Encryption sounds very technical, and IT security is not a topic that most attorneys like to talk about, but this is a subject that attorneys need to become aware of and apply in their daily lives. It is not a difficult concept and can save you and your malpractice insurance company from lots of headaches.
What is Encryption?
Encryption is a process to store your data so that only you can access it. There is an encryption “key” (essentially a password) that you keep to encrypt and decrypt the data. When the data is encrypted, it is converted to ones and zeros so that it can be stored securely, and if the encrypted data falls into the wrong hands (the bad guys or the NSA) it can not be read. You hold the only encryption key, and your data can only be decrypted (unlocked) and read by you.
There are different types of encryption. Let’s take a closer look at a few of the main types.
While there are many types of encryption out there, that the following types would be most relevant for attorneys.
Document Encryption—When we talk about document encryption, I am referring to documents and sensitive client information that are stored on your laptop and in the cloud without any security other than a password. Dropbox, Box, Google Drive, and other cloud-based storage users need to pay attention to this type of encryption. Document encryption should be used in collaboration with these cloud-based programs to convert the data into ones and zeros on your local computer. If your computer is lost or stolen, the data would not be able to be accessed without the encryption key.
Email Encryption—Email encryption is the converting of emails to an encrypted format so they can be securely transmitted from one person to another. In some encrypted email systems, the email recipient needs to set up an account with the sender’s encryption service to read the encrypted email. Since sensitive information can be exchanged safely with encrypted email, attorneys that have worked with HIPAA or Sarbanes-Oxley documents have already seen email encryption first-hand, and many real estate attorneys will be required to implement encrypted email for compliance with upcoming CFPB regulations.
Disk Encryption—When we talk about disk encryption, we are referring to the encryption of all data on a piece of hardware—a laptop, desktop, external hard drive, etc. This encryption occurs before the operating system loads on a computer and many Windows computers are coming with disk encryption software installed (BitLocker), but not turned on by default. With disk encryption enabled, the documents and other data on that stolen laptop are worthless without the key.
Do I Need Encryption?
In short, yes! Storing data today is not about having data accessible wherever you go. It is about having your data securely accessible everywhere you go. Programs like Dropbox, Box, Google Drive, etc. are great, but your data security is only as secure as your password. If your password is Password123, it is not secure. A powerful password (12+ characters including capitals and punctuation) is the first layer of security, encryption is the second, and add on Two Factor Authentication (we can talk about that later), now we are talking!
What Programs Can I Use for Encryption?
Different products have been designed to address each type of encryption. For document encryption, programs like Viivo, Boxcryptor, and TrueCrypt can encrypt cloud-based storage, like Dropbox, Box.com, Google Drive, etc. When you want to protect your data up-front at the hardware level, programs like TrueCrypt and BitLocker can encrypt your whole hard drive, a USB drive, or individual files or folders.
Email encryption is a bit of a different story because email encryption is dependent on where your email is stored. I am not talking about Outlook, but where is your email behind the scenes? Is it on an email server in your office? On GoDaddy with your website? Or on a cloud-based system like Office 365 or Google Apps? Each of these systems can offer email encryption, but there are different systems for each of them.
With some popular email systems, including up-to-date server-based email systems, Google Apps and Office 365, you can enable encryption on these systems for an additional fee. Other email systems can use third-party software like Zix Corp or add-ins to your browser. There are lots of options for email encryption, but it is dependent on your firm’s needs (does every email need to be encrypted?) and the ease of use for your clients.
Is Encryption Hard to Set Up?
Typically, no. Programs today try to make it “easy” to install and maintain. Some of the programs, like TrueCrypt, are more technical (they create virtual drives and encrypted volumes), but still are geared toward the average user. Ask your IT person (or a 14-year old gamer) and they should be able to help you if you get stuck and need some tech translation.
It should go without saying: make sure you have your data backed up before you start. As with any software installation, some do not go as planned so you want to take precautions.
Are They Difficult to Use?
Again, typically no. The most difficult part of using an encryption program is the setup. Once it is setup, it runs in the background and you shouldn’t see it too much in your day to day work. However, it may require some maintenance and updating. Depending on the program and how you choose to encrypt it, you may need to maintain a master password, a USB drive, a fingerprint (biometric encryption), so choose your secure “key” carefully and document it.
Just Do It!
In the end, encryption should not be seen as a hindrance to your everyday work, but a benefit. Just like you backup your data in case of a hard drive failure or a virus (you do, right?), encryption is another way of preparing for trouble. Knowing that your data is safe and secure will make you and your clients feel better about working together securely. Considering how user-friendly the software has become and with so much at stake, I suggest you just do it. Happy Encrypting!