Stop Emailing Attachments
Every day you probably attach a document (or two) to an email, send it and move along. However, there are a lot of options for sending documents electronically that are far better than attachments. Most law firms have several products designed to securely send documents, collaborate, review, and collect information. Before you reflexively attach a document to an email, think about the intended use of the information and ask if there is a better way.
What Is the Problem?
Sending attachments via email is problematic for a host of reasons. The least of these is a drain on personal productivity. Without additional organizational tools and procedures, sending or receiving attachments requires many steps. Attaching documents to email means the sender must open an email, compose the message, click on the attachment icon, locate the file, attach and send. When someone receives an email attachment, they will need to open the email, open the attachment, save it where appropriate, close the attachment, close the email and save the email in the appropriate folder. So, what else?
Delivery and Receipt
If you send a file or multiple files that exceed the size allowed by the recipient’s email handler, you may get a notification that the email was rejected. Sometimes you will not. Different providers set different limits for what can be sent and what can be received. Some businesses change the standard file size limitations to reduce the storage burden on their servers. There is no standard, and without checking the file size before sending and then knowing the limitations on the recipient’s end, you may go through levels of frustration just trying to send an attachment.
When you send an attachment via email, it is more likely to be caught by a spam filter and blocked. You will probably get no notice that the email delivery has failed, and unless the recipient checks the spam filter or delivery report from their spam prevention gateway, they will never know what they missed. If the attached file has a macro embedded, it will assuredly be blocked by most spam filters.
Unless you are intentional about how the attachment is delivered, it is almost impossible to know if a recipient opened an attachment. Microsoft’s “read receipt” is opt in—the recipient must assert by clicking that the email was “read.” However, this does not tell you whether the attachment was opened.
When sending an attached Word (or WordPerfect) document, do you know if the recipient has the tools to open the document? On their desktop? On their smartphone? Especially if you work with mostly consumer clients, they may not have the right software or service to open the document. While there are many ways to open a Microsoft Word document, many will be read-only. If you want the recipient to make edits or suggest changes, they will need to know how to open the document in a tool that allows for editing. Assuming the recipient has all the tools you do—a licensed copy of MS Word, access to a printer or a scanner and the knowledge of how to use them—is a big leap.
How many times have you typed “see attached” only to get the response “what attachment?” While Gmail and Outlook have some intelligence now to remind you that you forgot the attachment, that is dependent on the language you use in the body of the email. It still happens every day.
Emails can be and are spoofed. Real estate practitioners are especially aware that bad actors seek to send wire instructions to unsuspecting clients by making an email appear to be sent from the firm. Sometimes the spoofed emails are easy to catch; sometimes they are not. While you may tell your client that wire instructions will never be sent by email, close to closing and under pressure will the client really have your words top of mind? A recent case, Otto v. Catrow Law PLLC, No. 19-0361 from the Supreme Court of Appeals of West Virginia, illustrates this example. The Ottos received an email with wire instructions and followed them. They sent $266,069.22 to a scammer, which was never recovered. They sued their real estate agent, the real estate company and their law firm. The law firm was ultimately not found at fault because it corresponded via encrypted email, which the court found was sufficient to meet the standard of care. Would the findings have been different if the firm merely relied on an email disclaimer?
The U.K. Information Commissioner’s Office latest report on data security incident trends indicated that in the third quarter of 2020, misdirected emails accounted for 55 percent more reported incidents than phishing attacks resulting in data breach. It is far too easy to send an email to the wrong person. Attachments to those emails are more likely to have protected information, such as personally identifiable details. Microsoft Outlook has a “recall” function, which simply does not work if an email is sent to a party outside the sender’s Exchange Server environment without additional safeguards such as information rights management. However, Gmail has an “undo” feature that does work—so long as you catch your mistake within your selected cancellation period of 5, 10, 20 or 30 seconds. So if the sender realizes the mistake within the time period they set, they can click the Undo button and get back to the sent message in draft mode.
When you email an attachment, you lose control of the document forever. The email can be forwarded, the document downloaded and the attachment shared with whomever the recipient chooses.
Data Sprawl and Storage
When you send a document as an attachment, the recipient can, unless protections are applied, open the document and make changes. Now there are two versions of the document. You make further changes to your copy and resend it. Now there are three versions. While you may use file naming conventions to manage versions, will the recipient? Version control, especially in documents like contracts, is essential to the integrity of the document.
Attaching documents to email makes retention and data governance exceptionally difficult. For instance, if you send one file to three people, there could now be at least 20 copies of the file. The attached file is stored on your email server, email archive, file server or the device from which it was sent, and the mobile device you sync with your email. The recipients also have copies in their inboxes, their email servers, backup servers and their devices. If they then forward your email with the attachment, the number of copies of the document exponentially increases, like the Gemino Curse in Harry Potter. Retention and destruction of files become almost impossible.
IT departments at law firms constantly struggle with managing the size of users’ PST files. In addition to costs for storage, email becomes slow and unreliable due to storage demands. The act of attaching a document to an email takes a copy of a document from a server, cloud storage or local drive and puts it on the email server. Law firm IT departments will often send out a notice for users to clear their stored messages or deploy automatic archive tools.
Why Do We Persist?
