Law firms invest in all manner of technology to ensure client confidentiality—everything except email encryption, that is.
An American Bar Association survey revealed only 39% of U.S. attorneys seek to safeguard emails this way. That’s a little crazy when you think about it because email is one of the most used forms of communication in law firms.
And one of the most easily hacked.
Cybercriminals use highly effective techniques to steal email information, including Man-in-the-Middle attacks, packet sniffing, phishing, social engineering, and accessing emails on unsecured devices.
The problem has grown to the point where even former FBI Director Robert Mueller said, “I am convinced there are only two types of companies; those that have been hacked and those that will be.”
So, why is there such an aversion to email encryption among attorneys, especially in light of the need for Information compliance, ethics, and confidentiality?
Today’s post will address the most common objections law firms have to email encryption. It will also give some things to look for in a sound email encryption system.
First, let’s start with the objections.
Objection 1: Email encryption is too complicated
If you’d leveled this complaint five years ago, it would have had much more merit. Encrypted email was complicated, then. Encrypted email systems from that era required users to go through several extra steps to communicate back and forth. This was impractical for in-house communication and practically useless for attorney-client correspondence.
And to be fair, many of those systems still exist. But they are considered subpar compared to some of the superior systems that have come on the market. These days firms can get end-to-end protection in as little as one click; a far cry from where the technology was just a few years ago.
Objection 2: It’s too expensive
There’s no doubt that good email encryption comes with a healthy price tag. And when looked at purely as an expenditure, it can be cost prohibitive.
But that’s not the best way to look at it. It’s best viewed as an investment in your firm’s future.
You may get a pretty good return on that investment if your firm loses time trying to communicate sensitive information through antiquated channels. Chances are, those systems are creating frustration for your staff.
So, they start to take shortcuts, like sending sensitive information through unencrypted email. This opens up a slew of ethical concerns that can be costly to your firm’s reputation and bottom line.
When viewed from that perspective, an honest assessment may reveal you can’t afford to be without email encryption.
Still, there’s no denying getting past the additional cost. However, you can reduce costs by going with a specialized vendor that includes email in a comprehensive security stack.
The first savings is that such vendors often provide their services at a discount since they get all your security business. The second savings opportunity is through lower bookkeeping and administrative costs because you’ve reduced vendor load.
Objection 3: Email encryption isn’t necessary
There’s no rule saying you have to use an umbrella while walking in a rainstorm. You just have to deal with all the nasty consequences.
So, just because email encryption isn’t a legal obligation in Louisiana doesn’t mean it isn’t a very good idea.
And when you consider that a mind-boggling 94% of all malware is delivered via email, well, let’s just say the theoretical umbrella provided by encryption isn’t so unnecessary after all.
But enough of the doom and gloom. There are plenty of positive things about getting email encryption.
Law firms can help avoid information compliance issues simply by having encryption in their security arsenal.
They can also use email encryption as a selling point for clients. It doesn’t take much client education to sell the idea that email encryption provides a layer of protection most other firms don’t provide. It’s a unique selling proposition in a business that doesn’t have very many.
In fact, it isn’t too farfetched to envision a day when email encryption is considered an ethical imperative. If it does come to that, you’ll want to be ready.
So, here are some things to look for when choosing an encryption solution.
End-To-End Email Encryption
This encryption method ensures emails are always secure and can only be read by the intended recipient. Even when the email is sitting in the recipient’s inbox, it is still secure.
That’s because the recipient gets a private key, known only to them, to decrypt the message. This process isn’t complicated; it’s normally like entering a one-time passcode like with multi-factor authentication.
Some government grade services can even reduce this to just one click by the sender and the recipient. Get a solution with the AES 256-bit standard, no matter which system you choose. This will ensure your email is nearly impossible for hackers to decrypt.
Data Loss Prevention
People do mindless things when they are in a hurry. It’s all too common for Personally Identifiable Information, private documents, and other sensitive information to be sent through unsecured email.
Data Loss Prevention helps stymie these mistakes. DLP forces encryption when it recognizes keywords in emails and attachments. Those keywords are easily added and adjusted.
Compliance
Look for services that report when encrypted emails were sent and opened. Also, timestamped delivery is another great way to prove your firm acted in a compliant manner.
Ease of use
This was alluded to earlier, but the easier email is to encrypt and decrypt, the better. Time is money in the legal world, and reducing tech friction is worth looking at the investment, even if it’s just a little bit.
It also needs to be easy to roll out and manage. The more seamless the deployment, the more likely your staff will use encrypted email as intended. And the less routine management required, the happier your admins will be.
Putting it all together
Most firms still view email encryption as too expensive to be necessary. At best, it’s viewed as a luxury item. But if you want your firm to provide the best service possible for clients while gaining a jump on the competition, then encryption is a way to stand out in a very crowded legal landscape.
And taking care of clients while gaining market share is no luxury; it’s just good practice.
The EDC Way
At EDC, we’re constantly evolving our approach to new challenges. That’s how we prevent problems from happening before they start. Our dedicated team of IT professionals is here to help you.
From strategizing a plan to providing multiple lines of defense against hackers, we will ensure your data and private information is safe behind a vanguard of security measures.
To learn more about EDC visit EDCNOW.com, or to schedule a free consultation on how we can help with your IT needs, call us at: 337.235.7741 in Lafayette or 504.322.3622 in New Orleans.
