Column

Getting to S: Securing Lawyer Online Activities

The availability of secured connections and applications on the Web means potentially safer online law practices. Opt for using secure connections and develop a habit that can limit exposure of your work product and client confidences. You can do this by making some small modifications to your Web activities.

Let’s start simply. If you’re like most people, you sometimes find yourself at the Google Web search engine. Ever typed in something related to a client in Google? If you did that over an unencrypted coffee shop (or home!) wireless network, your search is being transmitted in plain text. Google now offers encrypted search, so that the search query you use – and the results you look at – are transmitted securely. It’s easy as adding an “s”:

http://www.google.com

becomes

https://www.google.com

If your Web browser defaults to this page, you won’t have to remember to type it in each time. You will get a visual reminder that you are searching securely because a small yellow lock will appear in your Web browser. Microsoft Internet Explorer 8 and Google Chrome display the lock right next to the Web address. Mozilla’s Firefox places it in the bottom right hand corner of your Web browser, on the status bar.

The s in the Web address indicates that you’re using a secure layer. It means that you are transmitting securely. It does not mean that either your computer or the computer with which you’re communicating are secure. When you type a search into Google and click on a result, you may not be leaving the protection of the encrypted Google search. Selecting a search result from a Web search engine also sends your search terms and other information to the site you visit: Smith & Jones, LLP in Tampa visited from Google after searching for “lurgan corporate financials”. Someone at that site may be able to see that information, so be aware that there are limits to encrypted search. You have more control over your own computer’s security and who can tell what you’ve been searching.

Encrypted connections aren’t limited to search. Do you use Google Mail? New accounts default to using a secure connection, but you can also turn it on yourself. If you use Microsoft’s Hotmail, you can select to use an encrypted connection but have to do so when you log on, and you won’t get any indication that you’re using a secure connection. Yahoo! Mail will automatically encrypt your username and password but all of your activity is unencrypted. If you access your e-mail from a computer using an e-mail program like Microsoft’s Outlook, Mozilla’s Thunderbird, or Postbox Inc.’s Postbox, you can set up a secure connection for both your login credentials and e-mail activity.

It is now a standard feature for online practice management sites like Clio and Rocket Matter to encrypt your entire online session. Like online banking and other sites where you log in and interact with data stored by that site, keeping it in an encrypted system makes sense. You should see your Web browser location bar change to https:// when you log on to your online law practice resources.

Your online legal research can be encrypted as well. Thomson Reuters’ Westlaw products will have a link, somewhere below the login box, enabling a secure connection. LexisNexis offers a checkbox on its login pages to enable a secure session if you are outside the U.S. Research sessions on the primary U.S. LexisNexis site are automatically encrypted. Check with your other electronic legal publishers to see what they encrypt, including your login and session. Some, like Fastcase.com, encrypt their entire sessions by default.

Cloud-based productivity sites like Google Apps and the free Google Docs and Calendar, or Zoho’s suite of products, can also support secure connections. In some cases, you cannot access the product without an encrypted connection. In some, like Google Docs, you can manually change the Web site address so that it is https:// even when you can’t actually configure the application to always use a secure connection.

Adding an s to the address can have an unintended benefit if you are working in an organization that filters access to Web sites, especially social media. Since the filters are often very specific as to Web site addresses, adding the s can sometimes give you access to a site that is otherwise inaccessible. (See tip 4 in this 5 minute video on bypassing filters; use at your own risk).

You may be scratching your head and wondering why not encrypt your entire experience using a virtual private network (VPN) or similar encryption connection, like Gotomypc.com or Logmein.com. Those services will encrypt your connection from one endpoint (smartphone or PC) to another. That can be advantageous, but if you then execute a search on Google or use an online service from that remote endpoint, it’s not encrypted on the remote end. It’s only encrypted between the two endpoints. 

Lawyers practicing on the road should see Nicole Garton-Jone’s post on Slaw.ca from earlier this year on a secure mobile practice. Whether you consider yourself a mobile lawyer or not, using encrypted connections may give you – and your clients – some additional piece of mind.

Comments are closed.