Guest Post: Business processes and security – getting the balance right
Mark Edge (pictured), UK country manager at SaaS secure collaboration provider Brainloop, shares his insights on some of the file sharing challenges and risks faced by law firms and their clients.
Legal professionals are drowning in a sea of documentation. From new patents and copyright to confidential client information and due diligence materials, the task of sharing, storing and keeping track of documents is getting out of hand. What’s more, legal firms are entrusted with highly sensitive information about their clients and so represent an attractive target for attackers.
Some quite revealing statistics back this up: last year the UK Information Commissioner’s Office admitted that it had investigated 173 law firms for potential data breaches in 2014. A total of 187 incidents were recorded, 29% of which related to security and 26% to incorrect disclosure of data.
Unfortunately, with a growing number of incidents in which sensitive data ends up in the wrong hands, it is probably only a matter of time before a high-profile law firm is fined for a data breach.
Our legal sector customers often highlight two key challenges. On the one hand, the sheer volume of documentation is impacting business processes and causing a productivity drain. On the other, the need to share documents regularly with external parties is putting them at risk of data leakage.
A productivity and security trade-off
When it comes down to it, law firms, like many other professional services firms are time-based businesses. Creating, versioning and managing the daily stream of documents is a demanding task that quickly becomes expensive and immensely time consuming. We often find that the biggest headache for law firms is document versioning. Although it can be well managed internally by a Document Management System (DMS), it becomes exponentially more challenging as soon as these documents require external collaboration.
Another sore point is deal bibles, hundreds of which are created every year, each taking on average three working days to be produced. They require the collation of large numbers of documents of disparate formats into one file type, which then needs to be shared with multiple parties. To do this, most firms choose between couriers, DVDs and removable drives, all of which are far from ideal. Legal professionals also often need to send large files on a more ad hoc basis, but these typically cannot be sent using business email gateways.
This is where the security issues tend to arise. When they can’t send a large file through business email, we have heard cases of employees using personal email, online storage accounts (Dropbox is the popular choice) and mobile devices, as well as removable storage such as USBs and DVDs. To make matters worse, some of these approaches are even requested by the client! Some of our customers have had the best available technology to ensure security internally, but once information leaves the confines of the corporate firewall, it is largely beyond control and therefore at risk.
Taking all into account, this should come as little surprise to most legal professionals. Law firms are caught in a dilemma, because clients demand a simple way to communicate and collaborate on a day-to-day basis and legal professionals oblige by using less-than-secure methods to enable this. This ‘rogue’ activity is notoriously difficult to patrol or control without restrictions that will negatively impact productivity.
Is secure collaboration the answer?
So, how do law firms protect data in a way that does not inhibit day-to-day working? The answer lies in secure cloud-based collaboration solutions that both increase productivity and safeguard access to sensitive data. They deliver full visibility and control over documents that are both inside and outside an organisation. A single platform can support multiple processes and solve a number of the key problems such as handling the versioning of live documents and quickly creating transaction bibles or board information packs. It’s also good news for the business, as the platform helps keep a handle on costs and ensures that admin time is cut to a minimum.
One of the big security benefits of today’s business collaboration platforms is that they provide control over permissions. This enables law firms to cordon off client matters so that only specific lawyers can access the most classified information. Clients can also be added as guest users to the system to enable direct sharing of certain information, but controls can be added to ensure that they cannot view other restricted information or internal communications. Employees can securely manage and collaborate on confidential documents and share information within the local infrastructure, over the Internet and on an array of devices.
Rights management technologies protect documents all the way down to the user’s desktop. They define the time allowed to access documents and the permissions to edit them. Tamper-proof audit trails fulfil legal firms’ compliance requirements and some more advanced versioning controls, such as the option to create watermarked PDF portfolios, stop accidental and unauthorised forwarding.
No one would argue against the need for data security within the legal sector. The challenge for law firms and departments is to find a way to maintain control over data while enabling the right people to have access to the documents they need to get their jobs done. By implementing the appropriate policies and investing in the right technologies, the legal industry can ensure lawyers and their support staff operate in a highly productive yet risk-free manner.