Debunking the myths holding back digitalisation

For most UK law firms, the 2020 pandemic drove home the power of digitalisation.

Yet despite this long history and a heady springboard of technological progress, many legal companies still feel reluctant to move workflows online.

Common concerns include a lack of technical know-how, a dearth of resources, or worries about security.

But many of these misgivings these concerns are built on misconceptions, and can often be tackled with something as simple as finding the right tools to meet your company’s needs.

Tresorit, the Swiss-Hungarian specialist for end-to-end encrypted cloud collaboration, gives customers the power to sign documents electronically with the touch of a button.

It’s the latest key step in the company’s creation of a comprehensive, protected and legally secure document management system, catering to the entire lifecycle of sensitive files in one integrated platform.

But it also tackles many of the myths holding companies back from digitalisation head on by prioritising an easy-to-use interface without sacrificing trust or security – making e-signatures a practical, must-have tool for modern law firms.

Legal pedigree

If your firm is looking to take the jump to digital, it is important to understand the different kinds of electronic signature that exist in UK law.

In the UK, the Electronic Identification and Trust Services for Electronic Transactions (Amendment etc.) (EU Exit) Regulations 2019 (SI 2019/89) – otherwise known as UK eIDAS Regulation – recognises three types of digital signature; simple electronic signatures, advanced electronic signatures, and qualified electronic signatures.

Tresorit eSign uses a simple electronic signature, or SES. Simple signatures are defined as any electronic data used by a signatory that is attached to or logically associated with other electronic data – usually a digital contract. An SES requires no further proof of security or legitimacy.

Not only are SES relatively straight forward to use, but they have already proven their worth and legitimacy in the UK legal system.

English courts have previously come out in favour of even informal e-signatures. In one case, Golden Ocean Group Ltd v Salgaocar Mining Industries PVT Ltd, parties in the Court of Appeal were able to agree that ‘an electronic signature is sufficient and that a first name, initials, or perhaps a nickname will suffice’ when signing a contract of guarantee.

Building trust

But what holds companies back from digitalisation often isn’t the opinion of courts or local authorities, but concerns on uptake from legal firms’ top priority: their clients.

If companies want to maintain customer trust, they need to address their concerns – and that means ensuring client data is protected at every step.

Strong data protection is usually based on some form of encryption – but not all encryption methods are created equal. Choosing the right encryption to suit your company can be daunting, and the best first step is usually focusing on your business’ specific needs.

This will involve looking at local laws within the markets your firm operates, such as GDPR regulations, and whether your firm faces any particular digital security risks.

In the post-Covid era, it’s also important to make sure that documents and data will remain secure even when they are being accessed from multiple devices and locations.

True end-to-end encryption – which is already used by companies such as Tresorit – is usually considered the industry gold standard in this area.

Most platforms will use at rest encryption: where your data cannot be read while stored on a data center hard drive, but where the provider itself will still have access to your files.

End-to-end encryption ensures that the only people who can see your data are the sender and the recipient. That is because your files and their relevant metadata are encrypted on your device with unique, randomly generated encryption keys. These keys are also encrypted as they are being sent to other servers, and accessing files is only possible with a user’s own unique decryption key. That means your files aren’t even visible even to your cloud or storage company.

One way to check whether a provider has end-to-end encryption is to see whether they offer a password reset feature. If they do, it means that your provider has access your data – and their encryption isn’t end-to-end.

While encryption provides a keystone in stringent digital security, but it isn’t the only thing companies can do to keep data safe. Tresorit eSign lets firms go the extra mile by providing document passwords, watermarks and time-limited links, and file access logs.

As all documents processed via Tresorit eSign are stored in Tresorit’s end-to-end encrypted environment, companies retain complete control over contracts and their confidential content at all times. With the help of tools such as set permissions, users can define who can view and edit each document, and how often or for how long they can be accessed.

Easy-to-use

While many companies pushing towards digitisation will naturally prioritise customers, it’s also important not to overlook the real engine of any company: its workforce.

While we often imagine issues such as data leaks as stemming from malicious outside attacks, they can be caused by something as simple as a mis-sent email. Any change in IT should be accompanied by a comprehensive training programme, so that staff feel supported, confident, and potentially damaging errors are kept to a minimum.

It’s also important that new IT systems or workflows aren’t too time-consuming. Laborious security protocols not only eat away at productivity and efficiency – but they can also pose a serious threat to your company’s cybersecurity.

If staff find digital security tools cumbersome or difficult to use, they’ll often find a way to bypass them, often by sending data via an instant messenger or commercial cloud service.

But because these platforms aren’t built with business security in mind, they often contain vulnerabilities that can be exploited by hackers or other cyber threats. They also don’t have tools that can guard against accidents such as mis-sent links.

Ultimately, good IT decision-makers prioritise solutions that put people first: tools that are intuitive and integrate seamlessly into everyday workflows.

Dietmar Spehr is head of brand and communications at Tresorit.