File Sharing by Lawyers Largely Insecure, Survey Suggests

lexisnexis-law-firm-file-sharing-precautions

If I were to leave a document on a table entitled, “My Deepest, Darkest Secrets,” under which I wrote, “Please do not read this unless you are someone I intended to read this,” how securely would you think I’d protected myself?

That, effectively, is all the majority of lawyers do to protect confidential documents they share with clients and colleagues, according to a LexisNexis survey published this week.

The survey found that 89 percent of lawyers use email to collaborate with clients or privileged third parties. In the majority of uses, however, the only precaution lawyers take to protect their email is to include a confidentiality statement in the message body.

Asked what precautions they take when sending privileged communications via email, 77 percent said that they include the confidentiality statement. Only 22 percent said that they encrypt their privileged emails. Even fewer take other security precautions, such as password-protecting documents or sending only links to documents on secure websites.

The survey also found that just over half of lawyers, 52.5 percent, have used free consumer file sharing services such as Dropbox or Box to share privileged communications.

The survey was conducted March 5-19 of practicing attorneys and legal professionals. A total of 282 respondents from more than 15 practice areas, representing 40 states and two territories, participated.

A summary of the survey is available at the LexisNexis Business of Law Blog. A PDF of the full study findings can be downloaded from this page.

Posted in: General
Updated:

9 Responses to “File Sharing by Lawyers Largely Insecure, Survey Suggests”

  1. […] 89% of lawyers use email to communicate with clients or privileged third parties. (I assume the other 11% are using flag semaphore.) Of those, says Bob Ambrogi, […]

    • Olga says:

      As I am sure you’re aware Ben – not all cloud file sharing is created equal. I find that it’s crucially important to understand how the service providers handles your data and who really owns the data. Sometimes going through the fine print really clears these things up, but then again – no one does that anymore.

  2. This should come as no surprise. Though email may not be the most secure mechanism, it’s typically more secure than DropBox or a cloud file sharing service. Until someone or some firm experiences a high profile breach, I wouldn’t expect this to change.

    • JoeB says:

      Hm… Depending on how you use email it is less secure. However, there are ways to make it more secure with PGP encryption. The problem is that PGP (or other encryption) isn’t that user friendly. Therefor, people are less likely to use it. While Dropbox has had some issues with security in the past I don’t know that I would say that it’s less secure than email. If email isn’t encrypted then it has the same security wrapped around it as sending a postcard through the mail. Anyone along the way can read it. There are several different cloud storage providers with a wide range of security options. Don’t knock them all.

  3. […] Ambrogi, an attorney, writes of such “protection” on his LawSites […]

  4. Bob, thanks for this. I read the survey report. It does not provide enough information about the methodology to enable readers to judge how representative the sample is. The sample is very small, suggesting that the margin of error for the results is very large, but the margin of error is not reported. In short, from the survey report we can’t tell whether or how biased the results are, or how precise they are, and the published report gives us no basis for generalizing the results to the larger community of lawyers. From the information Lexis has disclosed, we should interpret the results as being limited to the 282 respondents (at least 13% of whom do not appear to be lawyers). Would you be willing to ask Lexis to publish a complete description of the survey methodology, and to publish the margin of error for all results, so that we can determine whether the results are biased, how precise the results are, and whether the results can be generalized to any larger group of lawyers or legal professionals? Thanks for considering this.

    • Hi Robert: Thanks for your interest. I calculate a margin of error of +/-6%.

      The questions posed were modeled on previous surveys conducted and published to the legal community. We obtained a data sample from a credible 3rd party.

      We intentionally put distance between the brand and the survey however, for legal reasons, we did provide a link to terms and conditions that plainly stated the survey’s origin.

  5. Frank: Thank you. The margin of error accounts for precision, but to determine bias in the estimates we need to know how the sampling was conducted, the non-response rate, the weighting and raking methods, and all the other details of the methodology. Where can we find those details?

Leave a Reply