Login | November 20, 2017

The ABA wants you to secure your email

RICHARD WEINER
Legal News Reporter

Published: November 10, 2017

With all of the emphasis on securing data, with the seemingly complex methods that are required to do so, it might be easy to overlook the simple email—even though all hacker phishing expeditions start with a simple email.

It’s tempting to just ignore your email account—after all, you’ve had the same one for years, so what could go wrong now? Well, everything. Email needs to be tended to with the same security eyes and protocols as any other data in your system.

In June, following a number of state bars, the ABA issued some guidance to securing email in Ethics Opinion 477, which you can find on the ABA site: www.americanbar.

At this point, best data security practices—the ones that keep you from getting sued or losing your law license-- now include email security, so time to ramp up awareness of same.

Most analysts have called this new opinion sort of vague and hard to conform to, but essentially the ABA guidance is fact-based, and forces the lawyer to determine under what circumstances, on a case-by-case basis, a particular email should be encrypted.

Most commentators, including moi, assert that all emails should be encrypted at all times, end-to-end, just to be safe. It may be a pain, and it may sound expensive, but it is really the only practical solution.

The advocacy group Electronic Frontier Foundation has a good overview of the topic here: https://ssd.eff.org/en/module/communicating-others.

At this point, most email providers have encryption solutions available to users. At the same time, all documents and other data sent by email should also be encrypted.

How? First, use a secure email server (you can tell by looking at the address, which will be https if it is secure). Google and Microsoft, at least, off this basic protection, and Outlook can be tweaked to send encrypted emails automatically.

You can also subscribe to protected email services like ProtonMail, Tutanota (both of which encrypt at the personal machine level), Mailfence, CounterMail, Hushmail, and Sendinc.

There is also Send Safely, an add-on to your current email. For HIPAA docs, ReplixDocs is a way to go.

Next encrypt and/or password-protect your docs. Microsoft has tools for this for both Word docs and PDFs, so you don’t have to get too fancy.

Do all this now (or get some youngster in your office to do it). Yes, more work, and you’re welcome.


[Back]