Secure Email for Attorneys
Home / EncryptTitan Email Encryption / Secure Email for Attorneys
Law firms, and the attorneys that work for them, are at the center of sensitive and confidential conversations. Much of the shared information and data is communicated via email. According to research, attorneys and lawyers spend up to 66% of their day working with emails. Therefore, maintaining secure email for attorneys is essential, with a legal requirement enforcing secure attorney-client confidential communication.
According to the ABA's "2022 Legal Technology Survey Report," 27% of law firms experienced a data breach. As a result, maintaining client confidentiality and meeting the rigorous data regulations controlling the legal industry is vital. Here is a look at the security challenges attorneys and law firms face and how to mitigate email security breaches.
The PwC "2022 Annual Law Firms' Survey" found that 78% of law firms said they are extremely or somewhat concerned about cyber threats. This is no surprise, as the information under the care of an attorney is often rich in the type of data that cybercriminals and fraudsters are desperate to steal. Data such as a client's personal identifying information (PII), financial information, company details, and health data; many firms hold dossiers on highly wealthy individuals or politically exposed persons. This rich seam of valuable data makes attorneys and law firms especially attractive targets for fraudsters.
The latest Solicitors Regulation Authority (SRA) report found that 83% of email-based fraud attacks included phishing in the UK. This is higher than that found in research from the 2022 Verizon Data Breach Investigations Report (DBIR), where 60% of all social engineering attacks were phishing-based across industry.
These threats to attorneys result in many types of damaging cyber-attacks, including:
Business Email Compromise (BEC): in 2022, the Crimson Snake hacking group impersonated attorneys and law firms, tricking clients' employees into paying fictitious overdue invoices. Crimson Snake created well-crafted phishing emails that looked exactly like a legitimate law firm had sent them. Social engineering gave them the intelligence to develop believable phishing emails.
Ransomware: law firms are often the target of ransomware gangs. In 2021, a massive ransomware attack hit the prestigious law firm Campbell Conroy & O'Neil, P.C. The ransomware attack was caused by unauthorized access to a server. Ransomware is highly destructive for law firms, with ransom payments increasing by 71% and data often stolen and at risk from exposure. Phishing, unauthorized access, and ransomware go hand-in-hand, with email phishing the main delivery method for ransomware.
Data exposure: data leaks can happen both accidentally and maliciously. Accidental exposure via misdirected emails can and does occur. According to one report, work pressure and remote working are more likely to cause mis-sent emails.
Malicious data exposure can also happen due to ransomware and other unauthorized access. For example, one UK law firm targeted by ransomware had 972,191 files encrypted, with 24,712 court bundles and 60 released by the attackers on the dark web. As a result, the firm was fined £98,000 ($121,000) by the UK's Information Commissioner's Office (ICO) under Article 5(1)(f) of the GDPR.
Insecure emails have diverse negative impacts on an attorney and law firm. Also, the problem of insecure emails is only increasing in sophistication, with the SRA telling Legal Futures that cybercriminals will likely:
“find uses” for artificial intelligence (AI) and the “clearest use in the medium term will be making phishing contacts and other false communications more credible.”
The risk of email threats to attorneys leads to many impactful events. As well as fines for non-compliance with data protection and privacy laws, when data is exposed via insecure emails, firms suffer from:
Reputation damage: a loss of trust in communications that could impact attracting and retaining clients.
Compromised credentials: lost or stolen passwords and other credentials catalyze a ransomware attack or data breach.
Financial losses: ransom payments and exposed confidential data on the dark web led to financial losses and reputation damage. Public leaks, with data placed onto social media sites (by accident or maliciously), can lead to malpractice allegations and lawsuits.
Secure email for attorneys is a vital component in handling email security within a law firm and for individual attorneys. An attorney can turn to best practice tools and processes to achieve robust email security. These must include the following:
Email encryption: encrypting the content and transmission of emails is a fundamental security practice for attorneys. Email can be burdensome for attorneys as they deal with massive emails. An email encryption solution must be able to encrypt email to help reduce human error and enforce persistent encryption policies automatically. Advanced email encryption solutions, such as EncryptTitan, ensure emails are automatically encrypted based on keyword policies.
Data loss prevention (DLP): accidental data exposure can be challenging, especially with the large volume of emails that attorneys must deal with. Email protection for attorneys must prevent data leaks. DLP solutions are configured to stop any emails leaving the safety of the network if they contain certain keywords or phrases; this prevents accidental data exposure. DLP email protection must be applied to both inbound and outbound emails to be effective.
Secure email archive: attorneys are often mandated to retain emails and other information on clients for a set time. However, if these emails are kept in an insecure manner and not encrypted, they are at risk of being breached. Therefore, a secure email archive component is an essential part of the secure email strategy of any law firm.
Security awareness training for all staff: security training is a fundamental requirement of the American Bar Association (ABA) ABA Standing Committee on Ethics and Professional Responsibility issued Formal Opinion 477R:
“In the context of electronic communications, lawyers must establish policies and procedures, and periodically train employees, subordinates and others assisting in the delivery of legal services, in the use of reasonably secure methods of electronic communications with clients.
Ensuring the security of email is essential for law firms. Here are some reasons and what your firm can do to ensure secure emails for attorneys.
Sign up for a FREE Demo of EncryptTitan to learn how the solution works to secure emails for attorneys with data loss prevention.
Book Free DemoIt is the professional duty of an attorney to keep client information confidential. This is reflected in the American Bar ‘Rule 1.6: Confidentiality of Information’ that states, “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
The ABA has also released a publication explaining the obligations of an attorney if a data breach does occur. The authors urge attorneys and law firms to perform several best practices that include:
Having a professional body set a confidentiality rule and how to deal with data breaches is one thing. Still, there is now a cybersecurity and ethical imperative to protect data, including emails.
