Why Every Lawyer Needs to Encrypt Their Email?

Why Every Lawyer Needs to Encrypt Their Email

Confidentiality has always been the most important element in the lawyer-client relationship. From the first time one person asked another to defend them in the court of law, the two have made a contract (first verbally and then in writing), that the lawyer will not reveal what their client tells them in confidence.

That confidence has always been difficult to maintain. Documents get stolen, sensitive information leaked through a third party, overheard from the other room, or inadvertently revealed by either the lawyer or the client. 

Today, however, with communication largely moving online, lawyers have a new dilemma. 

How can they protect their communication with clients over the Internet?

This is where email encryption comes in?

How Does Email Encryption Work for Lawyers?

Lawyers send and receive all kinds of documents. These documents very often contain sensitive and confidential information about their clients. If this information somehow gets into the wrong hands, that could be devastating for the client.

Here’s how to send documents securely over the Internet.

For instance, a person getting a divorce would want to keep their correspondence with the lawyer secret from their spouse.

Or, if those same two enter a settlement agreement, they would often need to exchange information such as brokerage account statements, payment information, credit card info, social security numbers, etc. 

This information must not fall into the wrong hands and strong email encryption prevents that from happening.

Why is Email Encryption a Must for Lawyers?

Lawyers have to deal with a huge amount of emails. Unfortunately, many law firms use popular, but unencrypted (or at best poorly encrypted) email services like Gmail, Yahoo, etc. 

This often results in data leaks, like this leak from May, 2020. In it, more than 190 law firms were affected by a data leak, which exposed 10,000 legal documents (user names, hashed passwords, company details, etc,). This includes prominent law firms such as Slaughter and May, Clifford Chance and more.

Here are a few reasons why lawyers should be using encrypted email:

  1. When they need to exchange confidential or sensitive information about their clients over email.
  2. When the client is using a shared email account, For example, if the client is sharing an email account, including passwords, with their spouse and they want to get a divorce from them.
  3. When the client is using their work email and is entering into a dispute with their firm.
  4. When the client is using a private email account but their spouse knows their password.
  5. When there is a concern that a third party such as the government might intercept the communication.
  6. When the client is using an unsecured device (like their mobile phone or tablet) or they are emailing from an unsecured, public network.

A few years ago, the American Bar Association’s (ABA) Standing Committee on Ethics and Professional Responsibility issued Formal Opinion 477R, which states, among other things, that “a lawyer should consider whether certain data should ever be stored in an unencrypted environment, or electronically transmitted at all”.

Email Security Tips for Lawyers

According to the ABA Techreport 2019 Survey, only 38% of respondents used email encryption in 2019. That’s nearly 10 percent more than the previous year when 29% were encrypting their emails. 

Still, even though the upward trend in lawyers using email encryption is good news, the fact that, in 2019, just over a third of respondents were using email encryption is worrisome.

One big reason lawyers neglect to use email encryption is the lack of knowledge in the matter. Many believe that their communication is sufficiently protected if they’re using Gmail or some other popular email provider, which is far from true.

Here are 5 email security tips every lawyer should follow:

  1. Human error is just as (if not more) dangerous as malicious technology.

Most people are worried whether the technology they are using is secure enough to protect them against malware, hacking and data breaches. However, they are forgetting the fact that most leaks are the result of human error and bad practices, not some weakness in technology.

In that regard, law firms should raise awareness among their employees on the importance of secure email for lawyers and introduce training programs for lawyers and their teams on how to communicate securely over the Internet, including sending confidential documents.

  1. Start using secure encrypted email providers

Once again, we return to the fact that popular email services are not secure enough to be used in communication between lawyers and their clients. 

One law firm, for instance, was hacked by a group of hackers using REvil ransomware and stole over 750 gigabytes of their client’s data (including celebrities such as Madonna, Bruce Springsteen, Lady Gaga, Elton John and more) and are demanding $42 million in ransom.

Using an encrypted email provider (like CTemplar) will severely decrease the chances of yours and your client’s emails getting into the hackers’ hands or those of the government.

  1. Test your servers and software for vulnerabilities

We said earlier that most data leaks are typically the result of human error and lack of knowledge, rather than technology. That still doesn’t mean that you can neglect the technology you are using. 

Regularly test your system, network and software for any vulnerabilities that a third-party might try to exploit or for malicious software and update your servers often to ensure their security.

  1. Use dedicated servers

Cloud servers have numerous benefits, including the ability to scale, high uptime, flexible pricing, decreasing environmental impact and so on. However, law firms should keep in mind that by using a cloud-based server, they are in fact sharing the server environment with other users.

Tenant separation is often difficult on the cloud and this leads to data leakage. At the same time, on-demand SaaS and PaaS services that cloud service providers (CSP) offer further increase the likelihood of unauthorized usage and identity theft.

Because of these risks, CTemlar uses physical servers located in Iceland to protect its users’ data. This also allows us to take advantage of this country’s strong data privacy laws as Iceland is outside of the 14 EYES and MLAT treaties.

  1. Take advantage of anonymous email communication

One of the best ways to ensure that your communication is confidential is to hide your identity. This can easily be accomplished by using anonymous email. 

That way, for example, you can send emails to your lawyer without fear that someone intercepting them will connect you with that email.

CTemplar allows you to sign up completely anonymously (without phone number or credit card) and also includes Zero-Knowledge Password protection, which means not even CTemplar can access your encrypted data and passwords.

Are you looking for a secure email for lawyers? Sign up for CTemplar Encrypted Email and ensure that your communication with clients is anonymous and protected.