File Sharing: Adopt a Firm Sponsored Solution Now!

Thursday, May 29th, 2014 | File Sharing | Scott Randall


Often when a law firm does not adopt a solution fast enough those pesky end users move forward without the sage advice of their IT department and certainly without proper consideration of the risks they might be taking or regulations they are violating. Easy and functional consumer products like market leader Dropbox are downloaded willy-nilly onto desktops and sensitive firm documents are uploaded to who knows where.

In the absence of a firm sanctioned and regulated solution your firm is open to both security and regulatory risks. Addressing this issue is urgent because the transfer of files and collaboration with outside parties is a daily part of law firm workflow. If you do not act to provide them with a solution they will find one of their own.

There are a ton of resources online to validate our security concerns and while corporations are certainly concerned about protecting trade secrets and strategy, law firms must also make sure that a file sharing solution is compliant to regulations such as HIPPA, client confidentiality or local ethics rules.

I have found that several sources that assert that services such as Dropbox are ethically-compliant and enhanced features in the “Business” versions offer the ability for the firm to wipe files from a centrally managed account. Most of these legal specific industry articles (like these mostly aimed at small firms: Dropbox for Lawyers and Law Firms – Everything You Wanted to Know and Is Dropbox Right for Your Practice? with excellent discussion of International issues in the comments) are recommending to be prudent with the storage of sensitive files in the cloud but that the security meets the “reasonable efforts to prevent the inadvertent or unauthorized disclosure of information related to a client” to avoid an ethical violation.

As a firm, Advanced Legal is seeing Dropbox installed on workstations hooked to personal accounts all over the place. Our concerns include the aforementioned security issues, but also the more practical end-user issues. For example, within the basic “consumer” Dropbox it is very easy to accidentally drop files into the wrong shared folders, potentially sharing a file with the wrong client, or user group. It is also impossible for a firm to make sure that sensitive documents are not kept by a former employee when they leave. While not reasons to ban use of file sharing it certainly highlights the need for a firm sponsored solution.

Finding A Firm Sponsored Solution

As with any solution quest, start with asking a lot of questions:

What are you sharing? Who are you sharing it with? Do we need collaboration vs. just passing files between people? Internal staff vs external counsel or clients? Ease of use? Do we need access control or an audit trail? What is an acceptable level of risk? Do we have clients with international or EU regulations for data storage?

Answers to these questions are a good place to start building a list of your requirements in order of priority. Some solutions that we see having success in legal (besides Dropbox for Business) are Box Enterprise Security, Citrix Sharefile as well as Google Drive for Business and Sharepoint. For firms that are inclined to host internally Citrix Sharefile is generally a preferred solution over Sharepoint for file sharing as it is easier to deploy. The constant changes to the Sharepoint product over the years and the internal design and maintenance expertise that is required far out-weighs the cost savings. A future blog post could certainly spend ample time evaluating the fine points of these options as well as the whole host of solutions that integrate with a firm’s existing case management or document management systems. We will work on that, but for now . . .

In a recent evaluation to answer the “file sharing solution” question for a client we settled on Box Enterprise Security to best meet their needs. It answers the security concerns with encryption as many other solutions do, but also offers HIPPA compliance and is certified for EU and Swiss Safe Harbor. It also offered the control access, two-factor authentication and audit trails that were required. With Box Enterprise Security the firm was getting away from the consumer level products and providing a centrally managed solution to end users.

This particular firm can also keep users from drifting back to their personal Dropbox accounts more easily than most now that their VDI (Virtual Desktop Infrastructure) implementation is complete. It will not allow most apps like Dropbox to be installed, and removes them when they show up. All firms in general can use web content filters to limit access to major file sharing sites if continued use becomes a problem.

Key Take Aways:

  • DO NOT avoid adoption of a firm sponsored file sharing solution.
  • DO NOT be scared of security on the cloud. It might be more secure than your servers/file room.
  • DO make sure the firm has a file sharing policy and end user training to avoid data breaches.
  • DO require that end users remove firm files from personal drives like Dropbox.

Tags: , , , ,

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Page 1 of 11

Leave a Reply