Why is security important?
According to the American Bar Association, “in 2012, 90% of IT respondents said their organization had experienced a breach of document security.” As a result, clients are demanding assurances of security and compliance before working with a new law firm and may take their business elsewhere if their existing counsel cannot meet their security requirements.
Also in 2012, comments were added to the ABA Model Rules that required attorneys take reasonable precautions to protect clients’ electronic data specifically and to keep abreast of the technology required for competent representation of their clients in their practice area.
In these changing times, many attorneys still struggle to understand the complicated requirements involved in protecting client data. For those subject to HIPAA, this lack of understanding is potentially even more damaging now that the Office of Civil Rights (“OCR”) within the Department of Health and Human Services (“HHS”) will begin audits this year.
In ILTA’s latest technology survey, it is not surprising that in their list of the top 3 technology issues or annoyances within law firms, security and risk management was at the top of the list.
Whether you represent health providers and banks or if you are just concerned with your ethical obligations to protect client data, one thing is certain: security must rise above the level of “annoyance” and become a top priority for law firms. Security must become something that is routine and an accepted part of the practice of law.
Why do you need Encryption?
One way of protecting documents is to encrypt them. Encrypting files means rendering them unreadable to anyone who is not authorized to see them. Encryption technology is a critical component in meeting client needs for protecting their data as well as for compliance with HIPAA and other regulatory requirements.
While there are many types of encryption and many ways to encrypt documents, everyone must understand that the regulatory and client requirements usually state that documents must be encrypted both in transit and at rest. Many have thought about this when it comes to portable or removable media, such as laptops, smart phones and USB devices, but again, per the 2015 ILTA survey, far fewer are encrypting desktop computers and only a mere 9% of respondents rely on file server hardware for encryption.
Encryption at rest can be accomplished in many ways, some of which are quite cumbersome to use even for those authorized to access the data. ILTA’s latest technology survey lists the single biggest law firm security challenge as the ability to balance security with usability. Bruce Schneier, security and privacy specialist, said it best when he stated that “Encryption works best if it is ubiquitous and automatic. It should be enabled for everything by default, not a feature you only turn on when you’re doing something you consider worth protecting.”
World Software Corporation has taken this approach to our revolutionary new feature, Worldox Encryption At Rest, or WEAR.
Why is WEAR a better solution?
A partner at David & Gilbert told ACEDS recently that “the ideal situation would be to just encrypt all data.” He added that this “is very unlikely in today’s business climate because complete encryption would be very expensive and time consuming.” He went on to imply that improving retention policies and instituting data classification policies can greatly reduce the expense of encryption.
To achieve encryption at the hardware level, even the most basic SAN technology costs tens of thousands of dollars and requires in-house personnel or outside consultants who have the expertise to maintain and monitor the products.
WEAR was developed with the idea that, since encryption will soon be a necessity due to the influx of nefarious influences that seem to increase with each passing day, this technology must be made affordable to firms of all sizes. Because it is built as a component of the Worldox document management system, it can work with your system of data classification and your retention policies to secure all of your data or just the data deemed to be most at risk. No costly additional hardware is required in order to implement it, making compliance with client or regulatory requirements attainable to all.
WEAR, along with Active Directory integration and the Ethical Wall capability built into Worldox, can be the backbone of your security infrastructure.
Compliance is great, but can it really protect our data?
Security is about more than just checking a box on a security questionnaire or passing an audit. It is about protecting sensitive client data from exposure. WEAR technology protects data from many different types of threats.
Should a drive upon which Worldox data is stored by stolen, the data will be inaccessible without the client software for that site.
Files taken from the file system by a breach via malware or by a person on site with malicious intent will not be readable outside of the Worldox client software from the site upon which the files were encrypted. If intelligent hackers attempt to remove the documents and the software, our advanced technology will still not allow access to the encrypted files.
Because the encrypted files have the .WEAR extension, typical ransomware infections will not touch WEAR encrypted files.