July 06, 2015

FYI: Playing it Safe With Encryption

Confidentiality is the bedrock of the attorney-client relationship. However, this privilege is at risk during the routine transmission of an electronic communication. Email encryption reduces this risk. Email encryption obscures the content of the email in order to prevent people other than the sender and the receptor from reading the content. Additionally some encryption programs will provide proof that the document was received and disable the forwarding option so that the message cannot be forwarded. Increased availability and affordability make encryption an accessible option for safeguarding attorney/client privilege.

System encryption makes the data of a desktop or laptop computer inaccessible or illegible without a passkey regardless of the application in which the file was created. The passkey should be a complex, yet memorable (to you) combination of letters and numbers. Also, don't forget your email enabled mobile phone. There are a number of encryption options for mobile phones. See FYI: Security on the Go.

Lastly, make sure that your backup medium is secure as well. Many portable storage drives will allow you to encrypt the data that you backup. Iomega, is one manufacturer of smart, portable encrypted storage solutions.

The best encryption methods in the world are useless if not routinely implemented. A Computerworld article just reported a breach at Internet security giant VeriSign. While VeriSign, according to the website, “… enables and protects billions of interactions every day across the world’s voice and data networks”, this distinction did not prevent an unencrypted laptop containing the personal information of VeriSign Inc.'s current and former employees from being stolen. A security culture is imperative for all organizations. None are exempt

Security Resources

E-Mail Encryption

  • Email Encryption Simplified - ABA Site-tation
  • PGP Desktop Email - A desktop e-mail encryption software program. The PGP Corporation makes encryption software for small/home office, small business, and enterprise customers
  • Hushmail - A web-based e-mail encryption service
  • Mail it Safe - Encryption add-in that works with Microsoft Outlook or Lotus Notes
  • EchoWorx Secure Mail - Send client negotiations, contracts financials, and litigation via email securely
  • IronPort PostX Secure Email - A desktop e-mail encryption program
  • ZixMail - A desktop email encryption solution that lets users encrypt and decrypt emails and attachments with a single click
  • Encrypt messages in Microsoft Outlook 2003
    An explanation of how to use the built-in encryption functions in Microsoft Outlook 2003
  • Email Encryption More Accessible Now for Legal Firms of All Sizes - describes the public key infrastructure (PKI) method involving digital certificates that many e-mail encryption programs use

  • Virtru provides easy, end-to-end encryption that is seamlessly integrated into the email service that attorneys and clients already use every day, ensuring that communications are protected.
  • System Encryption

  • Don't Let Your Employees Become Security Nightmares – from Law.com’s Legal Technology (Must register to see)
  • Time for Mobile Lawyers to Lock and Load – from Law.com’s Legal Technology
  • Locking the Doors and the Windows: Security in the Solo World - An article from ABA Law Practice Magazine
  • Lock It Up! Protect Your Clients (and Yourself) with Encryption - ABA General Practice, Solo and Small Firm Division
  • Help keep your data safe: Encrypt your data with Windows XP Professional - Encrypt your data with Windows XP Professional
  • PGP Whole Disk Encryption - Encrypts laptops, desktops, and external drives, including USB flash drives
  • TrueCrypt - Free open-source disk encryption software for Windows Vista/XP/2000 and Linux
    • Users are currently unable to use TrueCrypt encrypted files on computers which do not have TrueCrypt installed unless the user has "Administrator Privileges, and limitations exist to using TrueCrypt on a computer which has TrueCrypt installed if the users lacks Administrative Privileges. See: " Using TrueCrypt Without Administrator Privileges."
  • SecureDox - Protect information stored on hard drives, laptops and portable devices
  • Mobile Storage Encryption

  • Lexar Media, Inc.
  • Kingston Data Traveler - USB flash drives with encryption features
  • PGP Whole Disk Encryption - Encrypts removable media and external drives such as USB flash drives as well as laptop and desktop computers