Vast technological advancements in the Internet are spawning new breeds of professionals who have learned to take advantage of the Internet's ubiquity, connectivity, and speed. Among these professionals are legal support individuals known as virtual paralegals.
We've talked to some of our customers in the legal profession, and many of them say that the primary reason they'd hire a virtual paralegal is because of the potential to save on operational costs.
We all know that the legal profession is very document intensive. So how do attorneys and virtual paralegals exchange documents? I probably know what you're thinking. And what you're probably thinking is where the problem lies.
How files are shared with virtual paralegals
Because of advancements in the Internet, it's now much easier to communicate, collaborate and share files with a virtual paralegal. It doesn't matter if you're preparing a case in New York, while she's in L.A. Both of you can still work and get the job done.
So what are the file sharing methods normally used by attorneys and virtual paralegals?
Well, many of them still send documents through snail mail or fax. But there are those who convert those documents to electronic form (if they aren't yet) and then send them over the Internet. It's much faster and more convenient. Now, when it comes to sending files over the Internet, there are two popular options: email and FTP.
We all know documents needed for litigation can be so voluminous. And so, in the interest of completing the file sharing task as quickly as possible, many lawyers and paralegals choose the latter.
For a lengthier discussion on the disadvantages of email, particularly in regards to sending large volumes of files, please read the section "Much faster than email" in the article Advantages of Using a Managed File Transfer Server in eDiscovery.
Risks of sharing sensitive information via FTP
FTP is great for sharing a large number of files, big individual files, or even multiple large files. Many attorneys love it because it's so easy to use. Even if you're really transferring files over the Internet, the process is akin to just moving files from one local folder in your computer to another.
Here's how a typical FTP file transfer would look like (see screenshot below). What you're seeing down here is a screenshot of AnyClient, our free multi-protocol, OS-independent secure file transfer client.
In spite of FTP's user-friendly interface, it has one major weakness: it is very vulnerable. A file transferred via FTP traverses the Internet in the clear, making it easy for a man-in-the-middle attacker with a packet sniffer to intercept and view the information being sent.
If the information is not important, that shouldn't be a problem. But when you're dealing with sensitive stuff, e.g. trade secrets, employee salaries, attorney-client privileged information or information protected by laws like state/territorial data breach laws, HIPAA, GLBA, PCI-DSS, and SOX, then it's imperative that you secure the privacy of that information.
This can easily happen in activities preparatory to litigation. One perfect example is during e-discovery, where file exchanges can reach tens to hundreds of Gigabytes and involve a wide range of data.
Why an MFT Server is more suitable
A more secure way of exchanging files is by using an MFT (Managed File Transfer) server. If you've tried sharing files via FTP, then you won't have any problem using an MFT server. It basically requires the same procedures.
Actually, most MFT servers will also allow you to use FTP. However, we don't recommend it, especially for people working in the legal profession. What we would recommend are the secure services in an MFT server that function virtually like FTP.
For instance, you could employ FTPS or SFTP, which will encrypt your files during transmission and therefore render packet sniffing or other man-in-the-middle attacks ineffective. You could also make use of SSL certificates to implement strong authentication.
MFT servers like JSCAPE MFT Server have a host of other security features like:
OpenPGP - for encrypting files stored in your server;
secure password configurations - for implementing stronger passwords and for complying regulatory requirements;
DLP - for automatically detecting sensitive information;
automated antivirus protection - for protecting files against viruses;
and many others.
As keeper of privileged and protected information, it is your duty to preserve the confidentiality of that information. And that duty should be upheld even more when the information is shared with others, including your associates, legal support staff, and virtual paralegals.
An MFT server can help you preserve the confidentiality of privileged and protected information when you share files with a virtual paralegal.