January 19, 2022

    How to Find Secure File Sharing for Law Firms

    All organizations store and share files and data that are sensitive on some level. Health care is the No. 1 industry for storing and sharing sensitive files, followed closely by the legal industry — which makes secure file sharing for law firms a priority that too often goes overlooked. The volume of sensitive information handled by law firms, this includes both corporate information and sensitive data related to tax returns, makes the legal industry a major target for hackers. This calls for strict policies around how that information can be stored and shared digitally.

    Bloomberg reports that more than 80% of the top 1,000 law firms in the world had sustained a recent data breach. That’s bad news for firms – and their clients. Breaches can be costly, not just because of ransomware payouts but also due to the damage to a company's reputation that emerges from a breach. The good news is that tools exist to make secure file sharing for law firms a reality.

    Why OneDrive and Dropbox for Law Firms are Insufficient

    We’ve warned in the past about using the public cloud for storing and sharing files that include sensitive information. Some firms start by exploring simple (and sometimes free) file sharing platforms like Dropbox and OneDrive. Dropbox and OneDrive are designed for ease and efficiency. But is Dropbox secure for law firms? Is OneDrive? Absolutely not. These platforms leave law firms vulnerable to brute force attacks that can expose caches of sensitive files, data and information.

    Rather than using OneDrive for law firms or Dropbox for law firms, organizations operating in the legal industry need to look for something completely different. That’s why secure file transfer protocol (or SFTP) is the best option among OneDrive and Dropbox alternatives for a law firm. When you choose the right SFTP provider, you maintain ease and efficiency when sharing files with third parties that need access, but you also secure your files against brute force attacks and other cybersecurity threats.

    Some firms may explore physical storage like thumb drives. While physical storage can help remove the risk of brute force attacks, it creates new risks. What if a thumb drive gets lost? Worse yet, what if a thumb drive falls into the wrong hands?

    What Law Firms Should Look for in File-Sharing Solutions

    When searching for a data hosting service for your law firm, there are 3 essential things you should be looking for:

    1. User-Level Permissions: Law firms must share files with other firms, with courts, with clients, and law enforcement agencies, etc. But that doesn’t mean every team member at another law firm should get access to files. The best SFTP providers allow for user-level permissions, which means that only certain individuals can access specific files.
    2. Secure Transmission: SFTP providers can encrypt your files in two different states. They can encrypt your files at-rest, which means your files are encrypted when they are just sitting on a server. But SFTP providers can also encrypt your files in transit, which means they will be unreadable by unauthorized parties if intercepted during transmission. This heightened level of security and encryption goes far beyond anything offered by services like Dropbox and OneDrive.
    3. Backup and Disaster Recovery: We mentioned earlier the risks of physical storage like thumb drives. The best SFTP providers backup primary servers with recovery servers in a completely different location. If there is a natural disaster, or if the primary server is rendered unusable, the recovery server always holds the same files. This ensures that your sensitive files will never be lost and unrecoverable.

    High-quality SFTP providers offer a range of additional features and benefits that you can explore and evaluate. But the 3 things listed above are essential, non-negotiable characteristics that all law firms should seek out in an SFTP provider.

    Best Practices When Searching for an Attorney File Sharing Platform

    The process for transitioning to a secure lawyer file sharing solution doesn’t need to be lengthy or onerous. In 3 simple steps, you can step away from risky file sharing to a system that greatly minimizes cybersecurity threats. Here are the 3 steps you should take:

    1. Get Serious About Cybersecurity: File-share best practices are more relevant to law firms than organizations in almost any other industry. If you operate a serious law practice, it’s time to get serious about cybersecurity. That means eliminating unsafe file-share platforms like Dropbox and OneDrive and choosing an SFTP provider that meets your unique needs. Many organizations do what’s most convenient, then apologize and change course after some damage has been done. It’s important to have a serious cybersecurity posture from the beginning.
    2. Rent Rather Than Buy Servers: You can invest a lot of time and money into building your own secure file-sharing system. But you’ll spend a lot less money and get better results when you choose to rent rather than buy an FTP server. Modern FTP providers make it fast and easy to get up and running with secure file-sharing, while removing the maintenance burden in law firms with a small or non-existent IT staff.
    3. Configure and Enforce Access Controls: Above, we described the types of access controls law firms should have in place when storing and sharing sensitive files. Once you’ve selected the best FTP provider for your business, configure the necessary access controls — and then communicate expectations to your team members. It’s important that all employees fully understand the importance of secure file sharing, and that they follow processes and best practices for secure file sharing such as having access rights in only folders that are relevant to them. Even good employees can be negligent, so providing them with limited access is a useful tool in your belt.

    Secure, Efficient File Sharing Software for Law Firms

    At Sharetru, we provide secure file-sharing services that directly respond to the needs of law firms and the threats that they face on a regular basis. Our plans feature automatic backups, access controls, collaboration capabilities for working with courts and other firms, plus compliance with regulations that are often relevant to law firms — ITAR, HIPAA, PCI, SOX, GLBA, and NIST800-53 which aligns with many of the controls needed for CJIS compliance.

    Are you ready to graduate from insufficiently secure tools like Dropbox and OneDrive? Get in touch with the Sharetru team to ask questions, to learn more about our solution, and to get a brief demo of how our platform empowers your firm to share files securely and efficiently.

     

    Martin Horan

    Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

    Other posts you might be interested in

    View All Posts