Agilewords Blog

How To Securely Exchange Legal Documents

How To Securely Exchange Legal Documents

What would happen if you emailed your client’s business documents to the wrong person? Or how would your clients react if their legal documents were published on the Internet by accident?

Think they’d shrug it off? Probably not.

Most of us don’t see the risks in emailing business documents and assume everything is fine… until the first time your document goes missing, gets stolen, or corrupted by a virus.

For legal firms, the ability to review and approve documents securely is a key concern. After all, your clients have placed their trust in you and expect that you will take adequate measures to protect their information, ensuring that contracts are not changed without their authorization.

Risks When Exchanging Legal Documents By Email

This raises the question: What’s the best way to send legal documents, especially those that require reviews, group assessment, and approvals.

Most legal documents are sent by email, which is far from secure. Some of the security issues include:

  • Eavesdropping – others ‘listening’ and watching your documents without your knowledge.
  • Identity Theft – taking ownership of your account and sending documents on your behalf.
  • Invasion of Privacy – reading confidential materials such as business contracts.
  • Changing Data – modifying text, images and others parts of the document without your knowledge.
  • Viruses – injecting viruses into your documents and corrupting data, hardware and software.
  • Liability Exposure – Others can store your confidential document on a USB key or their iPhone. Your files can then be accessed from these devices by family members, work colleagues or even friends at a party.

We all know that security is relative. However, email is inherently insecure, for example:

  1. Email Backups: Your emails are usually stored on SMTP servers in plain, unencrypted text. System Administrators can read the data on these servers and, if they wished to, share it with others.
  2. POP: Using POP to send and receive emails requires you to send your username and password to login. As these credentials are not encrypted, your emails can be read by eavesdroppers.
  3. SMTP: This also does not encrypt messages, which means that messages between SMTP servers may be sent in plain text. Additionally, messages sent via SMTP include information about your computer and email program, which further compromises your security.
  4. Webmail: If your Webmail server is “insecure, for example, it uses http:// and NOT https://, then all information including your username and password is not encrypted as it passes between the Webmail server and your computer.

Other issues include staff sending emails to wrong accounts, lost attachments, high priority emails getting sent to the spam folder by accident, and PCs left unattended allowing others to abuse your email account.

Risks When Sharing Legal Documents Online

Firms who use sites, such as Google Docs to share documents online, are probably unaware of the security risks associated with these sites.

For example:

  • Search Engines – If your document is accidentally shared online, it may be indexed by Search Engines and appear in the search results which could be very embarrassing.
  • Embedded Images – When you embed an image into a Google Document, it is stored on a Google server, which can be accessed via a URL. While the Google Document may be protected, the embedded images may not be protected by the same sharing controls. Anyone with access to the URL can see the image. And, even after you’ve deleted the document, the image may still be stored in the Archives.
  • Version Control – Another issue is that anyone who shared the document can view previous versions of diagrams embedded in the document. Even though you have deleted the image, it may be possible to locate pervious versions. How? If the diagram is stored in a rasterized file format, such as .PNG, a new image is created whenever you modify it. Previous versions can be accessed via a URL, in the format: docs.xyz.com/yourfolder/image?id=123&…&rev=456. To view the previous version, change the “rev=” number and you can see it.

While sharing documents online is convenient, there are many opportunity for others to exploit security loopholes and gain access to confidential data.

How to Reduce Risks When Exchanging Legal Documents

However, you can reduce these risks by adopting best practices and educating your staff.

  • Passwords – Ensure that all confidential documents are password protected. By requiring passwords to access your files, you can protect documents from unauthorized access, changes, and distribution. Make sure your staff know how to create strong passwords by providing guidelines and examples.
  • Access Rights - Specify what types of revisions users can make to your files by assigning access rights. For example, in Agilewords, we assign different access rights to Document Owners, Reviewers, and Approvers.
  • Secure Accounts – Instead of sending legal documents by email, we create unique accounts for our clients which are secured with SSL. This means that there is a dedicated online account where all authorized team members can login in and review the documents online, which is more practical and secure than sending multiple emails around over unsecured networks. SSL secures communications as it encrypts username and passwords to mitigate against identity theft and protects messages from eavesdroppers.
  • System Alerts – When one of your team updates a file in Agilewords, it automatically sends a notification email to the Document Owner highlighting what has been changed and by whom. This gives you an audit trail of all changes made to the document, with details of the date, reviewer and text changes.

Conclusion

Security is only as safe as the weakest link. Make your data difficult to find and access by protecting it with encryption, access rights, and notification alerts.

These are some ways to protect the integrity of your legal documents. What else would you suggest?

  • Agilewords 101: Review a document and post feedback

    Agilewords 101: Review a document and post feedback Watch this video

  • Agilewords 101: Make online edits and track document changes

    Agilewords 101: Make online edits and track document changes Watch this video

  • Agilewords 101: Invite collaborators to review a document

    Agilewords 101: Invite collaborators to review a document Watch this video

  •  
  • John Felton

    1-14-2011

    Good points on the danger of sending documents via email. It’s a well known secret but people tend to forget it.

    Online apps provide that advantage of being able to control and track document access.

    Reply

  • Tabitha

    1-14-2011

    Security is indeed a big concern especially when it comes working with a virtual team and the type of documents need some confidentiality. I’m sure the wikileaks will haunt many. But the good side to it is that it helped every body become more cautious. Security-as-a-Service plus a powerful collaboration tool, well what else can I say? That’s more than ideal!

    Reply

  • prepare legal documents

    4-15-2011

    For risks, I would like to say for 'Identity Theft' it can be hacking of account by someone else. Also 'Viruses' can be Trojan horse, malicious code etc.

    Reply

    • Ivan Walsh

      4-15-2011

      That's a great point as identity theft is becoming more commonplace.

      As using SSL and encryption does help reduce this. What else would you add?

      Reply

Pingbacks & Trackbacks

  1. [...] This post was mentioned on Twitter by securelegaldocs, Tabitha Naylor, Agilewords and others. Agilewords said: Are your documents safe enough? http://lnkd.in/Jv2KYD [...]ve

Leave a Reply