Over 40% of mid-to-large U.S. law firms experienced a data breach in 2024. The main culprit? Lack of encryption. For lawyers, encryption is a must to protect sensitive client information, and uphold their ethical “duties of competence and confidentiality”, as outlined by the American Bar Association. So, as data breaches become more common, it’s important to pay attention to how you discuss client issues, and use email encryption best practices when needed. Being proactive about data protection will help you win client trust, and keep your firm on the right side of the law.
What exactly is encryption?
Encryption is a cybersecurity method that changes plaintext in an email or file into random code, and renders it unreadable to anyone who isn’t authorized. You, and the approved recipients, hold the key to transform the code back to its original, readable state. So, even if a bad actor gains access to the email, they can’t read it. Each day, there are over 10,000 hacking attempts, yet only 38% of law firms actually encrypt their emails. In the past, hackers have leaked sensitive information from firm’s on the dark web, which is an unregulated part of the internet. For instance, shockingly, 70% of UK law firms had their usernames and passwords exposed in a dark web leak. Tech-savvy attorneys may, therefore, want to monitor the dark web to remain confident their firm hasn’t been breached. This is a perfectly legal thing to do, and can provide you with peace of mind.
Do you have to encrypt every message?
According to the ABA, no. Firms aren’t required to encrypt all messages. Instead, the decision to encrypt your emails should be made based on each situation. If the information is highly-sensitive, or there’s a genuine risk of it getting leaked, it’s probably a good idea to encrypt it. But, the ABA notes the cost of encryption should also be considered. If it gets too expensive, or if the software is a hassle to use, it may be acceptable to keep emails unencrypted — especially if it gets in the way of your ability to represent clients.
Encryption made easy: how to get started
While encryption can seem complex, it doesn’t have to be. Suites like Microsoft Office 365, Google G Suite, and Apple iWork come with built-in encryption features. This allows you to create and store files securely. And, to up your firm’s email security, consider migrating your email accounts to the cloud. Most cloud-based email and software providers use AES (Advanced Encryption Standard) 256-bit encryption to protect their server networks. This encryption standard is used by the U.S. government, so it’s quite reliable. You can also configure these networks to meet data privacy and security regulations. For example, if you need to store client data in line with GDPR, CCPA, or HIPAA, you can do so without any issues.
Since encryption protects clients’ rights to confidentiality and data privacy, it plays an important role in legal ethics. So, take time to introduce encryption best practices into your law firm, and you’ll win client trust and confidence, as well as avoid costly data breaches.
