Is it ethical for lawyers to store and send information through the cloud?
February 14, 2020 in Security
By: Lorita Ba
Firms considering reducing their paper and physical storage use and costs by switching their data to the cloud sometimes worry about security and trustworthiness. Especially in the business of law, firms want to avoid ethics violations due to data breaches of confidential client information at all costs.
What these firms may not know is they are likely already storing files and communicating with clients using cloud technology. Think Dropbox, Google Drive, and Microsoft One Drive.
The technology exists and is already being put to use. However, there are measures that law firms can take to ensure the security of their information when they put it in the cloud and ways to verify the ethics of doing so.
Is it ethical to use the cloud to store and transmit client information?
In short, yes it is. Lawyers can use cloud-based data storage of confidential information while still maintaining client confidentiality. Over 20 state bar associations have issued ethics opinions on this very topic, and all have reached the conclusion that “lawyers may ethically use cloud computing, so long as they exercise reasonable care to keep client information and files confidential,” according to Attorney At Work. Lawyers just need to be aware of the risks and rewards of technological applications like the cloud and the standards that regulate them. And you certainly don’t need to have a computer science degree to know how it all works — you just need to take due diligence to know everything is secure.
What steps can lawyers take to ensure the security of their stored data?
There are certain steps lawyers can take to ensure data security at their firm.
Know cybersecurity threats for law firms
The first step is to be aware of threats to security. According to Law Technology Today, this can come in the form of state-sponsored hackers such as those from China, industrial espionage by clients’ competitors, departing employees and even scripts or programs which scan for and attack computer systems and networks.
Prepare, plan and train law practice staff on security awareness
Disruptions in operations and productivity are easily avoidable through planning and preparation. Once you’ve selected your security systems, make sure they’re vetted and tested by a small group of users before implementing them widely. Prepare the new users by giving them ample notice as well as a training plan based on results from the initial test group. Security awareness training is likely the most effective measure you can take when it comes to preventing incidents, says Law Technology Today. When putting together a training, make sure to cover electronic communications, incident reporting, internet access, mobile device security, password policies, remote access, social media use, the firm’s acceptable use policy, visitor policies and wireless access security. You should emphasize the need for good judgment.
Verify law firm vendors
The vendor which provides the cloud technology to your firm should also be following appropriate security protocols. They need to pay close attention to securing and protecting your data. You can learn more about Afinety’s dedication to security for its clients’ data on the website or by calling the office.
Testing your law firm security
Consider hiring a third party to handle your security audits. It will keep you accountable and honest when it comes to the effectiveness of your security measures. According to Law Technology Today, an outside security expert will perform a top-down evaluation of your systems, security policies and practices and access to the systems. After a professional third party audit, you should also try to break in yourself. This is known as a penetration or pen test, and will help you identify areas of vulnerability. Following a security audit or pen test, the firm’s IT department should carefully review the recommended changes in the remediation plan before implementation to consider any possible adverse effects on other systems and end users.
Cloud-based storage has become the standard method for storing and sharing data. The legal profession, like other industries, must adapt to compete in the ever-evolving market. If firms take the right steps to ensure security, there should be no issue with the transition, and all proceedings should move along smoothly.