Aug 20 2014

ILTA 2014: Evaluating the Value of Data Encryption for Law Firms

In an era of hackers and data breaches, encryption can provide protection for client data should it fall into the wrong hands.

With data breaches like Target, Ebay and AOL receiving news nationwide, and several reports that law firms are the “soft underbelly” of cybersecurity, many companies are asking the law firms that represent them to implement data encryption.

Beyond clients demanding it, there are several reasons why a firm might deploy encryption technology notes Tim Page, manager of desktop engineering for Edwards Wildman Palmer, a law firm based out of Chicago. “Reasons for using encryption include risk management, security improvements and HIPAA or other regulatory requirements,” he says.

But Page also advises that there are things to consider when moving to an encryption model at your firm. For example, should you encrypt all ports on the devices or just some, does the encryption solution have the ability to encrypt external devices, and the cost involved with implementing this solution.

Matt Beland, chief security officier of Davis Wright Tremaine law firm in Seattle says, “When making the case for encryption, it should be considered as a business need as opposed to a security need because clients are asking your firm to implement it. Senior management and lawyers will buy-in more quickly when positioning it that way.”

No technology is without issues though. Edwards Wildman Palmer’s Page points out that the following challenges can arise when using encryption technologies:

  • Passphrase issues
  • BIOS issues
  • Real hardware issues
  • False hardware issues

He adds that some of these issues may be more or less of a problem based on the encryption technology you decide to go with.

When asked if he would have implemented encryption if his clients had not required it, Beland emphasized that encryption was in the firm’s plans no matter what.

“We 100% would have done encryption if our clients didn’t ask for it. Seven to 10 devices are lost every year in our firm. If the device is not recovered, a long conversation between the attorney and senior management has to take place to find out what was on the device in terms of client information, which results in lost productivity. If we have encryption, all we need is a police report to file the lost device to our insurance,” he said.

To get more news on what's happening at ILTA, follow all of BizTech's coverage from the show by visiting our ILTA 2014 content hub.