Standard email is not a secure file transfer platform. It may include secure components, but most public email providers don’t encrypt email content or attachments.

    A defensive file transfer solution will send secure hyperlinks, rather than content or attachments, to your clients who must authenticate themselves before accessing the email contents. This security capability protects your data and also provides a record of when a recipient downloaded an attachment, critical for auditing and forensic purposes.

  3. Immutable Audit Trails: Audit trails provide an unbroken line of evidence in case of a security breach. Furthermore, they give your firm the tools it needs to demonstrate compliance, namely only authorized users have access to PII, ePHI, or customer data.

  4. Business Analytics: While you may not handle terabytes of data, having built-in analytics capabilities in your file sharing solution will help you better understand what documents are most often shared and flag an attorney’s recent spike in downloading activity.

Share Client Docs Securely and in Compliance with the Kiteworks Platform

The Kiteworks platform provides everything you need as a lawyer to share information with your clients without breaking confidentiality or data privacy regulations. Kiteworks includes:

  • Secure emails with encrypted servers using AES-256 and TLS 1.2+ encryption standards.
  • A CISO Dashboard to see, inspect, protect, and trace every file coming into or leaving the firm.
  • Immutable audit trails.
  • Secure email integration with Microsoft Outlook and Office 365.
  • Private, hybrid, and FedRAMP cloud environments for maximum data security.

To learn more about the Kiteworks platform and how it empowers lawyers in their client communications, schedule a custom demo.

Additional Resources

Get started.

It’s easy to start ensuring regulatory compliance and effectively managing risk with Kiteworks. Join the thousands of organizations who feel confident in their content communications platform today. Select an option below.

Lancez-vous.

Avec Kiteworks, se mettre en conformité règlementaire et bien gérer les risques devient un jeu d’enfant. Rejoignez dès maintenant les milliers de professionnels qui ont confiance en leur plateforme de communication de contenu. Cliquez sur une des options ci-dessous.

Jetzt loslegen.

Mit Kiteworks ist es einfach, die Einhaltung von Vorschriften zu gewährleisten und Risiken effektiv zu managen. Schließen Sie sich den Tausenden von Unternehmen an, die sich schon heute auf ihre Content-Kommunikationsplattform verlassen können. Wählen Sie unten eine Option.

Comienza ahora.

Es fácil empezar a asegurar el cumplimiento normativo y gestionar los riesgos de manera efectiva con Kiteworks. Únete a las miles de organizaciones que confían en su plataforma de comunicación de contenidos hoy mismo. Selecciona una opción a continuación.

Table of Content
Share
Tweet
Share
Explore Kiteworks