As law firms around the world continue to progress towards a “paperless” system (whilst the Courts lag far behind), a common question that I get asked is whether Cloud Storage, specifically Google Drive, is “secure” for storing legal files.
The short answer is yes; Google Drive is secure for lawyers and can be used to store confidential documents. Google’s services have ISO 27001 certification so, if used correctly, Google Drive, and all G Suite apps, are safe, private, and secure.
Of course, that’s only the short answer – “secure” is quite a vague term and its meaning in the context of law firms is a lot different from its meaning to society as a whole. Likewise, it’s all well and good knowing that Google Drive is “secure”, but it’s also worth understanding exactly how to use it in an appropriate manner.
Physical Storage Security vs Google Drive Cloud Storage Security
As a law firm, you deal with both your own and your client’s important and private documents. If you’re a family lawyer, you might hold private information relating to a client’s personal life. If you’re a financial lawyer, you might hold a client’s confidential tax records. In addition, any notes you’ve taken relating to these files are likely not just confidential and private, but also covered by the “sacred” attorney-client privilege.
So of course, these documents need to kept safe and secure so that they are accessible to your eyes, and the eyes your client has authorized, only. The documents, for all extents and purposes, need to be entirely under your control as a lawyer.
Traditionally, the way in which this control was achieved was by keeping documents on site, or in secure physical off-site storage. Once the documents were no longer required, they could be shredded and discarded.
With this traditional setup, the only way in which a malicious actor could see these documents is by physically gaining access to them. Either by breaking into your office, and then into your safe, or by manipulating a person with authorized access. In both cases, the malicious actor had to obtain physical access, and this is no easy feat.
However, by storing your files in a Cloud Storage solution like Google Drive, this physical access hindrance is taken away. With Google Drive, a malicious actor can attempt to access confidential documents from anywhere in the world. And they can do this in one of two ways:
- By hacking into Google and stealing the raw stored data.
- By obtaining your login credentials and accessing your stored files.
However, whilst at first this may make Google Drive seem less secure than the traditional way in which law firms store documents, there are some things to consider.
First, all files stored on Google Drive are encrypted to the same standards used by the US government. So even if someone managed to hack and steal data from Google (which is highly unlikely), they would only have a bunch of gibberish data, and they would not be able to turn that gibberish data into anything comprehensible.
Second, whilst it may seem that obtaining your login credentials is a comparatively easier task, there are still a number of easy steps you can take to mitigate risk in this area. In fact, if you set up your Google Drive account in a way that is intelligent and sensible, it will probably be significantly more secure than traditional, physical, forms of storage:
How Lawyer’s Can Use Google Drive in a Secure Manner
- Configure your Google Privacy Settings to be as secure as possible
- Use 2-factor authentication for logging in to your Google Account
- Use strong passwords (that are not used elsewhere)
- Disable file syncing
- Disable any third-party apps associated with your Google Account
- Disable Google Drive offline storage
- Disable the ability to share files outside your business domain
The most important piece of advice here is enabling 2-factor authentication so only you can access your account.
Conclusion and Ethical Considerations
The general standard for storing lawyer’s client files is one of “reasonable care”. This usually means that there is an ethical obligation for lawyers to keep up to date on best practices for safeguarding confidential client information to guard against attacks.
Realistically, Google Drive is one of the safest platforms there is for securing confidential legal data. But as discussed above, this is dependant on your ability to use Google Drive in a sensible and appropriate manner.
So, to answer the question again: Yes, Google Drive is secure for lawyers. However, if you’re thinking about using Google Drive to store confidential legal documents, it’s probably worth speaking to an expert who can help set things up correctly for you and teach you best practices.