When you communicate with a client by email, [simple_tooltip content=’SMS stands for Short Message Service and is the most widely used type of text messaging. With a SMS, you can send a message of up to 160 characters to another device.’]SMS text message[/simple_tooltip], through [simple_tooltip content=’Internet messaging technology is a type of online chat that offers real-time text transmission over the Internet.’]internet based messenger apps[/simple_tooltip], by cell phone, through a [simple_tooltip content=’Voice over Internet Protocol, also called IP telephony, is a methodology and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol networks, such as the Internet.’]VoIP[/simple_tooltip] phone system, or by [simple_tooltip content=’Vide Conferencing comprises the technologies for the reception and transmission of audio-video signals by users at different locations, for communication between people in real-time.’]video conferencing[/simple_tooltip], your communication passes through the Internet – a [simple_tooltip content=’A public network is a network that is accessible to the public. By participating in a public network, you expose your connected devices to the world.’]public network[/simple_tooltip] made up of many different devices controlled by many different companies and organizations. Using a public network increases the risk that a third party can access your communications since you don’t have the ability to ensure how your data is secured on each computer it passes through.

Because attorney communications with clients are confidential, it is important that your firm take measures to reduce a third party’s ability to access them. Here are some basic steps your law firm can take to secure your electronic communications^[1]:

1. Make sure all computer and cell phone [simple_tooltip content=’A computer program used to prevent, detect, and remove malware.’]anti-virus[/simple_tooltip] and [simple_tooltip content=’Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network.’]malware[/simple_tooltip] software is up-to-date
2. Make sure your [simple_tooltip content=’WiFi is a technology that uses radio waves to provide network connectivity.’]WiFi[/simple_tooltip] router is free from malware
3. Use reputable [simple_tooltip content=’An electronic communication service is any service which provides to users thereof the ability to send or receive wire or electronic communications.’]electronic communication services[/simple_tooltip]
4. Keep all software and apps up-to-date
5. Identify and avoid [simple_tooltip content=’Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.’]phishing[/simple_tooltip] attacks
6. Use a reputable [simple_tooltip content=’A virtual private network extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.’]VPN[/simple_tooltip] if you are going to use public WiFi
7. Store your passwords in a reputable password manager rather than in your web browser
8. Configure all email, phone, text messaging, and video conferencing accounts with [simple_tooltip content=’Two-factor authentication is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence to an authentication mechanism.’]two-factor authentication[/simple_tooltip] whenever possible
9. Encrypt emails containing [simple_tooltip content=’Confidential information involves a set of rules or a promise usually executed through confidentiality agreements that limits access or places restrictions on certain types of information.’]confidential information[/simple_tooltip], [simple_tooltip content=’When sending PHI through the mail, you must use certified mail or a similar service that requires a signature from the recipient. This is to ensure that any PHI makes it to its destination.’]PHI[/simple_tooltip], or [simple_tooltip content=’Personally identifiable information is any data that can be used to identify a specific individual. Social Security numbers, mailing or email address, and phone numbers have most commonly been considered PII.’]PII[/simple_tooltip]
10. Use other means to share files when they are too big to be attached to an email, or if you don’t have the ability to encrypt your emails
11. Set up [simple_tooltip content=’Receive personalized updates regarding specified account activity on your accounts via email or sent directly to your mobile phone.’]account alerts[/simple_tooltip] on all electronic communication accounts to let you know when someone accesses your account, when a password or username is changed, etc.
12. Require all attorneys and staff to follow these steps
13. Recommend that clients follow these steps as well

References

1. What is Email Security? Data Protection 101