Sometimes the electronic files your attorneys and staff must share with clients, opposing counsel, the Court, health insurance companies, or payroll processing companies are too big to fit as an attachment to an email, or should not be shared via unencrypted email. When this happens, you will need to find another way to securely share files with clients and third parties.

One solution is to upload files to a [simple_tooltip content=’Cloud storage is a model of computer data storage in which the digital data is stored in logical pools.’]cloud storage[/simple_tooltip] system, such as GoogleDrive, OneDrive, DropBox, or Box, that allows you to send a shareable link to people outside your firm. But many cloud storage systems allow the shared link to remain open indefinitely, to be forwarded by the original recipient, or to be accessed by anyone who is able to see to the original recipient’s email.^[1]

A better way to ensure that only the intended recipient can access documents stored on the cloud is to use a client portal. Many cloud-based legal practice management solutions include a client portal feature that allows attorneys to upload documents and securely share them with the client. When using a client portal, the client has its own username and password and can only access the documents stored in the practice management system by entering those credentials. This ensures that only the client has access to the files you have uploaded for their matter in your practice management document storage.

No matter how you choose to share files with people outside your firm, you should also follow cloud storage security best practices, which include the following^[1]:

1. Delete all [simple_tooltip content=’Metadata is a set of data that describes and gives information about other data. Many distinct types of metadata exist, among these descriptive metadata, structural metadata, administrative metadata, reference metadata and statistical metadata.’]metadata[/simple_tooltip] from all electronic files shared with clients, the Courts, or other third-parties
2. Make sure all computer and cell phone [simple_tooltip content=’A computer program used to prevent, detect, and remove malware.’]anti-virus[/simple_tooltip] and [simple_tooltip content=’Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network.’]malware[/simple_tooltip] software is up-to-date
3. Make sure your [simple_tooltip content=’WiFi is a technology that uses radio waves to provide network connectivity.’]WiFi[/simple_tooltip] router is free from malware
4. Use a reputable cloud storage company that has adequate security
5. Keep all software up-to-date
6. Identify and avoid [simple_tooltip content=’Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.’]phishing[/simple_tooltip] attacks
7. Use a reputable [simple_tooltip content=’A virtual private network extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.’]VPN[/simple_tooltip] if you are going to use public WiFi
8. Store your passwords in a reputable password manager rather than in your web browser
9. Configure your cloud-based file storage accounts with [simple_tooltip content=’Two-factor authentication is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence to an authentication mechanism.’]two-factor authentication[/simple_tooltip] whenever possible
10. Set up [simple_tooltip content=’Receive personalized updates regarding specified account activity on your accounts via email or sent directly to your mobile phone.’]account alerts[/simple_tooltip] to let you know when someone accesses your account, when a password is changed, etc.
11. Require all attorneys and staff to follow these steps^[2]
12. Recommend that clients follow these steps as well

References

1. Best Cloud Storage for Sharing 2019
2. Communicating the Data Security Risks of File Sharing & Cloud Storage