Moving data: Introducing a secure filesharing system
Julie Berry shares how RPC persuaded its lawyers to stop using email as their primary means of sharing large files
Key takeaway points:
-
Email is not a practical system for transferring large amounts of information
-
Free consumer-grade filesharing systems are not secure enterprise solutions
-
Alert both your clients and lawyers to the security risks of each filesharing system
We live and work in a world in which we all have huge quantities of digital information and, somehow, we all have to work out the best way of passing this information around between each other. For a couple of years, we'd been very aware of a need from all areas of our business to have a secure and practical means of sharing large files.
For example, the marketing team shares large files with a number of different types of external agencies. Also, we have a huge population of litigators, which means there is always a large quantity of electronic data being moved around. On the corporate/transactional side of the business, when we're carrying out due diligence, we need
to look at and share large volumes
of documents.
Sometimes our lawyers receive an initial phone call from clients to ask them to review a large amount of electronic information. During this initial exchange, the aim is simply to get large volumes of documents transferred efficiently and securely from the client to our lawyers.
Our lawyers have traditionally used email as a digital courier to transfer large volumes of documents. But, email is simply not practical for moving around large files. It's particularly impractical for a team of lawyers to work in this way. We could tell
by looking at email traffic activity that people were often sending many emails with many documents attached. In short, they were using the email system as a document management system.
For some time, law firms have been trying to manage a tendency among both clients and lawyers to use free consumer-grade filesharing systems. However, these are not secure enterprise solutions and they shouldn't be used for sensitive or confidential business information. The information security concerns of the average domestic user of a free filesharing system are a world apart from those of the compliance officers of most organisations.
Like us, most businesses face huge challenges in trying to explain to their people that the world of consumer IT is very different to that used by the organisation in which they work. There are, of course, a growing raft of laws around data protection and data privacy, and law firms need to be especially cautious. The requirements aren't going to go away; if anything, they are only going to become more complex.
Law firms need to have control over the information that is shared within their business and, more importantly, beyond their firewall. If your firm doesn't know what information is being shared via which platform, it could be looking at some very serious privacy, security and compliance
issues further down the line.
New processes and systems may be needed to avoid your people accidentally leaking sensitive client information. While
it is possible to blacklist or even block
the use of an employee's preferred free filesharing service, this will never be
a sufficient solution to the problem.
Employees can easily bypass the
firm's firewall by accessing client data on mobile devices and networks. An alternative to these consumer-grade platforms should be provided which combines an easy-to-use interface
with enterprise-grade security features.
We realised that we needed a hosted solution that could be managed centrally. Our requirement was entirely shaped by
a combination of the need for security and practicality around the sheer volume of data involved. We weren't, however, looking for a virtual deal room environment and we had no wish to keep our data in the cloud. Our need was not to put information up in the cloud and to allow people to access it; it was to transfer digital documents. We decided to roll out Intralinks VIA, which provides an integrated platform and customer experience based upon the principle of controlled collaboration as opposed to uncontrolled 'shareability'.
Whilst the importance of using the platform has been stressed to all of our lawyers, we do know that clients may wish to use a consumer-grade filesharing service. We feel obliged to have a conversation with them first, to make them aware of the potential security issues. We tell them that, if they're putting a document online in a free filesharing platform, they're risking putting
it in the public domain.
On occasion, some clients, once aware of the full security implications of exchanging information via consumer-grade filesharing services, have asked us to use our secure solution instead. That said, if they still choose to proceed with the free service following our conversation, we ensure the filesharing solution remains open to them as a viable mechanism.
Changing habits
Implementing the new platform was simple. We began by spending time thinking about where lawyers would go or who they'd call when they wished to share a large quantity of documents. The classic case would be that they would call the IT service desk, which is fine, as we're happy to deal with it. Alternatively, they would call the reprographics team and ask them to
burn the documents onto a DVD.
All of our lawyers have now been made aware of the new technology and what it offers. In addition, we've communicated it through our lawyer IT forum and our resourcing managers. With the solution in place, our lawyers can now say to their clients that, if needed, we can set up a space where they can place documents
and from which we can receive them.
Lessons learned
A lawyer's senses can be finely tuned to issues of client confidentiality as long as they refer to hard copies of documents, but problems can arise the deeper they get into the digital world. It's easier than ever before to create large documents consisting of hundreds of pages. Whereas five years ago a five-megabyte file was considered large, it's now the norm.
The vast amount of sensitive information, materials and data contained within digital documents could cause critical damage if
it were to find its way into the public domain or the hands of an unauthorised individual. And, aside from the harm this could do to a law firm's reputation, there are also data protection obligations imposed by regulatory bodies such as the Solicitors Regulation Authority and by legislation including the Data Protection Act.
It goes without saying that lawyers
are extremely busy people and are used to solving issues for their clients themselves. When faced with their own issues, they may not have time to make a phone call to ask for assistance and may attempt to remedy things themselves. If they need
to share large amounts of information,
for example, this could involve them asking a client to send 20 emails, each with
10 documents attached.
This challenge is never going away; it isn't a problem found exclusively in the legal sector either. But, the filesharing market is a saturated one and there are many providers which claim to have the ability to provide a productive and secure solution. For me, there is a fine line between productivity and efficiency, and security. There are certain solutions in the market right now that can maximise productivity with people outside the organisation, but threaten data security.
I needed to make a decision which would satisfy both.
We needed a secure and robust solution that could be used by lawyers and clients alike, and at the same time was as intuitive and simple to use as email and other consumer tools. Luckily, electronic file sharing technology exists which offers the capabilities needed for assured security, greater control and improved efficiency. Our new filesharing system makes this a reality.
By making their clients aware of the security risks posed by consumer filesharing services - and even email - our lawyers are able to sell the confidence and assurance offered by secure technologies instead.
Perceptions and expectations
At present, we use the platform as a means of transferring large quantities of documents. Further down the line, the situation may well change. For example, once a lawyer has given his/her initial assessment and feedback to a client,
it may then become an arrangement
which involves a large number of documents requiring collaboration
from all concerned parties.
From our point of view, the system has addressed our need for security and the practicalities of handling large amounts of data. In simple terms, more than anything, it has solved an ongoing annoyance around email management.
We live in a digital world which requires an effective means of transporting electronic files. In terms of dealing with evolving business needs, it is as much a no-brainer for our firm as our previous needs for a franking machine or DX subscription. Using this technology is really no more than the modern equivalent of sending documents via a courier van, the reality being that people just don't use paper nearly as much anymore.
Julie Berry is director of infrastructure
and IT at RPC (www.rpc.co.uk)