A lack of trust and technical know-how are holding back legal firms from digitising their workflows — but finding the right tools can be half the battle
For most UK law firms, the 2020 pandemic drove home the power of digitalisation.
While social distancing may have kickstarted remote work, the legal framework for tackling business online has already been in place for two decades. England, Wales, Scotland and Northern Ireland have all recognised the validity of electronic signatures since 2002, under the 2000 Electronic Communications Act.
Yet despite this long history and a heady springboard of technological progress over the last two decades, many legal companies still feel reluctant to move workflows online.
Common concerns include a lack of technical know-how, a dearth of resources, or worries about security.
But many of these misgivings are built on misconceptions, and can often be tackled with something as simple as finding the right tools to meet your company’s needs.
‘Common digitisation concerns include a lack of technical know-how, a dearth of resources, or worries about security. But many of these misgivings are built on misconceptions, and can often be tackled by finding the right tools to meet your company’s needs.’
As CISO and co-founder of Tresorit, the Swiss-Hungarian specialist in end-to-end encrypted cloud collaboration, my aim is to ensure as many people as possible can harness the opportunities that digitalisation can provide for growing, future-facing firms.
Tresorit’s comprehensive document management system caters specifically to sensitive files, ensuring that data and documents are protected throughout their lifecycle within one integrated interface.
Our latest add-on, Tresorit eSign, expands that platform even further, giving customers the power to sign documents electronically with the touch of a button.
But most importantly, our tools are also designed to tackle many of the perceived pitfalls that stop companies from embracing digitalisation, from legal and security worries to concerns about customer uptake.
We have rounded up four of the most pervasive myths about digital work and e-signatures — complete with tips on how your company can tackle them head-on.
Myth 1: E-signatures are untested under UK law
A 2021 survey carried out by the Solicitors Regulation Authority (SRA) in co-operation with Oxford University found that regulatory uncertainty was the main concern for legal firms holding back on adopting new legal tech solutions.
Some 45% of respondents felt that uncertainty around regulations on the use of legal tech was the critical barrier to their implementation, with most pointing to client confidentiality and GDPR.
In the UK, the Electronic Identification and Trust Services for Electronic Transactions (Amendment etc.) (EU Exit) Regulations 2019 (SI 2019/89) — otherwise known as UK eIDAS Regulation — already recognises three types of digital signature.
Simple signatures are defined as any electronic data used by a signatory that is attached to or logically associated with other electronic data — usually a digital contract. An SES requires no further proof of security or legitimacy.
‘As more legal firms have moved to storing and sending files online, the digital threats they face have also proliferated. But the key is being prepared for any potential dangers, rather than seeking to avoid them altogether.’
A second level of signature — advanced electronic signatures — requires greater care, and demands that the electronic data in question is uniquely linked to the signatory, capable of identifying the signatory, and linked to the signed data in such a way that any subsequent change is identifiable. It also requires the use of electronic signature creation data.
Finally, the highest level of electronic signature, a qualified electronic signature (QES), is created through a QES creation device and based on a qualified digital certificate for electronic signatures.
Tresorit eSign uses a simple electronic signature, or SES (although qualified electronic signatures will be available via the same user-friendly platform in the near future).
Not only are SES relatively-straight forward to use, but they have already proven their worth and legitimacy in the UK legal system.
English courts have previously come out in favour of even informal e-signatures. In one case, Golden Ocean Group Ltd v Salgaocar Mining Industries PVT Ltd, parties in the Court of Appeal were able to agree that ‘an electronic signature is sufficient and that a first name, initials, or perhaps a nickname will suffice’ when signing a contract of guarantee.
Myth 2: Customers do not want to go digital
In 2022, most people not only recognise the benefits of e-signatures, but already have some experience in using them. A study by Neopost France found that almost 74% of respondents had already used electronic signatures, and that 58% saw them as just as valid as their ink-on-paper counterparts.
At the same time, PwC’s 2020 Trusted Tech survey revealed that consumer trust in business technology was falling, rather than rising. So how can business leaders reconcile these two trends?
An erosion of trust is not a sign that companies should shirk away from digitalisation, but only that they should address customers’ concerns on data protection.
Showing your clients that you care about the security of their personal details should not be seen as a burden, but as a key step in building a productive working relationship.
Strong data protection is usually based on some form of encryption, and you will want to look at the different options on the market to see which kind of encryption is right for you.
But while encryption provides a keystone in stringent digital security, it is not the only thing companies can do to keep data safe. Tresorit eSign lets firms go the extra mile by providing document passwords, watermarks and time-limited links, and file access logs.
As all documents processed via Tresorit eSign are stored in Tresorit’s end-to-end encrypted environment, companies retain complete control over contracts and their confidential content at all times. With the help of tools such as set permissions, users can define who can view and edit each document, and how often or for how long they can be accessed.
Myth 3: Going digital invites greater risk
Some firms see moving workflows online as inherently risky. As more legal firms have moved to storing and sending files online, the digital threats they face have also proliferated. But the key is being prepared for any potential dangers, rather than seeking to avoid them altogether.
