Technologist - The FindLaw Legal Technology Blog

Is Your Email Secure Enough for Client Communications?

Most lawyers communicate primarily through email. At the same time, lawyers need to take reasonable efforts to prevent disclosure of client communications and information. Are these two things in conflict? Potentially.

It's fair to say that email isn't the world's most secure communication system. For one, the NSA regularly intercepts attorney-client emails, by its own admission. Then there's the risks posed by hackers, by snooping email tracking software, by your firm's noisy IT intern. Don't worry though -- you needn't abandon email and strap on a tin foil hat. Not yet at least. There's still several easy ways to make your attorney-client emails more secure.

Let's Hear It for Encryption

Encrypting documents gives them an added layer of protection. Luckily, most large email services have encryption built in. Outlook, for example, allows you to encrypt single messages or all outgoing emails. Using encrypted emails automatically encrypts attachments as well. Gmail encrypts emails automatically, when it can.

Of course, it takes two to play the encryption game. If your clients or recipients' email service isn't protected, neither are the emails you send their way. That means that about a fifth of the messages sent from Gmail aren't encrypted. Here's where extra software comes in handy. Symantec, for example, offers an end-to-end encryption program, which thankfully includes mobile protection as well. So does McAfee. The Google team is currently testing an end-to-end extension that would provide greater protection.

A Gentler Response

Perhaps you don't want to put bars on all the windows just yet. If turning your email into Fort Knox sounds unnecessary, intimidating, or too expensive, there are other alternatives. Lawyerist recently reminded us about communication portals, those controlled alternatives to email. A communication portal is essentially a website dedicated to client (or other) communications. A client logs in, sends a message or attaches files, and the third party portal operator takes care of securing everything.

How's a communication portal different from traditional email? In many ways it's not, except that you can control who can message you through the portal and you have a third party company there to stand behind the portal's security. There are also plenty of drawbacks. For example, clients will be forced to remember and protect another password in order to use the portal. Not only can passwords be stolen, password glut is simply annoying for clients. Plus, portal security is usually strong, but it's not foolproof.

Whether you opt for encryption or a communications portal, however, taking some action to further confidentiality is better than taking none. If you have any thoughts on email and client communications, feel free to reach out to us via Twitter (@FindLawLP) or Facebook (FindLaw for Legal Professionals). No emails, please.

Related Resources: