Securing your computers is not any big deal any longer. Which is not to say many law firms remain insecure. Security is a process: making sure the software you have is set up right and you have the proper policies and practices in place.
In 1999 the ABA published an ethics opinion, No. 99-413, that said a lawyer may transmit legal or client information by e-mail without violating the Model Rules of Professional Conduct. It reasoned that the Internet posed no greater risk of compromising client information than sending faxes or making phone calls. Though that opinion helped cool off some simmering anxieties, questions remain about the proper role of information technology and new Internet technology within a law practice.
Since that opinion was rendered, hosts of new ways to share information over the Internet have spawned new security risks of which lawyers ought to be aware. For example, it used to be safe to assume that when someone sent an e-mail to another individual, the message’s contents were never really in the hands of a third party, aside from a short hop through the Net. However, a number of popular business applications now put client data in the hands of third parties.
In addition, law firms are getting all sorts of new hardware and software systems, but they aren’t observing all the security precautions. “Law firms are buying case management, document assembly, calendaring and even word processing software but aren’t always taking the proper care to make sure they’re run and installed right,” says Dee Crocker, practice management adviser of the Oregon State Bar Professional Liability Fund.
These new dangers could open up lawyers to malpractice charges. Fortunately, there are a few simple remedies for most security risks.
Free e-mail services such as Hotmail and Yahoo allow people to download messages at any computer, a popular way to keep up with messages while traveling. However, with these services, too, third parties store all the information.
Security experts say that putting information on the Net and in third-party servers only increases the likelihood that it could be intercepted. “I’m not necessarily saying Yahoo or Microsoft servers are not secure,” says Polley. “But they’re definitely less secure than if you keep data on your own servers where you at least know what sort of security is in place.”