Why Every Lawyer Needs to Encrypt Their Email?
Confidentiality has always been the most important element in the lawyer-client relationship. From the first time one person asked another to defend them in the court, the two have made a contract (first verbally and then in writing), that the lawyer will not reveal what their client tells them in confidence.
Today, that confidence is often tested with unsecured lawyer emails.
That confidence has always been difficult to maintain. Documents get stolen, sensitive information leaked through a 3rd party, overheard from the other room, or accidentaly revealed by either the lawyer or the client.
Today, with even legal communication largely being done online, lawyers have a new dilemma.
How to get in touch with their clients and exchange sensitive information securely?
This is where lawyer email encryption comes in.
How Can Lawyers Secure Their Client Mailing List With Email Encryption?
Lawyers send and receive all kinds of files in their line of work. Any file can contain sensitive and confidential information about their customers and legal cases. If this data gets into the wrong hands, that could be devastating for the client as well as the attorney.
For instance, a person getting a divorce would want to keep their lawyer emails secret from their spouse.
Or, if those same two enter a settlement agreement, they would often need to exchange information such as brokerage account statements, payment information, credit card info, social security numbers, etc.
This information must not fall into the wrong hands and so a law firm must use strong email encryption to prevent that from happening.
Why is Email Encryption a Must for a Law Firm?
Lawyers have to deal with a huge amount of emails. Unfortunately, many law firms use popular, but unencrypted (or at best poorly encrypted) email services like Gmail, Yahoo, etc.
Can lawyers use Gmail?
Lawyers should avoid using Gmail because it can scan potentially confidential client information.
In its Opinion 820, regarding the permissibility of Gmail and other free email services, the New York State Bar Association voiced its concern about such email services, stating that :
“The provider’s computers scan emails and send or display targeted advertising to the user of the service. The email provider identifies the presumed interests of the service’s user by scanning for keywords in emails opened by the user. The provider’s computers then send advertising that reflect the keywords in the email.”
This often results in data leaks, like this leak from May, 2020. In it, more than 190 law firms were affected by a data leak, which exposed 10,000 legal documents (user names, hashed passwords, company details, etc,). This includes prominent law firms such as Slaughter and May, Clifford Chance and others.
Here are a few reasons why lawyer emails should be encrypted:
- When attorneys need to exchange confidential or sensitive records about their clients over email.
- When the client is using a shared email account, For example, if the client is sharing an email account, including passwords, with their spouse and they want to get a divorce from them.
- When the client is using their work email and is entering into a dispute with their company.
- When the client is using a private email account but their spouse knows their password.
- When there is a concern that a third party such as the government might intercept the messages.
- When the client is using an unsecured device (like their mobile phone or tablet) or they are emailing from an unsecured, public network.
A few years ago, the American Bar Association’s (ABA) Standing Committee on Ethics and Professional Responsibility issued Formal Opinion 477R, which states, among other things, that “a lawyer should consider whether certain data should ever be stored in an unencrypted environment, or electronically transmitted at all”.
Lawyer Email Security Tips Both Lawyers and Clients Should Follow
According to the ABA Techreport 2019 Survey, only 38% of respondents used email encryption in 2019. That’s nearly 10% more than the previous year when 29% of attorneys were encrypting their emails.
Still, even though the upward trend in attorneys using email encryption is good news, the fact that, in 2019, just over a 3rd of respondents were using email encryption is worrisome.
One big reason lawyers neglect to use email encryption is the lack of knowledge about the matter. Many believe their communication is sufficiently protected if they’re using Gmail or some other popular email provider, which is far from true.
Here are 5 email security tips attorneys should follow when sending emails to their customers:
Human error is just as (if not more) dangerous as malicious technology
Most people are worried whether the technology they are using is secure enough to protect them against malware, hacking and data breaches. However, they forget that most leaks are the result of human error and bad practices, not some weakness in technology.
Law firms should raise awareness among their employees on the importance of secure email for lawyers and introduce training programs for lawyers and their teams on how to communicate securely over the Internet, including sending confidential documents.
Start using secure encrypted email providers
Popular email services are not secure enough to be used in communication between lawyers and their clients.
One law practice firm, for instance, was hacked by a group of hackers using REvil ransomware and stole over 750 gigabytes of their client’s data (including celebrities such as Madonna, Bruce Springsteen, Lady Gaga, Elton John and more) and are demanding $42 million in ransom.
Using an encrypted email provider (like CTemplar) will severely decrease the chances of lawyer emails getting into the hackers’ hands or the government’s.
Test Your Email Servers and Software for Vulnerabilities
Most data leaks are the result of human error, bad practice and lack of knowledge, rather than technology. That still doesn’t mean that you can neglect the technology you are using.
Regularly test your system, network and software for any vulnerabilities that a third-party might try to exploit or for malicious software and update your servers often to ensure their security.
Use Dedicated Servers
Cloud servers have numerous benefits for businesses, including scaling, high uptime, flexible pricing, decreasing environmental impact and so on. However, law firms should keep in mind that by using a cloud-based server, they are in fact sharing the server environment with other customers.
Tenant separation is often difficult on the cloud and this can lead to data leakage. At the same time, on-demand SaaS and PaaS services that cloud service providers (CSP) offer further increase the likelihood of unauthorized usage and identity theft.
Because of these risks, CTemlar uses physical servers located in Iceland to protect its users’ data. This also allows us to take advantage of this country’s strong data privacy laws as Iceland is outside of the 14 EYES and MLAT treaties.
Use an Anonymous Email Service for Attorney Email
One of the best ways to ensure that your communication is confidential is to hide your identity. This can easily be accomplished by using anonymous email.
That way, for example, you can send emails to your attorney without fear that someone intercepting them will connect you with that email and what is in it.
CTemplar allows you to sign up completely anonymously (without phone number or credit card) and also includes Zero-Knowledge Password protection, which means not even CTemplar can access your encrypted data and passwords.
Are you looking for a secure email service for lawyers? Sign up for CTemplar Encrypted Email and ensure that your communication with clients is anonymous and protected at all times.