Biscom Delivery Server

Biscom’s legal business continues to grow! We are pleased to announce the addition of 5 new legal clients. Our growth is the result of Biscom’s laser focus on the legal industry. During the last 2 years Biscom has collaborated with our legal clients to identify and deliver features and enhancements to better meet the secure document needs of law firms and corporate legal departments. Of particular focus for us has been the litigation and practice support groups that have a need for a high performance file and folder upload capability to support production discovery environments. We are also hearing from law firms that are increasingly concerned about the unsanctioned use of hosted file transfer services that increase the firm’s exposure to unauthorized access to confidential client data. Our strong encryption and authentication features as well as on-premise deployment are critical to helping our legal clients offer an easy to use, firm sanctioned self service secure file transfer facility to attorneys and administrative staff. And we are not resting on our laurels. Stay tuned for future announcements of product enhancements designed to improve attorney/client collaboration.

Biscom Delivery Server is now “in process” for FIPS 140-2 certification. FIPS 140-2 (Federal Information Processing Standard) certification is a US Government security standard for accrediting cryptographic modules. The National Institute of Standards and Technology (NIST) defines the cryptography requirements in its FIPS 140-2 publication, and software like BDS must pass the Cryptographic Module Validation Program (CMVP) in order to receive certification. Level 1 is geared towards software solutions, whereas level 2 is required for hardware solutions that have physical security mechanisms.

We have a lot of customers using BDS for HR – obviously HR departments have lots of personal information and they do have to work with insurance companies, health plans, payroll, etc. Zuckerman Spaeder LLP, a top law firm with offices in Washington, New York, Tampa, and Baltimore, started off using BDS in its HR department. News of the success led to the expansion of BDS to its litigation support team, and now is firm-wide.

CIO Shawn Mitowski just penned an article on FindLaw detailing how he chose Biscom’s secure file transfer solution to solve the security concerns of e-mail, and other unsecure methods to exchange documents. Big selling points were ease of use and security, as well as large file support. Thanks for the nice article Shawn!

For our healthcare readers out there, be sure to join us for a Webinar on Tuesday, June 14th, 2011, with nationally recognized security leader, Mac McMillan, CEO of CynergisTek. Avoiding data losses and security breaches should be a number one priority for hospitals and business associates dealing with private health information on a regular basis. Mac will provide an overview of:

• Encryption options
• Re-Evaluating Our Enterprise Security Standard
• Making Safe Harbor Meaningfu

Register for the webinar now.

Linda Musthaler, a frequent contributor to NetworkWorld, wrote a nice article (and a nice mention of Biscom Delivery Server) in the IT Best Practices Alert newsletter entitled File transfer solutions take pressure off email. She brings up great points about the issues with sending large files and the inadequacies of email, FTP, and thumb drives, especially for enterprises. This mirrors our view of email concerns, but she did seem to forget that Biscom has been offering an Outlook add-in for secure file transfer since Outlook 2003!

Mark Haas from Massachusetts General Hospital penned an article in the April 2011 edition of the Journal of AHIMA discussing how MGH solved their release of information (ROI) problem using Biscom Delivery Server.

One wrong keystroke or misplaced flash drive can run you $7.2 million.

That’s what a typical data breach will cost you these days, according to a data breach study released this month. This figure is up seven percent from 2009, with the most common causes of data breach attributed to breach incidents (41%), lost or stolen portable or mobile devices (35%), malicious attacks (31%) and system failure (27%.)

While $7.2 million is a sizeable sum we all can collectively cringe at, it doesn’t even come close to estimating the damage to your law firm’s reputation or client relations should it encounter a data breach. Get a taste of how it could feel by reading up on ACS:Law and how it failed to properly secure personal information.

Encryption Kryptonite

The study states that encryption is driving “a decrease in breaches due to system failure, lost or stolen devices and third-party mistakes.”  I’m a big fan of encryption (and I suspect anyone in the legal world would be as well), but like Super Man, encryption faces its own version of kryptonite: File transfers via FTP or email.  Both FTP and email post significant risks that can open the door for regulation violations or confidentiality breaches.

File Transfer Protocol (FTP) is limited to single authentication – not two-factor authentication which is a requirement of PCI and other security standards. Also, in today’s rushed law firm IT department, there is the risk of an FTP site being set up improperly or of rogue lawyers setting up their own sites.

