Sharing Files beyond your Firewall A Matter of Risk Management

Most firms that I talk to have invested in people and technology and implemented policies and procedures to ensure that their corporate data and/or their client’s data is protected within their organization. Secure servers, offsite back-up, VPNs, document management systems, strong passwords, data retention policies – everyone is familiar with these terms in the information age. What I find fascinating is the level of investment and attention to details that many firms employ internally, in contrast to how they share confidential or critical information externally.

I’ll give you an example. I was speaking to a group of managing partners at a large law firm recently, who were interested in using an online solution to share files outside of their organization with clients, other lawyers, and third parties for a variety of financial transactions. The files they wanted to share contained confidential and personal information and were to be collected from their clients and from the document management system. Internally, they had all the systems in place to protect this data – firewalls, restricted access, document check in – check out – it was all covered. When we started talking about using a SaaS application to share the documents outside of the firm, the idea was met with widespread skepticism. The concept of using a third party software application that was not owned by the firm or connected to their internal systems was not going to be acceptable. Understanding my challenge and having had this conversation before, I asked the question, “How do you send confidential documents that may have protected personal information to people outside of your organization today?” The answer was exactly what I had expected – Email using Outlook.

Here are a couple of facts about sending confidential documents with personal information via email:

  1. The files are not encrypted or protected in transit or after receipt
  2. You have no control over what happens to those files after you hit the send button
  3. You have no idea who may end up with a copy as a result of a forward or reply to all
  4. Shared email attachments can launch hidden computer programs known as malware that spread across many computers compromising internal networks.
  5. There are examples of firms in litigation because they sent confidential information via email to the wrong recipient

The point to my story is that many firms go to great lengths to protect data internally. However, the same firms that invest to protect information internally often ignore the risks associated with sharing information outside of their organization. The need to share information with multiple parties in different locations, even globally in different time zones, is increasing across all business, so firms need to find a way to accommodate sharing information while managing the risk.  A virtual data room can provide a turnkey solution with no upfront capital investment in hardware and software and no investment in resources to develop, support, and maintain the technology and security associated with it. In the end, the managing partners of the firm chose to move ahead with our solution based on the points I refer to in the previous sentence – and because it mitigates all of the risks of using email for the same purpose.

Debbie Stephenson

Debbie Stephenson is a former Content Marketing Manager at Firmex.