New Gmail Security Issues: The Fix And How Lawyers Can Communicate More Securely

Lawyers have been using email to communicate with clients for decades now, despite the fact that it is inherently unsecure and is no different than sending a postcard written in pencil through the post office. This has been going on since the mid-1990s, after bar ethics committees across the country gave lawyers the green light to use email for confidential client communications. 

Even today, despite its many security issues, email continues to be a popular mode of communication for lawyers. In fact, according to the 2017 ABA Legal Technology Survey Report, 92 percent of lawyers sent confidential or privileged communications and documents to clients via email over the past year. During that same timeframe the average lawyer emailed 223 confidential or privileged communications and documents to clients.

This trend is problematic for any number of reasons. For starters, there’s the Gmail and the encrypted email security issues discussed below, which were discovered earlier this year. Another issue is the continued reliance by lawyers on unencrypted email for client communications despite the issuance of the ABA’s recent ethics Opinion 477, wherein the Ethics Committee encourages lawyers to avoid unsecure email when sending certain types of confidential client information and suggests that lawyers consider using encrypted methods of communication instead, such as secure web-based client portals or encrypted email.

Gmail security issue

But before we talk about the client portal solution, or the problems with encrypted email, let’s delve into the recent Gmail security issue. If you’re a lawyer and your email provider of choice is Gmail, then the recent news regarding a Gmail security issue should be of interest. Specifically, in early July, it was revealed that some emails sent and received by Gmail users can be accessed and viewed by third party apps and their developers.

Practically speaking, what does this mean? It means that if you’re currently using the free version of Gmail to communicate with clients, and you have knowingly or unknowingly granted third party apps access to your Gmail account, you may now be violating your ethical obligation to maintain client confidentiality. Similarly, if any of your clients use the free version of Gmail, it’s possible that they’ve also granted third party apps access to their email accounts and any confidential communications sent to or from you.

If either of those situations apply, you’ll need to take steps to ensure that your communications are secure. First, I would suggest that you switch to the paid version of Gmail, GSuite –  it’s a better choice for law firms for any number of reasons, not the least of which is security and customer service.  Then, change the permissions of your Gmail account, and ask your clients do the same. You and your clients should head over to Google’s Security Check-up page and revoke the access that any third party apps may have to your account.

Email encryption security issues

Because of the security issues inherent to traditional email, some lawyers have turned to encrypted email when communicating with clients. However, in May, those lawyers learned that they were out of luck. That’s when the news broke that European researchers had discovered major vulnerabilities in the PGP email encryption standard most often used to encrypt email.

The advice from many security experts in the wake of this discovery was that until the PGP vulnerabilities of encrypted email were remedied, lawyers seeking to securely communicate and collaborate with clients would need to consider and choose alternate methods. The method of choice for many lawyers in 2018? The secure online client portals built into law practice management software.

The client portal solution

Since email – both traditional email and encrypted email – have proven to be problematic in recent months, why not switch to a more secure and reliable way to communicate with clients? Secure client portals are the obvious choice for confidential client communications.

Not only do client portals provide a secure and efficient way for lawyers to communicate and collaborate with clients, they also provide 24/7 convenience and access to case-related information. Clients can simply log into the portal at anytime, day or night, and obtain information, upload or download documents, or send a message about their case. With client portals, gone are the days of never ending phone tag between you and your clients. The cumbersome back and forth process of unsecure, threaded emails will also be a thing of the past. Instead, secure client communications will take place in a centralized, encrypted, and controlled online environment.

Sound interesting? You can learn more about the many benefits of communicating and collaborating using secure client portals, along with lots of other client communication tips by downloading this free guide: “Fixing the Communication Problem: Tips for Providing Exceptional Client Communication.”