Security Features May Differ Depending on Your Plan
Just as there are differences between what you might require from a personal laptop versus a business laptop, there are considerable differences between, for example, Dropbox for personal use compared to Dropbox for business. These differences include that the latter was specifically built for organizations, with enterprise-level security and privacy controls.
Encryption
There are measures for enterprise-level data encryption— meaning at the firm level. This is facilitated through secure data transfers, distribution of encrypted files and application-level controls distributed across a scalable, secure infrastructure. In other words, it should be required throughout the entire firm.
User Permissions and Admin Controls
These control individual user access and other administrative permissions, such as the tracking of user activity and edits. There are heightened security features, such as the commonly understood two-step or multifactor authentication. It is also possible to set up password-protected files and links so that only trusted people can access the documents.
With the features cited above, you can see how systems like the business version of products such as Dropbox, even those not originally designed for the legal space, can be valuable tools when used properly. That’s the key. Sometimes law firms dive in and use these tools incorrectly at great risk, without sufficient attention to security features.
How To Avoid Potential Mistakes
As with any technology, training matters—emphasis intended. Go through the support pages and training videos. Be sure you understand how to use the product before implementing it, especially when storing confidential client information. And it’s not just you; make sure your staff is also thoroughly trained.
File-sharing systems allow for granular permissions for each folder; yes, that takes a little more time, but it’s essential to your duty to safeguard your client information. Let’s say that a firm created one case folder for all the firm’s matters, with subfolders for each client name. If the subfolders are not given different granular permissions—remember, assigning access only to the proper people associated with the content in each subfolder—you could mistakenly allow Client A access to all firm files. Make sure you consider (and we suggest use) two-step or multifactor authentication.
Yes, nonindustry–specific file-sharing tools, when utilized properly with security features, can be a boon to lawyers. But they are not the only choice.
Client Portals
A tool continuing to grow in popularity, and favored by practice management advisors for sharing documents with clients, is the client portal. Client portals are often built into law practice management systems (LPMS). They are also referred to as secure client portals because they usually have built-in, end-to-end encryption.
There are many benefits to client portals. They can act as everything from your firm’s virtual lobby with how-to information, to a place where you can securely upload information to a virtual secure spot so both the lawyer and client may share information, with an audit trail. If you need to resend a document through the portal, it is quick and easy to resend the link. And do we even have to say that this method is infinitely better than sending an email with secure information in an attachment?
In addition to having strong built-in security that is more likely to be utilized, rather than hoping that someone remembered to password-protect the file with a strong, hard-to-guess password, client portals built into a LPMS also have great productivity potential. Since a LPMS is matter-centric with contacts, tasks, documents and more all relating to each case file in one place, uploading documents not only connects the files with the appropriate matter in a storage location but also connects to the appropriate permissions assigned to each client. You needn’t worry about what the client will see—the law firm chooses what goes into the portal to be shared with clients as read-only or editable. This circles back to the concept of permission levels— you have control over information you share with clients. This is advantageous organizationally and increases efficiency with file sharing and storing.
We pause at this point to tip our hats to our colleague Jim Calloway, of the Oklahoma Bar Association, for being one of the strongest proponents for use of client portals in the legal vertical. He has helped many law firms see pathways forward with this tool. Learn much more about client portals in his Law Practice Tips blog.
In the end, whatever method you choose to share files, keep in mind these principles: First and foremost, vet the technology you’re considering. Then, when you choose one, get thoroughly trained on the system before use, especially if you’re using it to share files. Next, it’s not enough to know about the product, you also must utilize available security measures from password-protection to encryption to strong passwords and multi-factor authentication. Then, consider permission controls and what levels of access various people should have.
Don’t keep all your client files comingled in one large folder. Be sure your file structure segregates information by client and/or matter with appropriately limited access, with consistent naming conventions. Finally, sending a link to a portal or a secure file location is far better than emailing attachments back and forth with clients.
Regardless of the system you use, you must safeguard client data. It’s your duty, and it’s not hard to do if you take the time to learn your system and train your staff.