Data encryption is generally on the mind of anyone who has sensitive data that they need to store. Likewise, much of the discussion involving data security focuses on encryption.
Data encryption can be thought of in two ways: encryption in motion and encryption at rest. Encryption in motion is the process of securing data as the data is being sent and received. This is done so that the data cannot be intercepted. By comparison, encryption at rest works by securing the data itself. Through this practice, even if the data is intercepted during transit, it is unreadable by anyone who isn’t supposed to.
Due to the nature of the data being stored, law firms make for perfect targets for data hackers. Corporate law firms store information that includes financial information (including investments), business strategies and intellectual properties. Non-corporate law firms still hold sensitive information. They handle information including:
- Real estate dealings
- Personal injuries
- Trust and estate matters
- Personal information such as:
- Medical information
- Billing information
- Social security numbers
- Insurance information
- Driver’s license numbers
- Other sensitive information
All of this information could prove to be a hacker’s dream. However, the level to which the law firm could be harmed depends on the size and scope of the practice. This means that certain aspects of the same firm could be more susceptible than another aspect is.
This means that law firms would be wise to employ both methods of encryption. Used together they can ensure that the firm’s information will remain secure and, most importantly, confidential.
Luckily for law firms (even small ones), the cost of off-site storage is decreasing. Moreover, the availability of cloud-based management tools is increasing. This means that law firms are moving certain aspects of their practice to the cloud. Therefore, law firms should pay attention to how the cloud service they employ encrypts their data (both in motion and at rest).
There can be security requirements from those who employ law firms. For example, hospitals and other healthcare entities are required by the Health Information Portability and Accountability Act (HIPAA) to keep certain information security safeguards.
Law firms should be hyper-vigilant about the changes that occur in encryption technologies because security threats are constantly changing. Failing to keep your encryption tech current will do little or nothing to keep hackers out of your firm’s data. While it will cost some money to get the ball rolling, staying abreast of the changes will be worth it in the end.
Many data-hosting providers will require law firms to encrypt their data at rest because this gives the provider access to the firm’s data infrastructure and risk management protocols. Both of these entities require encryption so that there is little risk of damage if this infrastructure is breached.
It is easy to say that a firm encrypting their data in motion and at rest will make it impossible to lose data; however, keeping law firm information confidential requires more. It is essential that those responsible for securing data need knowledge in internal procedures for creating, storing and transmitting data.
Aside from striving to win your clients’ cases, your law firm should strive to protect your clients’ sensitive information.
