Skip to content Skip to navigation menu
Your browser is not supported by this site.
Please update to the latest version, or use a different browser for the best experience.

Is confidential data at your law firm
really secured?

By: Legal Insights from Thomson Reuters
Published: October 24, 2017

In case you were unaware, October is National Cyber Security Awareness Month. Cyber security isn't something most lawyers spend a lot of their time thinking about, but this month is a great time to reevaluate the security of your paper file, server, or cloud computing processes at your law firm.

A secure environment is a competitive advantage

In the modern environment, legal services consumers are savvier than they have ever been before. Consumers are armed with more information due to the rise of review and rating sites. Differentiation points between solo and small firm lawyers have become more subtle; and, they're not always about substantive legal work. In a hypercompetitive environment, the lawyer who presents as more tech-savvy, more capable of seamless online collaboration, and better able to protect his client data, can win potential business based on those differentiating factors. Attorneys are even beginning to implement technology components into fee agreements, in order to drive the point home. Law firms positioning themselves as secure data repositories hold an advantage over their competitors.

Cloud computing vs. the alternatives

Even as consumer demand compels technology adoption, some attorneys remain tech averse and would rather that progress be halted.  At the root is a fear of cloud-based services, which facilitate online data retention and sharing, while simultaneously increasing attorney flexibility and mobility. Much of that fear is grounded in misunderstanding. Even if ‘the cloud' is attached to a misleading name, it is not something abstract at all: cloud computing for lawyers is merely the renting of space on a vendor's server in order to access data via the internet. Almost half of the jurisdictions in the United States have opined that use of cloud computing for lawyers is appropriate; and, no state deciding on the question has said it is not.

When the question moves beyond one of general disapprobation, lawyers fall back on an assumption that cloud-based services are not safe, and the data retained there is not secure.

But, consider the paper-based law office, with files strewn everywhere, alternative.  In this environment, there is little control over law firm data.  Anyone allowed to walk through the law office would be able to misappropriate files, which would then make it extremely difficult to track down the files.

In a law office that employs on-premise technology, similar security issues are apparent. At a small office with a physical server, there's a secretary for security — assuming he or she's monitoring the activity of visitors to the law firm. And, according to Alert Logic's 2012 State of Cloud Security Report, on-premise servers are attacked by hackers more than twice as much as vendor-based servers. A cloud-based technology infrastructure is more secure against both apparent and transparent threats than is an on-premise configuration.  At server locations that cloud providers use to store their clients' data, there is heavy security at all hours.

Of course, as there are variations in technology architecture, there are also degrees of difference in cloud security. Having a tool is one thing; having the right tool is another.

Top Cloud Computing Security Considerations

  1. Physical server security at a cloud provider's server facility should always be considered.  The location should be reinforced with an alarm system, on-site security personnel, and have a separate uninterruptable power supply (UPS) to make sure data and software is available at all times with no disruptions.
  2. Data should be encrypted both in transit and in storage.  Look for the highest level available, which is AES 256-bit encryption.  
  3. Look for cloud providers who have a 2048-bit SSL Certificate, third-party security and effective process certifications such as an ISO 27001 Certificate or SOC 2 Type II Certificate, secure HTTPS connections, and who offer intrusion detection and virus protection software as part of their services.  
  4. In regards to keeping your information secure and up-to-date, at minimum, the cloud provider should be backing up data every day.

What the combination of those features means, in addition to a broader assurance that law firm data will remain secure, is law firms can significantly reduce overhead (in terms of hardware and IT support) as well as administrative time spent on monitoring and updating a security infrastructure. This has a positive effect on both efficiency and the bottom line. So, is it time to finally make the secure move to the cloud?

Related Articles

Checklist: 5 Must-Know Cloud Security Considerations

Understand what matters when it comes to cloud security and how to evaluate the security of cloud technology providers.

3 Red Flags Signaling the Need for Legal Technology Adoption

When “the way I've always done it” doesn't do it anymore. This article outlines three common scenarios at small law firms and how legal technology can help.