Article

Secure file sharing for law firms: Risks and solutions

4 min

Your clients’ files are one of the most important and invaluable assets your firm handles. But, depending on how you use them, they can slow you down. Worse, they can be incredibly vulnerable to theft or interception – with potentially huge consequences. For example, the firm Mossack Fonseca famously fell victim to a data breach in 2016 known as the ‘Panama Papers’, and just two years later it announced that it was shutting down due to the ‘reputational deterioration’ the breach caused.

Access is still an area where the legal profession lags behind the trend. Some firms still take an outdated approach to file management – it remains common to see desks stacked with paper files to scan and email to clients when required.

“One of the things that always frustrated me when I was in-house counsel is law firms tend to take information, data, documents, and other files and protect them inside a document management system,” says Kathleen Hogan, Director of Education and Knowledge Integration at McCarthy Tétrault LLP, a firm with more than 700 lawyers and 1,600 total employees at offices in Canada, New York and London. “There are good reasons for that relating to client confidentiality and information security. But I would also think, ‘But they’re my documents. Why do I have to call someone to get to my documents?’”

When it comes to clients’ documents, convenience and confidentiality should be inseparable considerations. They should be easy to access, but tightly controlled, because there are some very real risks to your clients’ confidential data.

Where are the vulnerabilities?

Within UK law firms, the level of technological maturity varies – but the less mature, the more vulnerable their data is. Here are some of the risks you may face.

Old IT systems: If your firm runs an old, unsupported version of Windows for example, your operating systems will no longer be receiving the appropriate patches, which exposes you to exploitation by hackers through malware and ransomware attacks.
Ransomware: Although it’s an old and unsophisticated type of attack, ransomware is still used successfully by scammers. Generally ransomware is installed on your device, usually because a user unintentionally clicks a malicious link or downloads an infected file, and the scammer then uses scare tactics or threats, or holds your systems and files hostage until payment is received.
Phishing emails: Even organisations with watertight cybersecurity can fall victim to phishing emails, because they can be quite difficult to spot. They often purport to be from a bank or financial services institution, or impersonate document-sharing sites, inviting the recipient to click a link. These links to a third-party site where the recipient is asked to enter personal data, or inadvertently give a third-party access to the recipient’s device.
Hacked email accounts: Scammers can break into your email system and from there manipulate end users. The law industry is especially susceptible to this type of attack, due to the nature of client relationships and the transfer of sensitive information and/or payments. A scammer can lie unseen virtually and glean information that they can use to extort money or data from an individual which could risk the safety and privacy of your clients.

Protecting the crown jewels

Whatever the approach, data is the target for threat actors in the cyber realm. Whether it’s confidential and sensitive information about your clients, employment records, medical records or financial information, it’s the firm’s responsibility to protect it.

Because law firms store and send sensitive data, they are at a higher-than-average risk for data leaks. So it’s important to implement network security components such as access control and antivirus and antimalware policies, as well as keeping employees up to date on how to spot phishing emails and other approaches.

But it’s also essential to adopt a secure and efficient method of file sharing, which has to combine functionality, storage space, ease of access, GDPR-compliance, and cybersecurity requirements.

Many firms are using platforms and cloud services such as Dropbox and Google Drive – but none of these are specifically designed for law firms.

By contrast, HighQ is a secure and easy-to-use file-sharing and collaboration service that has been created to meet all the needs of legal professionals.