What Do These 3 Words Have In Common? Your House, Car, And Credit Card

You make sure all of these things are secure.  But what about your law firm data and client communications?

Recent updates to the ABA’s Model Rules of Professional Conduct are causing a lot of scrutiny around law firm security, specifically around client communications.  Formal Opinion 477 issued in May advises that lawyers take reasonable efforts to prevent inadvertent or unauthorized access to information relating to the representation of a client.  Specifically, lawyers need to ensure the security of their client communications and to exercise reasonable efforts when using technology in communicating about client matters.

Cyber Attacks Are a Threat to Small Law Firms

This update to the Model Rules is much needed considering research by the National Cyber Security Alliance that 70% of hackers target small businesses.  This trend of cyber attacks should be concerning to small law firms as many are not prepared to counter these threats.  In fact, according to the 2016 ABA Legal Technology Report only 20% of small law firms (solo to 9 attorney firms) use email encryption and only 32% have file encryption in place.

The opinion addresses this security gap by stating “cyber-threats and the proliferation of electronic communications devices have changed the landscape and it is not always reliable to rely on the use of unencrypted email… Therefore, lawyers must, on a case-by-case basis, constantly analyze how they communicate electronically about client matters, applying the [above] factors to determine what effort is reasonable.”

So how can a small law firm best comply with the new Model Rules of Professional Conduct?  This is a highly important opinion that attorneys must adhere to, but is it realistic for small law firms to review the security of their communications on a case-by-case basis?

A Holistic Approach to Small Law Firm Security

Many solo and small law firms are taking a holistic approach to solve for security issues by adopting secure, cloud-based legal practice management software.  The benefit of cloud-based practice management in relation to the new model rule discussed here is that many provide a client portal for securely communicating with clients. This means attorneys can securely communicate with clients on every matter, eliminating the need to evaluate their communication method on a case-by-case basis. A client portal allows an attorney to easily and securely share documents and forms and communicate with clients.  And, within the portal clients are able to review, complete and leave comments on documents or forms, upload new documents and communicate with the attorney on anything related to the matter — all from one central, secure environment.

Another benefit is that cloud-based practice management solutions provide a comprehensive security solution by allowing solo and small law firms to piggy-back on the data security measures of the cloud services provider, rather than trying to manage the safeguards and technical aspects of data security in-house.  This ensures that all client and matter information is stored in a central, secure cloud environment to minimize the risk of any security threat – not only those that impact client communications.

As outlined in the opinion, attorneys have a duty to “Conduct Due Diligence on Vendors Providing Communications Technology.”  Use this Cloud Security Checklist to understand the 5 most important security topics to consider when evaluating cloud software providers to safeguard your law firm data and comply with the Model Rule to ensure secure client communications every time.