IOLTALaw.com

View Original

Sharing Information: Balancing Security and Convenience

Lawyers and title insurance agents send and receive correspondence electronically nearly every day. The level of security must correspond to the sensitivity of the information being sent. Generally speaking, security and convenience have a diametrically opposite relationship, like opposite ends of a seesaw. The higher one is, the lower the other. The challenge, and everyone’s ethical responsibility, is to balance the proper amount of security and convenience. This post briefly examines some common ways of sending information and the level of security associated with each.

Level 1:

For a cyber criminal intercepting several thousand emails daily, the subject line of an email is easy scan for keywords that show it as worth a second look. Programs are used to look for words and phrases that indicate the message has personal or financial information. Words and phrases such as “payment”, “wire”, “payment instructions”, and “bank information” should never appear in the subject line. More importantly, none of the information should ever be written in the subject line. 

Level 2:

The body of an email is easy to read. Any information in the body of an email that is intercepted or received at the wrong address can be read. The body of an email should not contain any sensitive information. The body of an email refers to anything that can be seen in the email without opening an attachment. 

Level 3:

An attachment within an email will be intercepted with the email. A level of security can be added by encrypting the attachment. Encryption is a way of scrambling data being sent out so it becomes a coded message. The recipient of the message then needs the code to un-scramble and read the message. This disrupts the process by requiring a cyber criminal to un-scramble the data. For example, the German enigma machine sent coded messages that could only be read if the recipient also had an enigma machine set to the proper setting. Like the enigma code, all encryption can be decoded with enough work, but having the code at the other end makes it an easy and a practical method of sending messages. While encryption does add an additional level of security, it is not a high level. Many people with the technology to intercept an email sent over WiFi also have the technology to un-scramble encrypted data.

Level 4:

A link to a secure, shared file is the most secure of the common methods of delivery. In this method a file is shared on a cloud service such as Dropbox. The originator stores the information in a file, creates a password, and determines who will have access to the file. The only information that is sent is the location of the data and the access password. The data is never sent to the recipient. The weakest link in this method is the password. All normal password complexity rules apply. In addition, the storage location and password should never be sent in the same message. To be more secure, they should be sent by different methods, such as the link to the file by email and the password by telephone.