With meetings, conferences, and conventions being canceled by COVID-19, law firms are looking at new ways to communicate using video conferencing and webinars now and in the future. The bulk of CLEs will be online.
Firms forced to switch from in-person meetings and events to online communications have found them to be surprisingly effective and far cheaper than taking a client to lunch or hosting an event in a hotel banquet room.
But with any communication that goes through the internet, there is a threat of cybersecurity being compromised.
If not properly safeguarded, the information being discussed in a video conference or a webinar can be hijacked by a third party. This is a serious consideration if the information is proprietary or confidential. If a lawyer is talking to a client, to maintain the attorney-client privilege, they can’t use a video conference application that is not end-to-end encrypted.
An unsecured video conference or webinar can also open the door for a hacker to get into your entire system. For instance, Zoom, one of the more popular of the video conferencing application, has been flagged by the NSC over concerns of spying by the Chinese.
One of the best ways to ensure cybersecurity is to ensure the service you are using is end-to-end encrypted. Some of the solutions use encryption when the video is in transit or at rest. End-to-end encryption is a higher level of security where only the sender encrypts, and only the recipient can decode the data. If a third party such is as Zoom is hosting the solution, there is not that end-to-end encryption.
Zoom, Microsoft Teams and Skype have this problem. Cisco Web-X offers a free account, but you can’t use it for end-to-end until you open a Support Ticket with Cisco Tech and ask that end-to-end encryption be enabled on your account.
I did research on alternatives to Zoom for my company because I have a Zoom account that integrates a lot of other platforms. We can’t use it for some of the sensitive work that we do. I found a company called Signal.org that does one-to-one communication but it won’t work if you want to do two or more people.
Webinars that, in some cases, have replaced events such as in-person CLEs can have cybersecurity issues. The solution is using a service that is end-to-end encrypted. You can do a webinar or use Microsoft Teams without it being end-to-end encrypted as long as what you are talking about is not sensitive, such as something in the public domain.
No matter what software you use for communicating with clients or other attorneys, it is essential that the service be able to provide you with documentation of cybersecurity. This can be critical evidence for your protection in the event of a breach. The same holds true with videoconferencing and webinars if you need end-to-end encryption. The provider should be able to provide you with this documentation.
For mid-size firms that will be migrating on a wide-scale from in-person meetings and events to video conferencing and webinars, it may be worthwhile to have a company like mine take a look at the sum of these applications rather than on a piece-by-piece basis as they add these tools.