Crypto security is one of the two or three hot topics today. If you ask a firm, “do you want to make sure that your documents are secure?” This answer will of course be “Yes.” (Who would say no?) But the next two questions are the kickers: “Is the firm willing to take the necessary steps to make sure your documents are secure?” When you explain what this entails, the answer not infrequently turns to “No.” When you ask: “Is the firm willing to invest in the training and procedures that will enforce the steps necessary to make your documents secure?” an even higher percentage say “No,” frequently with the explanation: “the attorneys won’t stand for it.”
Think about it: how many people actually use dual-factor authentication when it is available or use a password manager so that they can in fact have different passwords for different sites?
And even if a firm does implement procedures, users frequently suffer from “crypto overload” – repeated messages that a transaction may not be secure and are you sure you want to go ahead. People just click yes.
So what you need is a system that is both secure and transparent to use. Hard drive encryption works well, but even for a small to medium size firm can amount to tens of thousands of dollars a month.
Enter Worldox Encryption At Rest (WEAR). WEAR will transparently encrypt files when saved and de-crypt them when anyone with the proper permissions tries to open them.
WEAR is a multi-layered encryption system based in part on the AES-256 industry standard, to which additional security has been added. Encryption/Decryption is based on the RSA public key/private key system. In addition, it features an optional two-factor authentication, which means for example, that if it is configured for the “Management/HR” Cabinet, then IT will not be able to access any files in that cabinet (although they retain access for anything without two-factor authentication). Previously, IT typically always had access to everything, so this is a unique feature.
The other key core feature is that WEAR has NO BACK DOOR. This has two crucial implications. The first is that the NSA will not be able to read your clients’ documents and emails (and yes, as Edward Snowden and Wikileaks have shown, they do). The second, even more important, is that if the firm loses its central passwords, its documents are TOAST. So the firm will want to store a copy of all the passwords (which are managed centrally, not by individual users) in a secure location (possibly on a labeled thumb drive in a safety deposit box or with a third-part escrow company).
In short: being secure involves more work and carries more responsibility in terms of passwords in particular. So we come back to the original question: does your firm really want to make sure its documents are secure?