What are 3 Ways an Audit Trail Can Help Protect Law Firms and Their Clients?
The first blog in this 2-part series made it clear that legal documents should never be shared via email, and many file sharing services lack adequate security. They also routinely fail to hold users accountable as they often do not provide many logging features or visibility into user activity. A detailed audit trail containing information on every file interaction enhances accountability. It can even make it is possible to serve legal notice electronically, depending on local laws.
XMedius delivers two secure, simple to use file sharing solutions that leverage an audit trail: XM SendSecure and XM Fax. XM SendSecure is a secure file sharing service that enables law firms to know with confidence that files were delivered properly and whether their clients and concerned parties reviewed documents sent to them. XM Fax, our Fax-over-IP (FoIP) solution, enables users to fax documents directly to the intended recipients from Outlook, a Web page or a mobile app while improving the level of security of a traditional fax machine. FoIP prevents the delivery confirmation from being printed and seen by all like if it was sent to an office-wide fax machine.
The features of both XM SendSecure and XM Fax, including their audit trail, help support law firms in protecting attorney-client privilege, helping to ensure proper delivery of documents, and maintaining a clear chain of custody for documents and evidence.
Ensure Proper Delivery of Documents
Detailed audit trails and reports are an integral feature of both XM SendSecure and XM Fax. When a file is sent via XM SendSecure, a secure SafeBox for file sharing is created, and every interaction with the given SafeBox is logged from the moment it is created. Each log is timestamped and contains the login name and IP address of the user performing the action. The logs even record details such as the total amount of information downloaded from a given file, which can be used to verify files were properly downloaded. Leveraging this information, audit reports from XM SendSecure can be used to prove documents were delivered to and viewed by concerned parties. The level of detail in the reports may even make it a viable option for electronically serving notice, depending on local laws and rulings.
Since XM Fax is a FoIP solution that delivers a document directly to the fax of recipient, a receipt with the recipient, file information, and delivery confirmation is delivered to the sender’s inbox once the transfer is completed.
Maintain a Clear Chain of Custody
XM SendSecure’s audit trail, which include a cryptographic hash function, also establishes a clear chronological order of actions taken by users in the SafeBox. This enables law firms to maintain a clear chain of custody for digital files so that it is easy to verify who viewed what and when, as well as determine who uploaded files and when. This can be immensely useful in case of a dispute over unapproved changes to a final version of a given document sent for approval (such as trying to sneak in a clause that could unfairly benefit one party), or to prove a document was edited after being approved by all parties. The cryptographic hash is an important feature allowing the verification of file integrity. Comparing cryptographic hashes generated by encryption before and after transmission can determine whether any changes have been made to the file.
The audit trail also can assist in determining the source of leaked files. While XM SendSecure most likely won’t be able to definitively determine who is responsible, reviewing users who successfully downloaded files via the audit trail can assist in creating a list of suspects.
Protect Attorney-Client Privilege
Perhaps the biggest risk with emailing or using a basic file sharing services to distribute documents is inadvertently violating attorney-client privilege. Regardless of whether the information was gleaned from an email intercepted when leaving the network, was the result of a misaddressed email, or was obtained via a forwarded link to a shared folder, sensitive legal and/or personal information winding up in the wrong hands can result in embarrassment or even financial damages.
XM SendSecure helps solve for this by combining the best elements of both email and file synch and share services while baking in a detailed audit trail and greater security controls than most other file sharing services. Going well beyond basic encrypting data in transit and at rest, XM SendSecure enables users to create a file sharing SafeBox that leverages features like two-factor authentication (2FA). Featuring a Microsoft Outlook connector and connectors for MPFs, XM SendSecure enables a user to quickly create and share a SafeBox from right in Outlook or even their multi-function printer. XM SendSecure also features mobile and web apps, making it versatile and easy to use on the go.
Unlike emailing files, the two-factor authentication in XM SendSecure SafeBoxes requires the recipient to verify their identity based on information known by the sender (such as email address, phone number, etc). This helps ensure files are only ever accessed by their intended recipients. Even in the event a link to the SafeBox is forwarded to an unintended party, they would still need access to the original recipient’s email account and/or phone to access the files.
Since files sent to and downloaded from a SafeBox are encrypted, it will be protected from outside parties monitoring the law firm’s network. Another perk is that unlike traditional fax, XM SendSecure can support an unlimited number of files and of any format up to 5 TB each in size.
XM SendSecure also features ephemeral storage that is designed to automatically delete its contents on a set expiration date. This reduces undue risk from old files remaining in a shared folder past when is necessary. Additionally, while a member of a given SafeBox can view activity logs at any point, when the expiration date passes, a final audit report is generated for the SafeBox creator. The final report contains detailed information on every user invited to the SafeBox and all their interactions with the SafeBox. XM Sendsecure even logs download completion percentages, which can be used to ensure those that downloaded a given file received the complete file. This record can help keep users accountable and avoid breaches of attorney-client privilege.
XM Fax also supports protection of attorney-client privilege. Unlike traditional office fax machine set ups, where there is a potential for uncollected documents to be viewed by unintended recipients, XM Fax allows users to send and receive fax documents directly from and in an inbox. XM Fax also features retention policies that can be set to automatically delete files from the fax server upon send completion. This helps eliminate the risk of files being viewed by an unintended party while providing the same level of security for data in transit as a traditional fax server.
Law firms don’t need to incur the expense of a process server every time they need to ensure documents are delivered. XMedius has a suite of secure, cost effective, and easy to use solutions like XM SendSecure and XM Fax that can help support your firm’s secure file sharing needs.