If you thought storing your client’s files on the clouds not only ensured nearly constant access to the information anytime, anywhere as well as complete confidentiality, think again. As long as there are hackers willing to do anything to infiltrate private information, there are risks associated with storing your client’s proprietary data on the clouds. Fortunately, however, there are steps business owners can take to lessen the chances of cloud infiltration.
“From a legal standpoint, we are starting to see cloud storage companies that are beginning to appreciate the need for elevated security for law firms and attorneys,” says Eric Griffin, a solo practitioner and former general counsel in Dallas. He is also the former Chair of the State Bar of Texas’s Computer & Technology Committee.
Considerations when considering cloud storage According to Paul Unger, a Columbus attorney and partner in Affinity Consulting Group, a company that advises lawyers how to practice law more efficiently, reasonable standards of care exist when it comes to protecting client data. When storing client files on the clouds, business people, including lawyers, would be wise to:
• Back up data to allow the firm to restore data that has been lost, corrupted, or accidentally deleted;
• Install a firewall to limit access to the firm’s network;
• Limit information provided to others to what is required, needed, or requested;
• Avoid inadvertent disclosure of information;
• Verify the identity of individuals to whom the attorney or business provides confidential information;
• Protect electronic records containing confidential data, including backups, by encrypting the confidential data;
• Implement electronic audit trail procedures to monitor who is accessing the data; and
• Create plans to address security breaches, including the identification of persons to be notified about any known or suspected security breach involving confidential data.
How safe is cloud storage? While it is generally considered ‘safe’ to store client data in the clouds, technological protections provided that data depends on whose cloud, says Unger. Hiring a firm that provides more data security than what can be done internally by the business owner is key to protecting proprietary information, he says.
Since Griffin sends his client’s files to the cloud, he takes several precautions to ensure their safety. Among those steps is the encryption of the data. He also maintains the keys to his cloud.
“Don’t rely on the cloud service provider’s encryption keys,” suggests Griffin. Since Griffin himself encrypts his client’s files before sending them to the cloud, and he keeps the keys to his cloud, the cloud vendor he uses cannot de-encrypt its protective codes.
Securing client data, whether stored on the cloud or in a file cabinet, is an ethical consideration all business professionals simply cannot overlook. As more sensitive data shifts into the cloud, ranging from inappropriate selfies to customer social security and credit card numbers, maintaining security becomes even more critical.