Law Firms Concerned About Cloud Security

More and more law firms are consigning their documents to cloud storage but there are still some law firms who are hesitant in adopting cloud-based services purely based on security and data access concerns. This is according to a recent report released by the American Bar Association (ABA). According to the ABA, 58 percent of the ABA 2019 TechReport survey, respondents indicated they used cloud computing, up from 55 percent in 2018. Of the respondents, 37 percent stated they used Google Docs, 27 percent used iCloud and 16 percent used Evernote.

The cloud computing industry has recognised the concerns of the security of data of their clients in that it now offers more control for law firms over their data encryption keys however, this may not be enough. Legal pundits believe more is needed to make a significant change in the protection of data before a firm should sign on to the cloud. How safe and reliable is it in comparison to internally managed software and IT systems? With the risk of cyber security threats increasing daily, does it reliever on the days protection front?

The ABA’s legal Technology Survey Report examined the technology usage and habits ignore solo lawyers and small firms comprised of two to nine lawyers. While there are undeniable benefits to using cloud-based computing, the technology raises valid concerns. The findings showed that 65 percent of all lawyers surveyed who used cloud-based services were worried about confidentiality and security, not a significant difference from 2018 which was 63 percent. Among the respondents who did not use the technology, 50 percent were concerned about confidentiality and security with 36 percent concerned on losing control of the data. Maintaining attorney-client privilege is paramount in the legal world. As a result, law firms are concerned about data protection during all phases, from creation to archiving.

Some of the Top Ten cloud-based services used. From left to right: Amazon Web Services (AWS), Google Cloud, Salesforce, Microsoft Azure, Alibaba Cloud, IBM Cloud and Oracle. image Credit: Google

Some of the Top Ten cloud-based services used. From left to right: Amazon Web Services (AWS), Google Cloud, Salesforce, Microsoft Azure, Alibaba Cloud, IBM Cloud and Oracle. image Credit: Google

It is also essential for legal documents to be backed up in multiple location and retained as per the record-keeping requirements of each state. Lawyers also need to be able to access their data whenever and wherever they want, whether it is at the courtroom or a client’s office. Due to such requirements, the technology solutions that lawyers select must provide data retention, backup and recovery capabilities. The ABA report noted that the next most widely employed precautions were making local data backups of 27 percent which was down from 36 percent in 2028.  

There are numerous file access and sharing no options available to lawyers, each with their own advantages and disadvantages. The benefits of cloud computing that were most cited amongst respondents of the ABA survey included the round-the-clock availability, economic benefits such as eliminating IT, software management requirements and quick start-up times. This was closely followed by low costs for such services provided and regular monthly expenses.  

A point to consider for those who are apprehensive about putting client information up on the cloud is the fact that ever since email was introduced, it became the cornerstone of just about everyone, even law firms, clients have been exposed to the cloud. Email is still one of the most popular methods in which a cyberattack can occur and is also a popular method for lawyers to communicate with clients and colleagues, threatening cybersecurity. Users are also at risk of email phishing attempts to wire out personal information. Spear phishing attacks use information gathered about the recipient to trick them into thinking the email is from someone they know. 

Un-encrypted emails at Mossack Fonseca resulted in a hack that leaked the Panama Papers. Image Credit: Google

Un-encrypted emails at Mossack Fonseca resulted in a hack that leaked the Panama Papers. Image Credit: Google

...to get full functionality out of systems, [cloud providers] have to have full access to your data stored on the cloud. [They have] the ability for a cloud vendor to have access to your data and take your data away without you knowing.
— Nottke, chief information officer for Kirkland & Ellis LLP

While most survey respondents mentioned they used precautionary measures for their data, only a few solo practitioners and small law firms utilised password management tools, helping generate secure random passwords decreasing the chance of a cyberattack. Report author Natalie Kelly, who is also the director of the State Bar of Georgia’s Law Practice Management Programme, said embracing password management and other security management tools may convince solo and small firms to invest in more technology.  

The adoption of cloud-based services for security involves many considerations for law firms. For example, how are updates for firewall, anti-virus and anti-intrusion management implemented? What security protocols are in place? 

Ultimately, to store data in any cloud service is an important business decision for any law firm. Law firms will have to carefully assess what risks they may encounter and the benefits of the technology when choosing whether to utilise cloud-based services or an alternative IT infrastructure. They key is for lawyers to be thoughtful about their primary objectives regarding the sharing and protection of data. 

SecurityAmna Zaman