Storing information through the cloud—or using cloud-based software—means saving information on servers owned by third parties. Given the immense value placed on lawyers keeping their clients’ information safe— and not sharing it with others—this relatively new technology has raised concerns.
Cloud-based tech has proven itself immensely helpful for law firms. It updates in real time and doesn’t need to be uploaded to individual work computers. Lawyers can work from anywhere. In short, cloud storage allows firms to work efficiently in today’s increasingly remote, professional world.
One of the biggest concerns with cloud-based tech is the risk of cybersecurity attacks. Unlike information stored in a filing cabinet, content stored on a third-party server is vulnerable to hacking.
Just as firms twenty years ago were expected to keep client information locked away—instead of leaving it out on a desk or park bench for anyone to see—lawyers today must consider and account for potential hacking risks.
The American Bar Association and state bar organizations recognize the risks of cybersecurity threats—and that cloud-based tech is becoming more and more essential to a modern working office.
While each jurisdiction has taken its own approach, there has been universal consensus around the idea that yes, lawyers and law firms can ethically use cloud technology for information storage. But, they must also “make reasonable efforts” to ensure the security of client information.
But what does that reasonable effort look like?
For many law firms, the first step in making a reasonable effort to protect client information is to learn about how the third-party server is accessed—and how many people know the password. You should also have a thorough understanding of how the cloud platform you’re using stores and retains information.
Is it encrypted?
Do you have access to your data if you stop using the service?
How many people have access to that data on the server side?
Just as you wouldn’t lock a filing cabinet with a twist-tie, you shouldn’t use cloud storage with third parties that don’t take serious security measures.
Security awareness training among staff is another great precaution. Make sure your team understands common risks and how to avoid them, has a plan in place for how to minimize damage if information is hacked, and hires a different third party for regular security audits.
Ultimately, cloud-based tech has proven itself immensely valuable to law firms. But continuing education and due diligence are needed, too.