During the coronavirus pandemic, law firms have come to rely heavily on technology to keep operations running smoothly. But how do you know that the software you’re using is secure? In this post, we explore the legal tech that offers security as a principle.

 

 

From setting up online collaboration tools, to navigating video conferencing software, you’d be forgiven for being complacent about cyber security at this time. However, now, more than ever, security should be a top priority. With staff working from home, you need to ensure that the software everyone is using, is secure.

Video conferencing app, Zoom has had a surge in popularity recently, however, some companies are backing away from the video conferencing app over concerns for security.

An article published on news website The Intercept reveals that Zoom doesn’t guarantee end-to-end encryption for its meetings, despite misleading marketing stating that it does. As such, the app is vulnerable to hackers, who can gain access to users’ webcams.

In light of these vulnerabilities, let’s look at the issue of cyber security in more detail and explore the legal tech that is taking security seriously.

What is security encryption and how does it work?

Encryption is the process of turning information into code that hides the true meaning of the message. The practice of encrypting and decrypting information is called cryptography and it’s vital to assuring the security of software.

At the beginning of the encryption process, the sender needs to decide what cipher will be used to hide the information and what variable will be used to make it unique. The various types of cipher fall into two categories: symmetric and asymmetric, with the first using a single secret key and the latter using a pair of keys.

Essentially, encryption provides software with confidentiality by encoding the content of a message. It provides authentication by checking its origin and verifies its integrity by checking that the message hasn’t been tampered with.

As well as protecting the confidentiality of information, encryption is also required for software to meet with compliance standards.

The importance of cyber security in legal software

According to IBM’s Cost of a Data Breach 2019 study, the average total cost of a data breach is $3.92 million and the average time it takes to identify a breach is 196 days. As such, cyber security should be an essential consideration when it comes to choosing legal software.

Cyber attacks against law firms are increasing. As more companies embrace digitisation, the threat of cyber attacks become ever more significant. As an industry, the legal sector is particularly vulnerable to attacks due to the vast amounts of money, information and sensitive data that can be obtained.

One of the most common cyber attacks in the legal sector is phishing attacks. According to the Solicitors Regulation Authority (SRA), over half (52%) of law firms have experienced a cyber attack, with 82% reported to be phishing attacks. These attacks are typically conducted by email with the sender attempting to gain access to client money by pretending to be a trustworthy source.

Ransomware also poses a threat to law firms by encrypting their files until a ransom has been paid. This type of attack is usually spread through unsolicited emails. When a member of staff clicks on a link within the email, the files become encrypted.

Earlier this year, a number of law firms in the U.S. were hit by a ransomware attack by a group known as Maze. As well as encrypting each firms’ data, they also stole it.

In addition to loss of data and revenue, cyber attacks can also have a negative impact on a law firms’ reputation. Reputational damage can be long-lasting as clients trust their lawyers to keep their data safe and secure. A potential breach of this information can cripple a law firm’s reputation beyond repair.

Perhaps the most widely-publicised example of reputational damage through a data breach was Mossack Fonesca’s ‘Panama Papers’ incident. The law firm found itself under international scrutiny when more than 11.5 million documents were leaked to the public anonymously. As a result, the firm had to shut down because of economic and reputational damage.

Legal software that prioritises security

So, how do law firms know what software has good security? To help you choose the most secure legal tech for your firm, we’ve compiled a list of software that priorities security as a principal feature.

  • Legaler helps law firms schedule, host and archive online meetings securely in a browser, using end-to-end encryption. Audio and video are encrypted using AES-128 keys to avoid ‘man-in-the-middle’ attacks. It also stores all data in its encrypted state on military-grade, protected servers.
  • Clio is a cloud-based legal software company that enables law firms to manage cases and bill clients. The software works with some of the world’s leaders in internet security, including McAfee, TRUSTe and Digicert.
  • Privnote enables law firms to share confidential notes via a web link that self-destructs after it has been read. The software uses unique, one-time-use HTTPS URLs that immediately expire after being accessed by any web browser.
  • Telegram is a cloud-based instant messaging and voice over IP service with a strong focus on security. It enables law firms to send encrypted telegram messages that self-destruct.
  • Case.one provides legal departments with a trusted approach to organizing corporate and legal data. It uses military-grade security and centralised storage to help protect sensitive documents.
  • Kryptophone is an encrypted smartphone that enables users to make secure communications. It uses encrypted voice and video calls, instant messaging, emails and encrypted internet traffic.
  • WiseTime is our own software that lets lawyers automatically track their time. It was designed and developed on the principles of individual privacy and security. WiseTime uses an industry-leading Equinix data center to house its private servers as well as Google Firebase for identity management. It also uses enforced Transport Layer Security (TLS), to ensure that all communications are sent via a private and secure communications channel.

When it comes to choosing legal tech, law firms should consider how the software approaches encryption. You should also look at how it handles individual privacy and how it stores sensitive data. Cyber attacks are on the rise in the legal sector, so law firms need to look at their internal security as well, making sure that staff are aware of what phishing emails look like. By choosing legal tech with a focus on security, you’ll have peace of mind that all the data you process is secure.

To learn more about how WiseTime designs for security, read their white-paper, ‘Security by Design’.