As the practice of law increasingly moves towards digitalisation, lawyers need to be mindful of the potential risks, in particular cybersecurity and data encryption.
As a lawyer in a small firm or sole practitioner, you may not have thought a lot about data encryption, but it is important that you do because data encryption issues could result in significant repercussions for you and your clients.
Decrypting the topic of encryption
Let’s begin our journey with a brief primer on what we are talking about when we refer to data encryption.
At its most basic level, encryption is ensuring that the authorised person has access to a readable file or text message that uses a secret decryption key. Any unauthorised person would not be able to access the file or text without the right key. A key could be a password or table needed to decipher the encrypted file.
There are two main ways data encryption can occur: the protection of data in transit, such as data on the internet, and encrypting files on computers or storage devices, such as a flash drive.
There are two main methods of encryption which are asymmetric encryption (also known as public-key encryption), and symmetric encryption. Symmetric encryption is a well-known technique, where one key is used by both parties to encrypt and decrypt the message or file. Asymmetric encryption on the other hand requires two related keys, a public and a private key. The public key encrypts the message or file whilst an individual’s private key decrypts it.
Beware of free public Wi-Fi
Lawyers love having their electronic devices with them at all times, and with the business of law becoming increasingly dependent on internet connectivity, free public Wi-Fi may feel like a saviour. Sure, it may seem like a godsend to be in your favourite cafe and be able to do your job with free online access, however what many lawyers don’t know is just how unsecure public Wi-Fi can be.
Why is free public Wi-Fi potentially dangerous? Quite simply, public Wi-Fi is not as secure as a private network, and is especially dangerous for networks that do not require a password. The lack of even rudimentary security, such as using a password, makes it easy for anyone with nefarious intentions to intercept communications made over the network.
In addition to the relative ease in which free public Wi-Fi affords anyone who wishes to steal information to do so, the other danger lies in the belief that lawyers are connecting onto a legitimate Wi-Fi network, when in actual fact, they are connecting with a rogue access point. One sign that an access point may not be legitimate is if you are prompted to re-enter a password you previously had on the same online session.
How can lawyers protect their information?
Due to the nature of the information that legal practitioners possess, it’s essential that you take steps to protect your data and arguably, the most effective way data can be encrypted is through full disk encryption. This process encrypts all the data on a hard drive and makes it only accessible with a key. Even if the hard drive is removed and placed into another laptop or computer the data is still inaccessible unless the individual has access to the key.
The other alternative for lawyers who wish to protect their files can also be done through software encryption, where files or packets sent over a network are encrypted and cannot be decrypted without the right key.
Virtual Private Networks (VPN)
VPNs provide a secure connection for users who have their personal devices linked to a private network (usually their work network) to send and receive data over shared public networks. Perhaps the best example of the use of a VPN is when lawyers who are away from the office will still be able to connect to the firm’s intranet. Additionally, VPNs are also used to hide a person’s location, and identity via proxy servers (an intermediary between a web browser and the internet that helps to improve security by filtering out malicious software).
Do you really need to send that file now?
Although using a VPN with your own firewall network may be an effective defence against a person who wants to intercept data you may be sending or receiving over free public Wi-Fi, the original sentiment remains – lawyers should refrain from sending any confidential communications over a public network due to the inherent vulnerabilities that exist.