Legal Data Protection: Easing Encryption Puts Legal Firms Right in the Line of Fire

Growing concerns around legal data protection,privacy, and hacking mean there has never been a more appropriate time for lawyers to ensure all communication with colleagues and clients is always secure. The timeliness of this requirement is highlighted by the U.K. government’s attempts to fast track laws that would enable it to spy on citizens’ communications whenever it deems the action appropriate. We believe that law-abiding individuals and corporations have a fundamental right to privacy, and everyone should have the right to choose whether or not to keep their communications private.

This is especially the case in the legal world, where professionals have both ethical and legal responsibilities to protect their clients’ data. Indeed, many U.S. states have enacted statutes that protect their citizens’ personally identifiable information (PII) and specifically require any firm that does business in the state to, in certain circumstances, encrypt that PII. Lawyers should be free to take all reasonable steps to ensure their clients are safe from cybercrime and surveillance, using whatever encryption tools are at their disposal to achieve such ends.

The Legal Industry is Particularly Susceptible

Threat actors will always find nefarious ways of using well-intentioned technology for their own means or to steal valuable information. Given the sensitivity of information held by legal firms of all sizes, lawyers are among the individuals most susceptible to hacking and the interception of their digital communications. This has been the case for some time. Back in 2009, the FBI issued an alert that advised legal firms they were being specifically targeted by cybercriminals through email phishing campaigns, and the situation has snowballed as hacking techniques have become increasingly sophisticated. Two years later, the FBI held a meeting with 200 of the largest law firms specifically to discuss cyber-attacks targeting a gold mine of information held by legal organizations, and to educate them on how to better protect their data.

The amount of foreign travel that accompanies the legal profession and the global nature of the industry put modern legal professionals at greater risk than most. However, it is not just while travelling that lawyers need to be aware of this threat as the prevalence of surveillance technology that simply hoovers up data and phone messages on the streets of cities across America is a growing concern.

Foreign gangs can now easily setup and implement this technology for as little as $1,500 on any street corner, and have comprehensive spying techniques that can easily penetrate the entire communications of a smart phone (voice, video, data, SMS). In the hands of cybercriminals, this can be used to intercept phone calls of innocent passers-by to collect a ream of data from unsuspecting citizens.

The continued use of these devices demonstrates the real need for secure communications at all times. Anyone who doesn’t want their conversations to be listened in on—or to have their data stolen by foreign government agencies and cybercriminals—must begin taking the mobile threat seriously.

Get Smart About Mobile Security

The act of downloading anti-virus and other programs to protect laptops and desktop computers is now commonplace and widely accepted. However, the same security consciousness is still rarely applied when considering the importance of protecting mobile devices.

Given the amount of personal information that lawyers may have to share through their phone or tablet, it’s naive to think that a hacker wouldn’t try to get it. For example, we recently surveyed 2,000 U.S. consumers and found that one in seven people keeps passwords on their mobile phones (15%) and nearly one in ten keeps bank details on mobile devices (8%), while more than half are concerned that hackers will intercept private or personal information stored on their mobile device (57%).

This act is almost certainly duplicated in a business environment, with employees storing client information on top of credit card details, bank details, medical information, pictures, and phone numbers—all on one unprotected device.

It’s therefore increasingly imperative that legal firms take responsibility for securing their mobile devices, and the client data they store and share on them. Using services that encrypt email, texts and, IMs to ensure they can’t be intercepted or traced, and to ensure calls can’t be listened in on should be one of the first actions taken by a legal company’s IT team before handing out corporate devices.

Check Also

NFTs And The Law: What Do I Actually Own?

A quick look into NFTs, and how they fit into a legal landscape that isn’t ready for them.