Data Breaches and Encryption Kryptonite


One wrong keystroke or misplaced flash drive can run you $7.2 million.

That’s what a typical data breach will cost you these days, according to a data breach study released this month. This figure is up seven percent from 2009, with the most common causes of data breach attributed to breach incidents (41%), lost or stolen portable or mobile devices (35%), malicious attacks (31%) and system failure (27%.)

While $7.2 million is a sizeable sum we all can collectively cringe at, it doesn’t even come close to estimating the damage to your law firm’s reputation or client relations should it encounter a data breach. Get a taste of how it could feel by reading up on ACS:Law and how it failed to properly secure personal information.

Encryption Kryptonite

The study states that encryption is driving “a decrease in breaches due to system failure, lost or stolen devices and third-party mistakes.”  I’m a big fan of encryption (and I suspect anyone in the legal world would be as well), but like Super Man, encryption faces its own version of kryptonite: File transfers via FTP or email.  Both FTP and email post significant risks that can open the door for regulation violations or confidentiality breaches.

File Transfer Protocol (FTP) is limited to single authentication – not two-factor authentication which is a requirement of PCI and other security standards. Also, in today’s rushed law firm IT department, there is the risk of an FTP site being set up improperly or of rogue lawyers setting up their own sites.

Email is insecure because it doesn’t allow users to encrypt large files and documents as they are transmitted to the recipient. Plus, most companies and email providers have limitations on the size of email attachments to keep the strain off the servers. This results in bounce backs, error messages and information potentially getting in the hands of someone who shouldn’t see it.

The Remedy: Managed File Transfer

You can defeat encryption kryptonite from emails and FTP sites with managed file transfer (MFT). MFT is a secure method of transferring large files and sensitive data and is typically used in place of e-mail and FTP.

With MFT, you can send encrypted files through a designated network that automatically logs and centralizes the audit trail. This applies most commonly in situations where your company is regulated by the Payment Card Information Data Security Standard (PCI DSS), HIPAA, SOX and other regulations.

Here’s how one law firm uses managed file transfer and reduced IT help desk hours in the process.

Even with the best efforts, every law firm faces the potential of data breaches and the fallout that comes with it. By identifying weak links in your security – such as the encryption kryptonite of FTP and  emails – and applying technology such as MFT to combat it, you elevate your ability to thwart potential data breaches. And all in a single bound.