How can I securely share files with people outside my firm?
Sometimes the electronic files your attorneys and staff must share with clients, opposing counsel, the Court, health insurance companies, or payroll processing companies are too big to fit as an attachment to an email, or should not be shared via unencrypted email. When this happens, you will need to find another way to securely share files with clients and third parties.
One solution is to upload files to a cloud storage system, such as GoogleDrive, OneDrive, DropBox, or Box, that allows you to send a shareable link to people outside your firm. But many cloud storage systems allow the shared link to remain open indefinitely, to be forwarded by the original recipient, or to be accessed by anyone who is able to see to the original recipient’s email.
A better way to ensure that only the intended recipient can access documents stored on the cloud is to use a client portal. Many cloud-based legal practice management solutions include a client portal feature that allows attorneys to upload documents and securely share them with the client. When using a client portal, the client has its own username and password and can only access the documents stored in the practice management system by entering those credentials. This ensures that only the client has access to the files you have uploaded for their matter in your practice management document storage.
No matter how you choose to share files with people outside your firm, you should also follow cloud storage security best practices, which include the following:
- Delete all metadata from all electronic files shared with clients, the Courts, or other third-parties
- Make sure all computer and cell phone anti-virus and malware software is up-to-date
- Make sure your WiFi router is free from malware
- Use a reputable cloud storage company that has adequate security
- Keep all software up-to-date
- Identify and avoid phishing attacks
- Use a reputable VPN if you are going to use public WiFi
- Store your passwords in a reputable password manager rather than in your web browser
- Configure your cloud-based file storage accounts with two-factor authentication whenever possible
- Set up account alerts to let you know when someone accesses your account, when a password is changed, etc.
- Require all attorneys and staff to follow these steps
- Recommend that clients follow these steps as well