The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/411912
WWW.ILTANET.ORG 53 The latter becomes immensely more important as the size of the firm and the number of internal and external human interactions increases. What does the way that law firms make money have to do with security? When clients come for expert legal opinions, the IT infrastructure must dynamically create virtual teams that can share and collaborate on confidential documents and information. A huge part of firm revenue is based on the ability of large numbers of professionals to securely share sensitive information, both internally and externally. CIOs need to recognize and communicate that this unique sharing need makes security absolutely everyone's business The CIO trying to balance flexibility and mobility with the growing demands and complexities of information security has a hard task on his or her hands. Not everyone in the firm will have the same level of commitment to security. Productivity (efficiency) can be one of the main obstacles to securing information: Given the immense pressure to produce, if there is a quicker and easier — yet less secure way — to accomplish a task, most will choose the more convenient route. Plus, if you implement a process or technology solution to mitigate risk that deviates from the user's normal workflow, getting other users to adopt that solution can be difficult. What can we do? SCRUB OUTBOUND METADATA Since Microsoft Outlook dominates the majority of legal professionals' time, it is the easiest place to make a huge impact on both security and productivity by automating the removal of email metadata. Firms can set up strong server-based metadata removal solutions that will work in the background to clean metadata automatically as content is made externally available. This can be done with server-based cleaning in Exchange or upon sending to any external-facing location, including EFSS platforms, private clouds, deal rooms, etc. It is key to configure these solutions to only ask for user input if action is required and permission is granted by an administrator. Because these solutions are set up on the firms' Exchange servers, all email and attachments sent from mobile devices can be automatically scrubbed of potentially harmful metadata. Most users' profiles can be configured to have zero control of the metadata removal process, while your tech-savvy users can have varying degrees of control over which metadata is scrubbed from any email. This should all work seamlessly within the users' normal Outlook workflow and on all their mobile devices. You would need to mandate adoption, but operation should bring benefits, not headaches, to people on the front lines managing client deadlines. An Outlook-integrated, secure encryption platform can encrypt email and/or attachments both in transit and at rest. This also allows your users to send files of any size (most firms restrict files larger than 25MB) without slowing down the firm's Exchange servers. Administrators and empowered users can have the option to enact tighter or looser control of encryption opt-out and multifactor authentication at the firm's discretion. Adoption depends on making this identical to sending email with an unprotected attachment. SAVE USERS FROM THEMSELVES Starting with factory specs, there is little you can do in terms of managing email attachments within Outlook beyond attaching and deleting. However, with several Outlook add-ins now available, you can rename and reorder attachments before sending, convert attachments to PDF or .zip them, bind files into an electronic binder with a cover page and table of contents, and many more common attachment tasks — all within Outlook. In addition, many add-ins are now available that reduce the risk of accidentally sending sensitive information to unintended recipients by automatically: • Alerting users when they are replying when BCC'd • Limiting "Reply All" to a certain threshold of recipients • Preventing incorrectly auto-completed email addresses • Alerting users to long threads that might have risky content deeply buried • Stamping attorney-client privileged communications for protection during e-discovery THE NEXT BIG THING Digital rights management is becoming a realistic option for firms with a forward- looking collaboration and mobile strategy. Easy-to-use platforms can add a final layer of confidence and security to any document by including a "security wrapper." Working online or offline, the empowered user can restrict access to documents at any time by individual or group, or by expiration date or location. A user can also allow or disallow copying, editing, printing, etc. An adventurous few are just beginning to explore the possibilities of ubiquitous use of this technology, but the prize will be big for those that get a significant head start. There are many avenues to increase your firm's information security through automated and integrated Outlook software. I encourage you to research and start discussions around ways to increase your firm's overall security by making an "invisible" impact on every user in your firm. The win-win result within reach is a noticeable productivity gain and an invisible security improvement. About the Author Paul Domnick joined Litéra as the President in May 2014. Paul was CIO of Freshfields Bruckhaus Deringer from the beginning of 2009 until November 2013. There he was responsible for a global team of more than 300, covering all areas in IT and IS, such as change management, information security, infrastructure operations and helpdesk support, technical architecture, vendor management, application support, and program and project delivery. He can be contacted at pdomnick@litera.com.