Instant messaging apps have become the communications channel of choice for most people who use smartphones. Workplace studies have shown that 70% of employees today bring their smartphones to work and use them to communicate with each other, but they aren’t aware of the security risks this poses. Legal firms face the same security issues as other businesses, but the confidentiality requirements of their profession require stricter policies.
A central principle of professional conduct for lawyers is maintaining the confidentiality of their client's communications, information, and legal proceedings. Confidentiality can be breached when lawyers and their employees discuss client cases using consumer messaging apps.
Many free messaging apps don't protect the data that’s sent and received with strong end-to-end encryption. This lack of encryption makes it more likely that communications can be intercepted over the internet or stolen during data breaches. Employees also become vulnerable to man-in-the-middle attacks that hack their conversations when they use public Wi-Fi networks outside of the office.
Another issue that arises from employees using their own personal devices and messaging apps to conduct business is the lack of records retention. Most consumer apps conduct connections over the internet rather than a company’s servers, which makes monitoring and recording their professional communications difficult or impossible. Not retaining a complete picture of workplace communications increases potential liability for employers because employee misconduct is more difficult to document.
For legal firms, the situation is compounded by the need to maintain records required for legal proceedings. Data that remains on an employee’s personal device can be lost if the device is destroyed or they move on to a different employer.
Exactly where communications are stored introduces risks of discovery during legal cases. If a consumer messaging app stores records of talks between employees on servers inside a given legal jurisdiction, it’s possible that it could be obtained by the other side of a case. This risk is one reason it’s important for legal firms to ensure that communications and case-related data remain on their private network.
Most messaging apps decline to store backups of communications on their own servers, but they offer their customers the option to use cloud services that sync their data between multiple devices. In today’s multi-device environment, this is often a default feature of consumer messaging apps. The result is that conversations between employees can end up stored on remote servers and become discoverable.
Lawyers are bound by the professional conduct rules that apply to them in their localities, and these standards are catching up to modern technology. Legal firms should be aware that conduct rules can limit their use of insecure messaging technologies that are inherently risky to their client's confidentiality. In some cases, they are required to take steps to ensure data privacy.
Secure messaging is essential for legal firms to ensure that their employees can collaborate with modern technology without compromising professional standards. These are some of the ways the risks can be eliminated:
The security environment we live and work in today has changed remarkably in the past couple of decades as various cybersecurity and privacy threats have grown. That's why Softros designed a secure peer-to-peer messenger that solves many of these problems. It restricts messages to your local network and applies end-to-end encryption to data that users send and receive.