Encryption is one of those topics that sounds so fiendishly complex that most legal professionals don’t want to touch it with a ten-foot pole.
The thing is, it only sounds complicated. In fact, enabling encryption is quick and simple. So simple, in fact, that some legal tech writers think it’s negligent not to implement it.
Before you can implement encryption, though, it’s important that you understand what it is and why it’s so important. Here’s your “encryption 101” overview to get you started.
What is encryption?
Encryption is a way of protecting data from people you don’t want to see it by making it unreadable without a special kind of password (known as the decryption key). Anyone trying to view the files without the decryption key will just see gibberish.
People encrypt data when they’re sending information between computers, or if they want to add a layer of protection to sensitive or confidential information stored on a hard drive, memory stick, or portable device.
Obviously, that’s an incredibly basic description. If you’re keen to learn more about encryption in detail, check out this great article from the How-To-Geek.
Do you need to encrypt your files?
Simply put: Yes.
All law firms need to start taking cyber security seriously. Cybercriminals are wise to the fact that law firms hold vast quantities of sensitive and potentially lucrative data about their clients and are keen to exploit the profession’s lack of cyber savvy.
It was with this threat in mind that the ABA overhauled its model rules of professional conduct in 2015 to explicitly include references to data protection. They amended model rule 1.6 to state:
“A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
As Sam Glover of “The Lawyerist” argues, “reasonable efforts” should definitely include encryption. Despite this, the most recent ABA Legal Technology Survey found that half of all law firms had been exposed to some sort of hacking attempt, but only one-fourth had any kind of encryption set up to protect client data.
How to encrypt data you’re sending
Most law firms rely on email for most of their communication needs from attorney-client communications to serving other parties in litigation. The problem with email is that it’s very insecure to the point where someone other than your client — be it the government or a hacker — is almost certainly reading it.
The most reliable way to avoid this is to bypass email altogether for anything other than trivial communications. This can be achieved by communicating with clients via a secure client portal (many practice management systems, including Clio and MyCase, have such portals) and serving court documents using an eService platform, like One Legal.
These tools use email to alert the recipient that a message or document has been sent, but require them to log onto a secure and encrypted website in order to read and review the substance of the message.
If you don’t have access to a client portal, it’s possible (but tricky) to set up encryption in email clients, like Outlook. Microsoft has a step-by-step guide on their website.
How to encrypt data you’re storing
If you store confidential client information in files on your computer, then you should definitely enable encryption. Even if you’re using a desktop (rather than a portable laptop), things can easily be stolen. A password, while offering some protection, is no guarantee of protection.
Read more: How to create a secure password
In other words, all legal professionals should encrypt their computer’s hard drives. Here’s how to set up hard drive encryption on Windows and Mac machines.
In Windows, go to the Start menu and type “encryption.” Next, select Change device encryption settings from the list of results.
Select Manage BitLocker followed by Turn on BitLocker, and then follow the step-by-step instructions that appear on the screen.
It’s important that you store your recovery password on a USB or print it out and keep it somewhere secure. It’s likely that at some point you will need it, so be sure to put it somewhere where you’ll find it again.
To complete the process you’ll need to restart your PC. Once restarted you can continue to work while your PC works to encrypt all of your data in the background.
Enabling hard drive encryption on a Mac is equally simple. Go to System Preferences, click on Security, and then select FileVault.
Simply click on the padlock icon to unlock the settings, then Turn on FileVault. As with Windows, you’ll need to store or print your recovery key and keep it somewhere safe. To begin the encryption process, restart your Mac. You can then keep working while it works in the background to encrypt all of your files.