Can Canadian law firms safely use OneDrive for sharing files with clients?
By admin, June 6, 2019
Despite the unquestionable benefits of using the cloud, some law firms are still hesitant to adopt it due to data protection policies.
But perhaps using file sharing tools available on the market — one of which is OneDrive — can change your mind. These storage options allow users to access documents simultaneously, anywhere, anytime, and on any internet-connected device. OneDrive can be a great collaboration and storage tool — but only if used properly.
A brief overview of Canadian privacy laws
Compliance is one of the major difficulties that come with cloud migration. Canada has provincial and federal laws for cloud storage providers. The provincial privacy laws apply to provincial government agencies and their handling of personal information. The federal laws, on the other hand, are comprised of the Privacy Act, which covers how the federal government handles personal information, and the Personal Information Protection and Electronic Documents Act (PIPEDA), which covers how businesses handle personal information.
Although there are distinct compliance obligations for each set of laws, they generally require organizations that handle sensitive personal information to implement several security measures. These include encryption of data in transit and at rest, advanced threat detection, strong user authentication and access restrictions, and backups.
With these laws to consider, let’s find out if using a cloud storage application like OneDrive is a good idea for Canadian law firms.
Securing your data with OneDrive
Data breaches happen when users fail to use the security features available in their cloud storage systems. For instance, you can create a direct link to a website in a file sharing tool like OneDrive, but since it can be accessed by anyone who has the link, it’s much safer if you encrypt your shared links. The advantage of using OneDrive is that encryption of all data, whether in transit or at rest, is available for business users.
Also, your files will remain private unless you choose to share them or save them in the Public folder. To secure your files, you should password-protect them, so only authorized users have access to them. Furthermore, you can add a two-step verification, which makes logins much more secure by adding an additional layer of security such as a one-time password (OTP) sent via text message or an authentication app.
Some programs also have a “notify when accessed” feature. This alerts you immediately if unauthorized users attempt to access your files. It lets you know how and when your information is being accessed.
Putting an expiration date on shared information will ensure that your client file won’t dwell on the internet in perpetuity. This can be a problem in case it falls in the hands of cybercriminals. In worst-case scenarios, a backup and disaster recovery (BDR) plan will be useful in case your data is compromised.
If you want to take the extra mile, hire a reputable managed IT services provider (MSP) to ensure that your files are safe. Aside from encrypting your files, their IT team will add more security measures and help you develop and test a robust and effective BDR.
When it comes to protecting client data, make sure your security procedures are as strong as they can be. Contact Vertex today for more information about cloud security and the Canadian Privacy Law