How Law Firms Can Communicate Securely With Clients, Without Compromising Ease of Use

For most law firms, the biggest communication challenge isn’t a lack of technology—it’s the balance between ease of use and security.

Email remains the default channel because it’s familiar to clients of all ages (the so-called “silver surfers” are far more tech-savvy than many assume).  Reliance on email alone carries inherent risks, and alternative platforms often introduce friction that slows communication, increases workload and/or deters client adoption.

Below is a practical, realistic overview of the approaches firms are using today, and what actually works in real-world legal practice.

Email-First, Wrapped in Strong Security

Across the sector, the target model is “email-first, secure-always.” Email is still the path of least resistance, but firms are strengthening their infrastructure with:

• SPF, DKIM and DMARC alignment to prevent spoofing
• Multi-factor authentication for all staff
• Conditional access policies to stop unauthorised logins
• Anti-impersonation protection via Microsoft Defender or Mimecast

This approach recognises reality: clients want to communicate via email, so firms must make email as secure as reasonably possible.

Secure Document Sharing Through DMS Platforms

Firms using products such as iManage or NetDocuments often take advantage of built-in secure sharing tools:

• One-off sharing links or dedicated collaboration spaces
• Access protected by an agreed email/password or one-time credentials
• Optional change alerts or email notifications when new material is uploaded

These systems keep documents inside the DMS—maintaining version control and audit trails.

Using Cloud Links Instead of Attachments

For firms without a full DMS, OneDrive or SharePoint provide a middle-ground:

• Send links, not attachments, allowing access to be revoked if mis-sent
• Use “specific people” links or password-protected project links
• Set all links to auto–expire (ideally 30 days)

This is mostly about limiting the blast radius of mistakes rather than achieving military-grade security.

Note: This can lead to lawyers storing material outside the DMS, so governance is key.

Secure Email Portals—Useful but Clunky

For highly sensitive matters, firms turn to secure email add-ons such as:

• Egress
• Mimecast Secure Messaging
• Microsoft Encrypted Email (E3 licence required)

While effective, these tools often frustrate clients due to repeated logins or one-time passcodes. They should be reserved for confidential or high-risk exchanges, not day-to-day communication.

Dedicated File-Sharing Solutions

Some firms opt for standalone “data room” environments when they lack a DMS or want airtight segregation:

• Thomson Reuters HighQ (powerful but expensive)
• SharePoint Online with client-specific subfolders
• Citrix ShareFile
• Traditional FTP site (popular for large data rooms)

These platforms offer structured, password-secured spaces clients can access throughout the matter and are great for sharing bulk documents but not for day-to-day exchanges.

Password-Protected Attachments

A traditional but still widely used option:
Password-protect sensitive attachments and share the password separately (ideally not in the same by the same communication method).

Using Cloud Links Instead of Attachments

For firms without a full DMS, OneDrive or SharePoint provide a middle-ground:

• Send links, not attachments, allowing access to be revoked if mis-sent
• Use “specific people” links or password-protected project links
• Set all links to auto–expire (ideally 30 days)

This is mostly about limiting the blast radius of mistakes rather than achieving military-grade security.

Note: This can lead to lawyers storing material outside the DMS, so governance is key.