Echoworx | Email Encryption Solutions | Five Ways Law Firms Can Improve Data Security

Five Ways Law Firms Can Improve Data Security

Law firm data breaches made international headlines in 2016: Mossack Fonesca in Panama. It has been called the – the biggest leak in history – 11.5 million documents totaling 2.6 terabytes. It resulted in the disclosure of the “Panama Papers,” airing the details of offshore financial activities of dozens of current and former world leaders, business persons, and celebrities.

Why the attackers were successful and how the breaches happened is straightforward; ‘astonishing’ low regard for security. Time and again, law firms have been targeted by attackers due to the sensitive and valuable information they hold. In short, protect your clients’ private, sensitive information or pay the price.

I have compiled a list of five ways law firms can protect themselves and their clients:


Recognizing information risk is the most crucial step. You must know what people have access to your data and when, what they are doing with your information, and how they are protecting it. The top-ranked security threat and your weakest link is not a missing piece of technology, it’s your employees and partners! If firms, see cybersecurity as an advantage rather than a cost factor and invest in user awareness and education they can safeguard their clients’ information and their own reputation and finances.


Security assessments are quickly becoming a client requirement. A survey by the American Bar Association found, clients are increasingly focusing on the information security practices of the law firms representing them and using approaches like required third party security assessments, security requirements, and questionnaires. This increasing pressure to respect and protect personally identifiable information has led local and federal and governments, across the globe, to transform their data regulations and hammer down enforcement. Law firms must invest in and validate that their security is working. Data security and privacy protection is no longer an option in today’s connected world!


Once you recognize the risk, take firm steps to put security and privacy policies into the core of your business practices. A privacy policy, written with the intent to ensure clients they can trust you with their information, can be a competitive business strategy. Once created, privacy policies should be shared in all publicly accessed areas within your firm and a regular review of data protection best practices should be encouraged. If employees do not understand or know the policies and are not trained in data protection best practices, methods, and processes, the firm will remain vulnerable to exploits.


It takes a lot of technical resources to keep computer systems up to date. Even when they are, zero-day vulnerabilities, malware, spyware and viruses are often found. Additionally, you have anti -virus and anti -spam systems which also require constant updates. More and more companies are outsourcing their security and encryption, subscribing to software-as-a-service (SaaS) from reputable security providers. These security providers hire technical staff that are highly specialized and well-trained in the areas of computing security and they meet and exceed regulatory requirements, providing up-to-date security and scalable encryption services at a reasonable cost.


The responsibility of securing sensitive data and communications falls on your law firm’s shoulders. When securing messages and documents, encryption should be your first go-to defense. It is a strong security measure that protects data in storage and in transit. Security professionals view encryption as a basic safeguard that should be widely deployed. In fact, policy-based encryption controls can automatically encrypt and protect data according to your sensitivity and confidentiality classifications minimizing the ‘Human factor’ by strengthening your weakest link.

Echoworx believes in preserving privacy rights and the expectation of secure digital communication. Our enterprise encryption platform, OneWorld Encryption helps firms to secure their information and communication from in and outside of their enterprise – in transit and at rest. To learn more about automated and adaptive encryption, the risks associated with weak B2C communications, and how you can get started:

If you have specific questions or would like more personalized information, reach out to the experts at Echoworx.

By Sam Elsharif, VP Software, Echoworx