As the practice of law increasingly moves towards digitalisation, it is essential for lawyers to be mindful of the potential risks that arise in a world that is more dependent on technology, in particular cybersecurity, and data encryption.
It’s understandable if lawyers in small firms and sole practitioners haven’t turned their minds to data encryption, but it is important that you do because any issues that arise may have significant repercussions for both you, and your clients.
Decrypting the topic of encryption
Let’s begin our encryption journey with a brief primer on what we are talking about when referring to data encryption.
At its most basic level, encryption is ensuring that the authorised person has access to a readable file or text message that uses a secret decryption key. Any unauthorised person would not be able to access the file or text without the right key.
The encrypting of data broadly speaking occurs in two main ways: the protecting of data that is in transit, such as data on the internet, and encrypting files on computers or storage devices, such as a flash drive.
There are two main methods of encryption which are asymmetric encryption (also known as public-key encryption), and symmetric encryption.
Beware of free public Wi-Fi
Lawyers, like everyone else, love having their electronic devices with them at all times, and with the business of law becomes increasingly dependent on constant connectivity to the internet, free public Wi-Fi may feel like a saviour. Sure, it may seem like a godsend to be in your favourite cafe and be able to do your job as well with free online access, however, what many lawyers may not be aware of is how unsecure public Wi-Fi can be.
Why is free public Wi-Fi potentially dangerous? Quite simply, public Wi-Fi is not as secure as a private network, and is especially dangerous for networks that do not require a password. The lack of even rudimentary security such as using a password, makes it easier for anyone with nefarious intentions to intercept any communications made over the network.
In addition to the relative ease in which free public Wi-Fi affords anyone who wishes to steal information to do so, the other danger lies in the belief that lawyers are connecting onto a legitimate Wi-Fi network, when in actual fact, they are connecting with a rogue access point. One sign that an access point may not be legitimate is if you are prompted to re-enter a password you previously had on the same online session for example.
How can lawyers protect their information?
Due to the nature of the information that legal practitioners possess, it’s essential that you take steps to protect your data and arguably, the most effective way data can be encrypted is through full disk encryption.
Full disk encryption basically refers to everything on a disk being encrypted, and that also includes parts of the disk that generally would not be encrypted.
The other alternative for lawyers who wish to protect their files can also be done through software encryption, where files or packets sent over a network are encrypted and cannot be decrypted without the right key.
Virtual private networks (VPN)
VPNs allow users who have their personal devices connected to a private network to send and receive data over shared public networks. Perhaps the best example of the use of VPN is when lawyers who are away from the office will still be able to connect to the firm’s intranet. Additionally, VPNs are also used to hide a person’s location, and identity via proxy servers.
Do you really need to send that file now?
Although using a VPN with your own firewall network may be an effective defence against a person who may wish to intercept any data you may be sending or receiving over free public Wi-Fi, the original sentiment remains – lawyers should refrain from sending any confidential communications over a public network due to the inherent vulnerabilities that exist.