When you communicate with a client by email, SMS text message, through internet based messenger apps, by cell phone, through a VoIP phone system, or by video conferencing, your communication passes through the Internet – a public network made up of many different devices controlled by many different companies and organizations. Using a public network increases the risk that a third party can access your communications since you don’t have the ability to ensure how your data is secured on each computer it passes through.

Because attorney communications with clients are confidential, it is important that your firm take measures to reduce a third party’s ability to access them. Here are some basic steps your law firm can take to secure your electronic communications^[1]:

1. Make sure all computer and cell phone anti-virus and malware software is up-to-date
2. Make sure your WiFi router is free from malware
3. Use reputable electronic communication services
4. Keep all software and apps up-to-date
5. Identify and avoid phishing attacks
6. Use a reputable VPN if you are going to use public WiFi
7. Store your passwords in a reputable password manager rather than in your web browser
8. Configure all email, phone, text messaging, and video conferencing accounts with two-factor authentication whenever possible
9. Encrypt emails containing confidential information, PHI, or PII
10. Use other means to share files when they are too big to be attached to an email, or if you don’t have the ability to encrypt your emails
11. Set up account alerts on all electronic communication accounts to let you know when someone accesses your account, when a password or username is changed, etc.
12. Require all attorneys and staff to follow these steps
13. Recommend that clients follow these steps as well

References

1. What is Email Security? Data Protection 101