When most people think of cloud storage, they think of Dropbox. This is due in large part to their ability to quickly penetrate the cloud storage market and establish an inexpensive consumer-based platform. While there is nothing wrong with this platform for general consumer use, questions remain as to its security and functionality for businesses, even with the Dropbox for Business solution. Over the last few years, you may have seen headlines like the ones below:
- Dropbox Confirms it Was Hacked, Offers Users Help (CNET, 2012)
- Dropbox Can Be Hacked, Say Security Researchers (Computer Weekly, 2013)
- Nearly 7 Million Dropbox Passwords Have Been Hacked (Business Insider, 2014)
- Was Dropbox Hacked? Not So Fast (Forbes, 2014)
The truth is that Dropbox is perfectly fine for many businesses. It is not ideal, however, for those that fall within the professional services sector, due in large part to the lack of security precautions that can affect client confidentiality. In addition to HIPAA compliance issues, the legal profession prides itself on ethics and client confidentiality. Simply stated, the need for confidentiality is paramount.
In 2012, amendments were made to the American Bar Association’s Model Rules 1.1 and 1.6 which affect how attorneys utilize cloud storage. Model Rule 1.1 directs that lawyers are encouraged to stay current with respect to “the benefits and risks associated with relevant technology.” According to Model Rule 1.6(c), a lawyer has the duty to “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client” and Comment 19 adds that “the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients.”
As an attorney and not a tech guru, you may be asking yourself, “How can I possibly keep up with all the changes in technology while continuing to practice law and represent my clients?” Reading this article is, of course, a good start. Specifically, with respect to cloud storage solutions, you should look for the following five features.
Secure servers that are located in the United States. Many of the large, international cloud storage providers have servers located outside of the United States. This could be problematic because other countries have many different laws regarding what information can be accessed when servers are subpoenaed.
Cloud storage as a backup solution. You may need to access client data when you do not have Internet access. If you are only using a SaaS provider or cloud storage provider that requires constant uploading and downloading of data, there may be occasions when you find this difficult or even impossible to do. By using a solution that keeps copies of the file stored on your local drive (computer or server), you will be able to open and save the files in a much more efficient manner.
Share links that are password protected and removable. Many platforms provide the ability to share a document or file by assigning it a unique URL. If the only way to remove the URL is to move the document to another location for storage, this is not an efficient means of ensuring security. Make sure the platform you use has features that either delete the share link at a specific time in the future or have the availability to remove it by the click of a button.
A platform that allows for shared files and folders to be viewable but not downloadable. One concern that many people have with respect to client files is who can access them. Once you share a file with someone, it is hard to control what they do with that file. By allowing the file to be viewable but not downloadable, you can limit the ways the end user is able to pass information along to an unintended third party.
A platform that provides file versioning. This allows you peace of mind for those instances when you accidently save a new file over an existing file that you needed to keep. File versioning will enable you to access the backed up version in the cloud and open a previously saved version after you save the new document using a new name.
In summary, it is important to look at different cloud storage solutions and not just choose the popular, consumer-focused platform. It is part of your duty as an attorney to secure the files of your clients and take the necessary precautions to minimize the risk of unwanted disclosure. Chris Vaughan