Email security in law firms: did your recipient get your message?

Logistics and parcel distribution company DX has announced the launch of eDX, a secure electronic document exchange service enabling customers to share all forms of electronic information.

What does eDX do and how does it work?

eDX allows you to send encrypted emails so that people cannot read them even if they are intercepted. At the moment, people are able to hack someone else’s emails but eDX requires receivers to have an encryption key, which is needed in order to decrypt the message.

The encryption service is also useful if you email something to the wrong person. The sender can stop the wrong person from accessing the content giving the sender control over the data.

Data size

eDX enables you to send large files. There are currently firewalls on many servers limiting how much data you can send. These are typically set at around 10MB. However, eDX allows you to send files without a file size limit.

Why did you decide to introduce the new service, given that DX is used so widely?

Email is universally used by our customers. However, the systems used to send and receive emails are often not highly secure in business or private life. There is a need for security in this area—the same sort of security that customers have come to expect from the DX service. DX also wanted a technology that can be used by companies looking for small independent systems to large integrated networks, while plugging in to normal business tools such as Microsoft Outlook.

Do you see eDX eventually replacing DX?

At the moment, customers are using both DX and email. eDX is not a substitute for the current DX services and the two will still work together. Essentially it’s a choice between using current electronic services to send emails or a secure service such as eDX. This is an important feature for lawyers who need to comply with data protection rules.

How does a product become UK government certified?

eDX is partnered with Egress Switch, which is the only UK government certified email encryption product. Companies wanting to achieve this status are required to apply to CESG – a government authority that is part of GCHQ. CESG is the “National Technical Authority for Information Assurance” in the UK.

The scheme called “Commercial Product Assurance” certifies different products for the UK government and public service for security reasons. Companies, such as Egress, wanting to sell to government organisations need to go through a rigorous testing regime.

What advice would you give to law firms wanting to use eDX now?

Companies introducing eDX to the whole business may have to think about:

• the best ways to roll out the product;

• how they are going to train new users – it is the people on the ground that remain the biggest risk to security, and so firms should take the time to bring people on board and train them thoroughly to ensure compliance.

However, the technology itself is straightforward to use and easy to install. Individual users can access the service after going through a registration process either through the online platform or by downloading the software. The service is completely free for recipients of secure emails to use and the team at DX can support customers with the implementation of eDX.

Why might some in the legal profession be wary of using the new service? And how could their issues be resolved?

Some in the legal profession might be concerned by:

Where data is stored

The US Government, for example, is able to access data differently to EU nations. All data sent over eDX is stored in the UK remaining out of reach of US authorities and so abiding by Government assurance certification. Copies of encrypted data sent overseas are also stored on UK-based servers. Users can choose to store their data in one of two independently accredited UK data centres or use an on-premise installation where data is stored locally within the firms existing infrastructure, meaning they retain control at all times.

The need for new technology

Businesses are already using encryption services. However, typically people use encryption for dealing with particular clients or customers and the settings are personalised for that firm. eDX allows anyone with access to the system to secure data meaning the data provisions are much wider.

How do you see this technology developing?

Encryption technology in business will increase, as more awareness grows around it. The Government has made information security a top priority after the Edward Snowden affair showed it was possible to tap into emails that were not using highly-developed technology.

As well as this, there is also a greater awareness of the penalties for incorrectly handling data leading to a growing demand for technology.

Michael MacClancy, of logistics company DX (Interviewed by Rachel Moloney)

The views expressed by our Legal Analysis interviewees are not necessarily those of the proprietor.

First published on Lexis®PSL.

Filed Under: Technology

Relevant Articles
Area of Interest