Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back

To Encrypt or Not To Encrypt, Is There Any Question?

Written by: Cameron G. Shilling

Published in NH Bar News (1/15/2020)

Attorneys and law firms are targets for cyber-attack. We collect large volumes of valuable personal information, and many of us have devoted insufficient time and resources to the security of that information.  The purpose of this recurring column in the Bar News is to inform attorneys and firms about the safeguards we should implement to protect information, as well as the threats we face from cyber-attack/crime and the measures we should take to mitigate those threats.  Thus, we start with a key concept of information security – encryption.

If sensitive information is transported or transmitted electronically, it must be protected properly.  This is not optional. It is a tenet of information security law, as well as an ethical obligation we have as attorneys to deploy appropriate safeguards to protect our clients’ information.

Common examples of electronic transportation of information are on computers, mobile devices (like cell phones, tablets, and watches), and external drives that connect to a universal serial bus (USB) or micro-USB drive.  The most common examples of electronic transmission are sending via email, uploading or inputting information on a website, using a file transfer protocol (FTP) site, transferring information via a cloud storage service (like Drop Box), linking using record management applications that integrate with email (like Microsoft SharePoint, Google Drive, and iManage), and transacting information on a portal controlled by the sender or receiver (like court e-filing systems and online systems deployed by many hospitals and banks).

Encryption is the standard to protect electronically transported or transmitted information, and is universally available for doing so.  For example, computers either have encryption technology integrated into their operating systems that must be activated (like BitLocker for the Microsoft Windows 10 and newer operating systems, and File Vault for the Apple operating system), or encryption applications can be purchased and implemented on computers.  Apple and Android mobile devices with updated operating systems are encrypted as long as users employ passwords or biometrics to access them.  Attorneys and law firms should configure their email systems to technologically force users who connect devices to the email systems to use passwords or biometrics for the devices. Encrypted external drives are readily available, and applications can be deployed that either reject certain external drives inserted into computers or encrypt unencrypted drives.

Similarly, all email systems either have encryption technology already integrated into them that must be activated, or encryption “plug-in” applications can be implemented.  Users must be trained about how to use email encryption and what email to encrypt, and applications can be deployed to monitor email sent unencrypted that may contain certain personal information.  Because accessing encrypted email can be challenging for some technologically unsophisticated recipients, attorneys and law firms should look to transition to readily available record management applications that integrate into their email systems.  Such applications offer a wide range of security and usability features, including encrypted transmission of information bi-directionally using links, collaboration with clients and other third parties within records, and maintaining information inside the attorneys’ and law firms’ information systems (instead of clients’ systems) either on premises or in the cloud.

Cyber-security is daunting for attorneys and law firms because it is so new to most of us.  But it does not have to be complex, difficult, or even necessarily costly, particularly if you seek guidance from an experienced information security lawyer or other professional.  What is most important is that we all begin to make ourselves and our firms more information secure – and encryption is a great place to start.

Cameron Shilling chairs McLane Middleton’s Information Privacy and Security Practice Group.  Founded in 2009, the firm’s team of three attorneys and a technology paralegal assist businesses and private clients to improve upon their information privacy and security compliance, and address any security breach or incident that may arise.

Integrity and trust

At McLane Middleton we establish and maintain long-standing relationships with our clients to help us better achieve their unique goals over time. This approach to building trust requires that our esteemed lawyers and professionals use their broad, in-depth knowledge and work together with integrity to ascertain sound resolutions to legal matters for their clients.

Strength in numbers

McLane Middleton is made up of more than 105 attorneys who represent a broad range of clients throughout the region, delivering customized solutions. As a firm we are recognized as having the highest legal ability rating. The firm is rated Preeminent by Martindale Hubbell and is recognized as one of the nation's leading law firms in Chambers USA. Our attorneys are distinguished leaders in their respective practice areas.

Meet Our People

Commitment and collaboration

McLane Middleton's versatile group of attorneys and paralegals become trusted authorities on each case through collaboration. We work with our clients to learn their individual needs first and foremost and, together, we develop comprehensive solutions to their specific legal matters. This approach helps us exceed our clients' expectations efficiently and effectively, client by client, case by case.

Practice Areas

A history of excellence

McLane Middleton was established in 1919 in New Hampshire, and has five offices across two states. However, deep historical roots don't allow you to become innate. Our firm is organized, technological, and knowledgeable. Our history means we are recognized. But our reputation is built on the highest quality of service and experience in very specific areas of law.

The Firm

Intelligence paired with action

Our team continuously seeks opportunities to enhance their professional development and put key learnings to action. The pursuit of further insight guides us to volunteer service opportunities, speaking engagements, and teaching roles. Our lawyers are sought after thought leaders across their industries, and recipients of leadership awards throughout the region.