Why do lawyers continue to attach files to email, even when they know this method is riddled with issues? One reason is inertia. Even the most Luddite lawyer knows how to attach a document to an email. They rely on an overly long disclaimer appended to the email to protect them from unintended consequences. Attaching a document to an email is easy and does not require the sender to focus on what action they seek as a result of sending the document. Attaching documents to email is old school, hand in hand with relying on print, fax and mail. To change their behavior, lawyers should consider first what they want someone to do with the document and what methods are most conducive to eliciting the action.
What Are You Trying to Accomplish?
There is inevitably a reason you are sending a document to someone. You may need to acquire a signature. You may want the recipient to review and comment on the document. You may be seeking collaboration from multiple authors/stakeholders. You may be providing a copy of the document for their files. When you consider what you want from the recipient, this will help guide what technology you use to initiate the exchange.
Are you sending a document to a client for signature? Sending a Word document as an attachment is simply the worst way to accomplish this. Without professional tools at the ready, the client will need to print the document, sign it and mail it back. If she has some savvy and the right software, she may convert the document to PDF, stamp her signature on the document, flatten it and email it back. Or print it, sign it, scan it and email it back. Do not put the onus, time and effort on the client! Invest in technology that lets you send a document that can be opened on any device and signed with a mouse, stylus or by typing. If you have Adobe Acrobat DC, you already have this functionality through the built-in Adobe Sign. Take your document—say an engagement agreement—and prepare it for signature. Assemble the document, convert to PDF, and use the Fill and Sign workflow to sign the document, and lay in fields like checkboxes, “initial here” prompts and a signature block. You can send to multiple signers with a preferred order, specify where to fill and sign, then send and track progress. You can add password protection and set reminders. All these features are built into a tool you probably already have. Other signature tools like Citrix RightSignature, DocuSign and HelloSign have similar and sometimes more robust features and workflows.
Have you ever received a Word document that looks like a “form,” requiring you to submit information by typing on the “fields”? You start typing and the lines start moving. You backspace over the lines so you can keep the text from shifting. You spend more time trying to keep the format intact than filling it out. How frustrating! Or, you receive a PDF form that is not a form at all, so you either print it, add the information and scan it, or use the Add Text feature in Acrobat or a similar product? Or possibly worse, get a PDF form only to realize that the form is set up so that certain text blocks limit characters severely or the text you enter gets smaller and smaller as if you took a nibble off Alice’s cake? If you find these experiences frustrating, then do not do them to other people. There are dozens of products—legal-specific, consumer and business-focused—that make it easy for people to securely provide information. Intake? Try a legal-specific CRM (customer relationship management) product. Many of the document assembly tools now let you create a client “interview” so that the client fills out a form or guided interview and a document is generated on the back end for your review and finalization. Or use a product like JotForm to collect sensitive data with end-to-end private key encryption. Then merge the collected data into your document through Word or WordPerfect merge fields. You can save your client and yourself time and frustration.
If you want to have multiple people help craft a document, then emailing an attachment is the least effective way to start. Microsoft and Google have multiple ways to support this endeavor in their paid and free browser-based word processors. If you are using Microsoft 365 Business Standard, simply open a Word document like always, then when you want to share for input from collaborators, click on the “Share” button in the upper right corner. You will see many options to specify who has access to the document, if they can download it, expiry dates and more. You will receive email notification when someone opens the document. The document will automatically be stored in OneDrive or SharePoint. You can track versions, see changes, view specific changes by author, revoke permissions and more. Google Docs and Google Workspace have similar features.
Sending Documents for Review
Microsoft 365, Adobe Acrobat DC and Google Workspace all let you share a document with limitations to view, only add comments, disable downloading, set up receipt notifications and much more. For instance, if you want a client to review an estate plan for approval, then convert the Word document to PDF and use the send-for-review features. The recipient will receive a link to the document and can review and comment in the browser. You can add deadlines and reminders, and revoke access. If the recipient logs in, she can download the document, so if you do not want anyone to alter it, set read-only permissions on the PDF before you share it. Alternatively, you can share a Word document in Microsoft 365 for comment and set editing permissions (Review-Restrict Editing) then specify the user, expiration date and block downloads when sharing.
Receiving Client Documents
If you have Google Workspace/Drive, Microsoft 365 Business Standard or Premium with OneDrive/SharePoint; any number of cloud-based practice management applications; or an online document storage product like Dropbox, Box, Tresorit, Citrix ShareFile or certain document management systems, then you can provision a folder or set up portal access for your client and give them a place to upload (and download) documents. This may require a little training for some clients, but if you focus on the benefits (security, ease of access), you will likely find little resistance. You will be able to track access, control permissions, add security and reduce email attachments.
There are many technologies you probably already have that can make sending and receiving documents electronically safer and more streamlined. The hard part will be stopping yourself from attaching a document to an email because habits and muscle memory are hard to overcome. However, there is a lot of benefit to making the switch. Like anything new, you and the recipients will have some questions and possibly frustrations when you start, but you will figure out the workflow and best practices. As wonderful as these tools can be, one thing that sharing documents versus attaching them does not solve is sending the wrong document. Always preview the document before you share it.
©2021. First published in Law Practice Magazine Vol. 47 No. 3 May/June 2021 by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association or the copyright holder.