Everything You Need to Know About Protecting Legal Files

December 10, 2021 Security and Compliance, MOVEit

Everyone knows about lawyer-client privilege and the absolute need for confidentiality. That doesn’t just apply to what you say, but what i s written down, preserved, and held as files. 

These files are constantly sent around, transferred from one party to another. And this process makes that confidential material vulnerable. Hackers can intercept it, or mistakes can be made such as sending it to the wrong person –  especially opposing counsel! It happens so often the American Bar Association has a  rule to cover such  circumstances : 

“[2]  Paragraph (b) recognizes that lawyers sometimes receive a document or electronically stored information that was mistakenly sent or produced by opposing parties or their lawyers. A document or electronically stored information is inadvertently sent when it is accidentally transmitted, such as when an email or letter is misaddressed or a document or electronically stored information is accidentally included with information that was intentionally transmitted,” the ABA explained. “If a lawyer knows or reasonably should know that such a document or electronically stored information was sent inadvertently, then this Rule requires the lawyer to promptly notify the sender in order to permit that person to take protective measures.”  

But wouldn't it be better to avoid this problem in the first place? In these days of COVID with more and more remote legal work, the chances of a file inadvertently going to the wrong place  have multipliedToday ,  staffers share and transfer files from home rather than through the central office network. Meanwhile, the days of having a messenger deliver all files in person are gone and physical files are reserved for certain situations  like in the office or court, and physical archiving.   

Adding to the problem is that lawyers create a massive  amount of files for even a small case. Think of all the boxes and boxes of files, physical files, that accompany an important case. Today these files all l argely  exist in digital form as well, where they are not  kept  secured in a locked room or protected  file cabinet.  

Email Is Not the Answer 

Today many offices, even large law firms, simply email these files and documents around and to o rarely encrypt them. And far too few employ a  secure file transfer solution such as Managed File Transfer (MFT) software.  The 2019 ABA TECHREPORT analyzed how small law firms and solo practitioners handle document and record management and whether they apply file sharing software to this use. Solo practitioners rarely used such software solutions, with only 37% saying that they did so. The story at small firms was better but not good enough as only 55% of these organizations use file transfer or record management software.  

The sad fact is that email, as insecure as it is, remains the predominant way confidential files are shared. 

“Email has become the business standard for communication with colleagues and customers. In legal institutions, email can be an efficient and important conduit for conducting attorney-client communications. However, law firms can be caught between a proverbial  'rock and a hard place' with regards to this form of correspondence . While clients demand a simple way to work together, it is essential that electronic communication does not lead to security risks: i.e. someone other than the client or privileged third party obtaining confidential documents,”  argued an article on LegalITProfessionals.com . “While this may seem obvious, a recent study of law firms’ file sharing processes revealed that a minority of law firms are using security technology to protect electronic communications: email encryption (22%), password-protected documents (14%), use a secure file sharing site (13%) .  

Knowing email is insecure, 75% of firms simply apply statements of confidentiality rather than truly secure their files. “A study by LexisNexis  finds that file sharing is an integral part of a law firm’s day-to-day operations. Yet, while firms are keenly aware of the consequences of IT security risks, unencrypted emails, which are merely reinforced by a statement of confidentiality, remains the primary line of defense when sharing confidential files,”  the article on LegalITProfessionals.com  reported.   

Waste of Admin Time 

And while paper documents are not the only way the files are shared, this approach is still common. Besides creating security issues ( ever hear of a Xerox machine?), it requires hours and hours of legal administrators time and mailing —  and not to mention delivery costs  — that could be far better spent.  

A Better Way: Managed File Transfer (MFT) 

You may think you're on the leading edge because you downloaded a free version of a file sharing software solution. While a step up from email , free file sharing software for law firms is not a secure or efficient  approach . You need a solution specially built to securely transfer files. And because you have so many files to transfer, such a solution must allow these transfers to be efficient and trackable. Imagine if you could automate these transfers?  Well, you can.  

Here are features your file sharing solution  for law firms should have, all of which are available in a  M anaged File Transfer (MFT) solution.  

Encryption:   Encrypting files is critical to security, but too few understand this or know how to encrypt. “ The  (LexisNexis)  survey, however, also revealed that while nine in 10 law firms use email for business purposes, only about one in four encrypt those communications. Lastly, when law firms were asked if other employees were using free file sharing services, about one-third said  'yes,' another third said ' no, ' and the final third were 'unsure,' ” the  LegalITProfessionals.com  article reported. 

The best answer is a solution that encrypts these files for you – by default. 

Easy to Use :

No one will use a managed file transfer system, regardless of how safe it is, unless it is easy to use. That means it should be deployable on-premises or in the cloud so end-users always have access. And it should be straightforward for the end-user to transfer files  and also easy for IT  or internal computer experts to set up these transfers.  

Even better if it is integrated with the email systems your employees are already using to share files, albei t unsafely. Here , Microsoft Outlook is the most commonly used  email application in the business world , so integration with that is critical. 

Auditable:

What happens if a client or even  an opposing counsel says they never got the file you sent? With auditing, you'll know the precise path that file followed and whether it was indeed received. If there was a hiccup somewhere it is easy to resend the file. Part of this system is a notification on either  end so you (the sending party) and  your recipient are both told what happened.  

Automation:

If I asked you how many files your firm deals with on a given day you'd run out of hands before you c ounted the first hour. Manually transferring all these files is a nightmare and mistakes are surely made. Automate  these transfers so certain types of transfers and transfers to specific parties are done with the click of a mouse.  

Manage Data:

Managed File Transfer (MFT)  offers safe, efficient file transfer as a business process –  now employees and  IT can manage file transfers confidential ly by tracking data movement. 

Visibility:

Managed File Transfer (MFT)  provides visibility into your firm’s  data activities,  such as the files themselves data events, who sent and received the files, transfer policies  and  processes, notifications, and  offers a look back via logging and audits. 

Secure Managed File Transfer (MFT) Software Keeps  the Confidential Confidential  

Many data breaches occur when files are moved within your firm or to partners and other  firms with a vested interest. With  MOVEit Managed File Transfer (MFT) from Progress,  you can establish secure collaboration and automated file transfers of sensitive personal data. These files are not only moved safely, but they also include encryption and activity tracking to ensure compliance with  your policies and ABA rules.  

By default, all files sent outside the firm should be handled in a secure and trackable way – which is MFT.   

With MOVEit Managed File Transfer, you no longer rely upon your employees emailing personal data to other employees outside entities, or using insecure file sharing services. With Secure MFT Software, you eliminate user error and can track and report the details of every file transfer.  

Doug Barney

Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.

Read next Digital Transformation With Legaltech: An Attorney’s Perspective