The truth is that all workplace tools — including email or even traditional, paper and ink documents — carry some form of risk.
One recent article from Information Security Magazine found that in the UK legal sector, one in ten cyber-security incidents were linked to data loss, but that these could stem from everything from a lost or stolen phone to paperwork being left on the train. Figures from Verizon’s 2022 DBI Report show that the human element continues to drive 82% of all data breaches.
Good digital security can both minimise the likelihood of human error, and put tools in place to mitigate the damage of any potential missteps. If you lose a briefcase stashed with confidential documents, then there is little that can be done to retrieve that information. If paper files end up in the wrong hands, they can easily be copied, photographed, or passed on. But with the right online tools, you can revoke access to documents that have been incorrectly shared, or add expiry dates for documents or links.
Digital security tools such as Tresorit will also include in-built auditing tools, so that IT team leaders can drive accountability and learn from past mistakes.
Access history logs will allow you to monitor which employees have opened a certain document, and can be easily exported. Some platforms will also be able to provide comprehensive reports in event of a data breach.
Myth 4: Complicated digital tools destroy productivity
Contrary to widespread belief, an arduous checking process is not the best indicator of a truly secure digital platform.
In fact, laborious security protocols not only eat away at productivity and efficiency, they can also pose a serious threat to your company’s cyber security.
‘The best IT solutions remove obstacles, rather than add to them. If staff find digital security tools cumbersome or difficult to use, they will often find a way to bypass them — and sometimes inadvertently put data at risk.’
The best IT solutions remove obstacles, rather than add to them. If staff find digital security tools cumbersome or difficult to use, they will often find a way to bypass them — and sometimes inadvertently put data at risk.
These shortcuts often result in the use of what is known in cyber security as shadow IT. If a staff member finds sending or sharing an encrypted file too complicated, for example, they may instead use an instant messenger or commercial cloud service.
But because these platforms are not built with business security in mind, they often contain vulnerabilities that can be exploited by hackers or other cyber threats. They also do not have tools that can guard against accidents such as mis-sent links, or stop sensitive documents from being photographed or forwarded on.
Good IT decision-makers prioritise solutions that put people first: tools that are intuitive and integrate seamlessly into everyday workflows.
Any change in IT should also be accompanied by a comprehensive training programme, so that staff feel supported, confident, and that potentially damaging errors are kept to a minimum.
Industry-leading digital platforms such as Tresorit will ensure that interfaces are clear and easy to use, even for those who are non-tech-savvy.
Further details on Tresorit eSign, as well as download options, can be found at www.tresorit.com/esign.
For more information, please contact:
Dietmar Spehr
Head of Brand and Communications
E: press@tresorit.com
T: +49 0151 509 117 01
How can I find the right encryption for my company?
Strong data protection is usually based on some form of encryption — but not all encryption methods are created equal. If your firm wants to embrace the benefits of digitalisation, then it is a good idea to have a firm grasp on the different offerings currently on the market.
In order to choose which kind of encryption will best serve your company, you will need to have some idea of your organisation’s digital needs. Often, this will involve looking into any local legal requirements in the markets where your firm operates, and investigating whether your firm faces any particular digital security risks.
In the post-Covid era, it is also important to check that your encryption system will remain secure even if staff need to access documents and data from multiple devices and locations.
To help you make sense of some of the terms you might come across while reading about encryption online, we have summarised three of the most common encryption types: in transit, at rest, and end-to-end (e2ee).
At rest
Most commercial platforms use at-rest encryption, which means that data is encrypted while being held on a data centre hard drive. If a hacker was to attack your files while in this state, they would not be able to read your documents.
However, because your files are encrypted using keys that are held by your data centre or cloud provider, these individual companies could potentially still access your files.
In transit
If data is encrypted in transit, then it is encrypted while it travels between its source and destination: outside ‘eavesdroppers’ will not be able to intercept or read your data while it is on the move.
However, your data could well have several stops while it travels between one device to another. Data sent online will often travel from its source device, to a network router, and an outside server before being sent back through the recipient’s router and its final destinations. In these cases, data is usually decrypted when it arrives at each of these stops, before being re-encrypted and sent on. Unfortunately, this can leave your data vulnerable to attack at multiple points. If a hacker gets access to the external server through which your data travel, they will be able to access and read your files.
End to end
True end-to-end encryption (e2ee) — which is already used by companies such as Tresorit — is usually considered the industry gold standard in modern encryption.
End-to-end encryption ensures that the only people who can see your data are the sender and the recipient. That is because your files and their relevant metadata are encrypted on your device with unique, randomly generated encryption keys. These keys are also encrypted as they are being sent to other servers, and accessing files is only possible with a user’s own unique decryption key. That means your files are not even visible even to your cloud or storage company,
One way to check whether a provider has end-to-end encryption is to see whether they offer a password reset feature. If they do, it means that your provider has to access your data — and their encryption is not end-to-end.