Email Security for Law Firms with Box & mxHero
How Box's powerful content management platform with mxHero can secure every email sent by your firm — in one hour!
“May you live in interesting times”
- Ancient Chinese curse
Law firms are living in interesting times. With near total reliance on email, one of the least secure and hardest to manage technologies, firms face the multifaceted challenges of protecting information entrusted to them by their clients, strict observance to an increasingly stringent regulatory environment and the rapid rise of cyber-attacks targeting law firms as “soft targets." As if this weren’t enough, legal firms need to contend with significant internal resistance to change and adopting new ways of working.
“Last year was the year of law firm hacks. Law firms are soft targets; this is the world we are living in.”
- Andrew Tannenbaum, IBM’s Chief Cybersecurity Counsel
The good news, all is not lost. A combination of emerging technologies provides a surprisingly easy solution for many of these challenges. By combining best of breed technologies, law firms are able to not only mitigate many of the aforementioned challenges but also surpass the value single point solutions have been able to provide up to today. Here at mxHero, we predicted several years ago that the emerging class of powerful cloud content management platforms, led by Box, would be the future of content management and collaboration. Based on industry trends over the last several years, our vision seems prophetic. By connecting existing email systems with Box, we were able to present an innovative solution that has resonated with the legal vertical, whether that be law firms or legal business units within larger organizations.
We will now describe how many legal teams are using Box & mxHero to achieve new levels of email security without requiring significant implementation investment or effort towards end user adoption.
Email is Not Secure
Admittedly the bar for email security is not high. Native email sends full, unencrypted copies of attachments to anyone (even accidental recipients) without any downstream protections. Once delivered, the sender has no visibility or control over what happens with files sent through email — are they opened? If opened, when and by whom? Have the attachments been forwarded? Where was the recipient when they opened the files? Furthermore, no easy option exists to revoke access once an email attachment has been sent.
“Email was built for a different time, one in which cyber threats were few and far between. It should come as no surprise that email is the number one threat vector facing organizations today”
- Chris Ross, SVP - International at Barracuda.
Box is Secure
By contrast, content uploaded to Box and delivered as a Box link is secure. Files distributed through Box are delivered over encrypted connections that in themselves can require authentication, be automatically revoked and contain restrictions on download, deletion and alteration. Furthermore, any action over a file in Box is fully tracked with detailed audit trails.
By replacing email attachments with shared links to files saved in Box, a firm instantly benefits from secure delivery and control over its attachments. No longer are the firm’s emails “soft targets.” A hacker accessing an email that has Box links is denied immediate access to content he or she would have enjoyed if there had been traditional attachments.
Yes, Box is secure, but my users won’t or can’t always use it …
I can hear what you’re thinking, “Of course, adopting a secure technology like Box would greatly improve the security over a technology like email that has no security, but let’s be real, old habits die hard.”
I completely agree. Even though sending an attachment as a Box link is simply a matter of copy & paste, that is an extra step and an extra step that might be hard to do in certain contexts, like on a mobile phone (copy/pasting between phone applications with your thumb isn’t fun). Furthermore, users already have to deal with too much complexity in their work, why ask them to learn new tricks and jump through more hoops?
Combining Box security & Email attachments without user effort
Recognizing the reality that the additional steps needed to leverage a powerful content security technology like Box is unlikely to be easily adopted, mxHero developed a seamless process that automatically exchanges email attachments for secure Box links. The process is completely systemic, requiring no effort by the end user, nor any software installation on the user’s devices. Whether sending an email from their laptop or mobile phone, mxHero will ensure that attachments are stored to Box and automatically delivered as secure Box links. Finally, for recipients, the links are easy to follow and do not require special software to access file content.
At the flip of a centrally controlled switch on mxHero’s dashboard, every email sent from the law firm is protected. Importantly the type of Box protection, whether requiring authenticated or self-expiring access, is easily configured by the firm, which ensures the appropriate security gets applied depending on the file’s content and context. For example, email attachments sent internally can be automatically set to “organization access only” thereby allowing for easy access to the content by employees but denying access to files in the event an email gets forwarded outside the organization or if an attorney misplaces their mobile device.
Beyond security, let's look at compliance
Beyond ensuring that content is delivered securely, by replacing attachments with Box links, firms will automatically have the ability to comply with regulations like HIPAA that stipulate that PHI need be delivered via encrypted channels. Content saved on Box is always delivered through HTTPS encrypted links. With mxHero, ensuring that all attachments are accessed from Box, inadvertent transmission of sensitive HIPAA regulated files via email is no longer a risk.
Other benefits
What is so powerful about this solution is the simplicity of the model, the ease of end user adoption, the immediacy of deployment (1 hour most cases) and the meaningful, positive impact on overall security. Of course, security, governance and compliance are only some, albeit important, benefits of content saved in Box. To the degree that content moves out of hard to manage email and into Box’s powerful Cloud Content Management (CCM) platform — the firm benefits from greater productivity powered by the potential of workflow automation, artificial intelligence, machine learning, eDiscovery, boundary system integrations, and expansive innovation tools all powered by Box. At mxHero, we provide the non-user impacting technology pathway between email and Box. It’s the future of work and will drive the next wave of digital innovation for the law firms and the legal business units of tomorrow!