Email is insecure because it doesn’t allow users to encrypt large files and documents as they are transmitted to the recipient. Plus, most companies and email providers have limitations on the size of email attachments to keep the strain off the servers. This results in bounce backs, error messages and information potentially getting in the hands of someone who shouldn’t see it.

The Remedy: Managed File Transfer

You can defeat encryption kryptonite from emails and FTP sites with managed file transfer (MFT). MFT is a secure method of transferring large files and sensitive data and is typically used in place of e-mail and FTP.

With MFT, you can send encrypted files through a designated network that automatically logs and centralizes the audit trail. This applies most commonly in situations where your company is regulated by the Payment Card Information Data Security Standard (PCI DSS), HIPAA, SOX and other regulations.

Here’s how one law firm uses managed file transfer and reduced IT help desk hours in the process.

Even with the best efforts, every law firm faces the potential of data breaches and the fallout that comes with it. By identifying weak links in your security – such as the encryption kryptonite of FTP and  emails – and applying technology such as MFT to combat it, you elevate your ability to thwart potential data breaches. And all in a single bound.

March 25, 2011. Biscom Delivery Server  has been invited to participate in a Mass Health Data Consortium and Platform Solutions panel discussion on  the topic of Security Controls for Meaningful Use.

Robert Matthews, from Biscom will be providing examples  of how healthcare leaders are using secure file transfer to protect personal health information  with minimal impact on user behavior and maximum compliance with HIPAA and HITECH guidelines.

During the past quarter, I’ve had the privilege of hosting a series of ILTA roadshows focused on security issues around file transfers. The roadshows – held in Boston, New York and DC – typically welcome around 20 IT professionals each from multiple law firms. The intimate size helps us all to have frank discussions about what keeps IT up at night.

On the forefront: Breaching client confidentiality and regulations.

Beyond the obvious dread of jeopardizing a law firm’s reputation and opening it up for massive fines, there’s a personal take as well. IT leaders are realizing that they are responsible for technology safeguards that protect client data and comply with federal and state data privacy regulations.

The Culprits: Email and FTP Sites

Two methods of potentially risky file transfer kept surfacing during our conversations: Email and FTP sites.

The attendees expressed concern that there seems to be little regard from attorneys and staff when  it comes to potential security breaches caused by using email and unsecured FTP sites  to transfer client documents and files.

It is almost like the proverbial Sword of Damocles is hanging over legal IT’s head. IT is only one wrong click or FTP error away from heavy fines and potential damage to law firms’ reputations.

Revenge of the Large Email Attachments

The 2010 ILTA member technology purchasing survey identified email management as the biggest issue facing legal IT for the third year running and the roadshow attendees verified that the ever-increasing size of email attachments is a growing support issue.

Is this scenario familiar?

An attorney tries to attach a 50 MB+ PDF to an email addressed to a client.  If the email is lucky enough to traverse the firm’s exchange gateway, there is a good chance it will get bounced back due to recipient email size limitations.  The attorney then receives an undeliverable message (sometimes not until the next day) and contacts IT for help.  Cue the IT support drama!

Would you believe that one of the most popular remedies is to break up a large file into multiple smaller files and then send multiple email messages?  This is a quick fix, yes, but doesn’t speak to a law firm’s technical prowess.

And Don’t Even Start us on FTPs

Another common option is for IT to erect an FTP site. After a communal groan, the attendees agreed FTP sites are often difficult to use, challenging to secure and an overall pain in the neck.

What do you think?

Does your law firm face challenges when transferring large files?  What do you think are the leading security issues around this?

Leave a comment below so we can continue the conversation.

Coming to a City Near You

ILTA is planning more roadshows for Biscom so hopefully I’ll be in your neck of the woods soon.  Feel free to reach out to me at cmagliato at biscom.com if you have a specific city in mind you’d like to see us in. I will keep you posted.

We’re pleased to announce integration with Microsoft’s SharePoint 2010 server. With this new connector, SharePoint users can send documents and files from their document repositories to external recipients easily and securely.

A few nice things about integrating with SharePoint:

• Completely secure collaboration
• No need to set up a separate external SharePoint site for external users
• Collaboration can happen without any tedious user setup in Active Directory
• All deliveries are tracked and logged
• Leverage your existing BDS application

For more information, see the new SharePoint page on our Web site.