Sign up for a FREE Demo of EncryptTitan to learn how the solution works to secure emails for attorneys with data loss prevention.
Book Free DemoLaw firms are targets for cybercriminals because they hold sensitive data and personally-identifying information (PII). One of the most significant data breaches, the "Panama Papers" breach of 2016, involved the law firm Mossack Fonseca. The breach has since been blamed on a vulnerability in a WordPress site that allowed hackers to access the law firm's email server. Around 11.5 million files were stolen in the breach. The files included emails, documents, and images: the damage is now the stuff of legend.
At the time, Wordfence explained that the attackers could access confidential emails after they exploited a plugin vulnerability that allowed the attackers to access the email server login information. Wordfence explains:
“Once the attacker also had access to this data, after gaining access to the WordPress database via Revolution Slider, they would have been able to sign-into the email server and would be able to read emails via POP or IMAP”
The Panama Papers hack was a major incident in the world of cybersecurity. However, law firms of all sizes are at risk of a cyber-attack. And the emails that they reside over are ideal targets for cybercriminals. A 2021 Annual Law Firms’ Survey from PwC found that 90% of law firms “view cyber risk as the biggest threat to future growth ambitions.”
The statistics stack up, showing the high-risk levels of data-rich law firms.
A recent report from the Solicitors Regulation Authority (SRA) found that four out of five cybercrime reports to SRA involve email. The Chief Executive of SRA highlighted the problem, “Law firms are targeted by cybercriminals as they often hold large amounts of client money and/or sensitive information. It is in everyone's interest that firms take all reasonable steps to protect themselves and their clients, all the more so as innovation and increased use of IT make information security a priority.”
Insecure email practices increase cyber-risk in several areas, including:
Reputation damage: law firms that lose client data are subject to reputation damage. An SLA report found that targeted firms involved in cyber-attacks resulted in the theft of around $5 million of client money. In addition, the report found that almost half of these firms had allowed unrestricted access to external data storage.
Non-compliance and fines: unprotected emails can result in data theft or accidental data exposure. This leads to non-compliance with various regulations, depending on the client and nature of the work. These regulations include ‘The General Data Protection Regulation’ (GDPR) in the EU, ‘California Consumer Privacy Act’ (CCPA), and ‘New York’s SHIELD Act’.
Data leaks: emails contain valuable and sensitive data. Data breaches that involve email compromise can expose your firm and clients to the risk of further violations and other forms of cyber-attacks, including ransomware.
Sign up for a FREE Demo of EncryptTitan to learn how the solution works to secure emails for attorneys with data loss prevention.
Book Free DemoWhen choosing a secure email solution designed for law firms and attorneys, look for the following features:
Cloud-based: a cloud email protection solution is easy to deploy across remote offices and is perfect for homeworkers and attorneys who need to travel for work. No hardware is required, and maintenance can be performed using a central console by an IT professional employed at the firm. Alternatively, cloud-based email protection solutions are ideal for a Managed Service Provider (MSP) delivery.
Agnostic to email environments: attorneys and clients are unlikely to use the same email client; therefore, a secure email solution must be agnostic to the email system.
Robust email encryption: messages and attachments must both be encrypted to ensure 360-degree protection. Encrypted email messages should only be decrypted by the intended recipient on their device.
Data loss prevention (DLP): advanced email protection for attorneys must include a DLP component. DLP solutions are configured to look for keywords or phrases to prevent emails from accidentally being sent. DLP email protection must be applied to both inbound and outbound emails to be effective.
Email archiving: an optional component of an email protection system is secure email archiving. This forms part of a wider disaster recovery and business continuity strategy.
EncryptTitan is a secure email platform that provides the secure email features needed by attorneys. EncryptTitan can be directly deployed by a law firm or an MSP (managed service provider).
EncryptTitan is 100% cloud-based and easily deployed and maintained. It requires no hardware and can be used by remote employees, no matter what email client is used. However, EncryptTitan also offers an Outlook plugin for ease of use. As a result, EncryptTitan is seamless in use and provides attorneys and law firms with the tools to comply with data protection and privacy regulations and ensure confidential client services.
Automated encryption: auto-encryption policies encrypt emails based on content in the message body or attachment. This also provides a high-level of assurance of email protection.
Data loss prevention (DLP): EncryptTitan supports DLP to prevent sensitive or inappropriate information from being exposed via email.
Easy to use: automated encryption and an Outlook plugin provides an easy-to-use, secure email system.
Ideal for deployment by an MSP: law firms often have limited IT staff. EncryptTitan is designed to be easily deployed and maintained by a Managed Service Provider (MSP).
Cost-effective: SafeTitan is a cost-effective way to encrypt emails and prevent data loss. In addition, an MSP deployment model offers pricing structures that work for any sized law firm.
DLP capability: EncryptTitan supports DLP to prevent sensitive or inappropriate information from being exposed via email.
Ease of use: auto-encryption policies encrypt emails based on content in the message body or attachment. This also provides a high-level of assurance of email protection.
Ideal for deployment by an MSP: law firms often have limited IT staff. EncryptTitan is designed to be easily deployed and maintained by a Managed Service Provider (MSP). This deployment model also offers a cost-effective way to secure email for attorneys.
To secure your client emails and see how easy, secure emails for attorneys can be, sign up for a demo of EncryptTitan today: https://www.titanhq.com/email-encryption/
Sign up for a FREE Demo of EncryptTitan to learn how the solution works to secure emails for attorneys.
Book Free Demo