Data security: Recipient checking specifically for law firms

Protecting matter files shared by email

New data privacy regulation is creating the need for ever tighter controls on how sensitive matter files are shared, coupled with stricter client audit requirements, law firms have some difficult security challenges to contend with.

Every matter handled by a law firm will contain files that need to be controlled and processed in specific ways because of the sensitive or confidential nature of the information involved. Each matter needs to be protected in its own way. This ranges from who within a firm can see files associated with a particular matter to what information that individual is privy to and, equally, who outside the firm is allowed to review files related to that matter.

Even the parameters of who can see information related to a particular case are a moving target, because those legitimately allowed to access a set of files might alter depend on the progress of a matter and what stage it’s at.

This renders many of the data security solutions currently available on the market lacking value for legal-specific workflows, as they’re not nuanced or flexible enough to change with the matter in hand.

For example, client-side recipient checking, even when if it uses machine learning, needs a body of activity and behavior to benchmark against – that means it needs to learn when something is being shared inappropriately, it can’t automatically know. And, conversely, based on its learning, it might block an action as anomalous when it’s simply a new Associate being brought into a matter who was previously excluded.

There are some simple steps law firms can take to protect against sensitive matter files being sent to the wrong people or people that aren’t authorized to receive information related to a specific matter.

Blacklists and non-corporate domain blocking

Sending confidential matter attachments to non-corporate domains is becoming a scenario that many law firms can use to block files. Usually this is a blanket policy applied at server level for normal data loss prevention (DLP) solutions, which dictates emails can’t be sent to Gmail, Yahoo, Hotmail etc. However, this security block gets in the way of employee convenience, and hence most security teams don’t do a blanket block.

However, certain engagements might require a stricter security policy, and specific blocks need to be put in place for these scenarios. The correct solution is to use a scalpel approach - limiting access only to that engagement - instead of a machete, which affects everyone in the firm.

This relatively simple approach to protecting matter files shared over email matches markers within the document and applies the said policy. This is one form of blacklist enforcement, and it could be fine-tuned with different rules according to a firm’s requirements on a specific matter.

Whitelist enabling

Whitelisting is effectively the opposite use case to a blacklist. According to the ILTA Technology Survey 2017, the number of law firms still using an optimistic security model is still more than 90%.

Moving to a pessimistic security model is the key to curbing data leaks.

While there are extensive controls in place at the Document Management System (DMS) level, email is still an open channel in most firms.

If specific groups within a firm, 3rdparties or clients are associated with a whitelist of contacts on a certain matter, then emails pertaining to that case should only be sent to that list of recipients. This list can be updated and changed as necessary. Equally, anyone outside that whitelist will automatically be blocked from receiving the email and its attachment.

A whitelist policy can be set at server level and automatically applied to outgoing emails, extending the DMS level (data-in-storage) protection to email (data-in-transit). All this happens without requiring intervention from users.

Matter-specific Secure File Transfer

Law firms can also establish a policy whereby their confidential matter documents are not transferred via email, period. After all, if a document is sent out via email, even to another appropriately sanctioned corporate domain, once it’s left the firm’s control systems it’s effectively “in the wild”. The controlling firm can no longer track or vouch for what happens to the document beyond that point.

If a file never leaves a firm’s ecosystem then integrity, audit and tracking can be maintained. This can be achieved by sharing files through Secure File Transfer (SFT) via a platform such as HighQ, Microsoft SharePoint, Workshare Connect, etc.  

At mail server level, the check here will look for document identifiers that tie an attachment to a matter, and then block the email from being sent, offering a secure link instead.


Complying with the security requirements set out in client audits, outside counsel guidelines and regulation can place complex demands on law firms, who need to process sensitive and confidential client data each day. This makes finding simple solutions, specifically designed for law firms, particularly powerful.

Using these three steps, law firms can implement recipient checking policies at a mail server level to automatically protect files associated with specific matter files being shared via email:

  • Implement a whitelist of those authorized to receive files related to each matter
  • Maintain the integrity of matter files by keeping them within the firm’s control system
  • Create blacklists as a catch-all to stop matter files going to the wrong people
Post a Comment

Add your comment