What data security best practices should law firms take when working remotely?
With law firms being forced to work remotely, there may have not been considerable time to plan effective data security during the transition. Now that many are becoming used to working remotely, law firms should be paying close attention to keeping their data safe, which can be a challenge when everyone is operating on a different network.
When in the office, it becomes easier to maintain digital security. There’s a limited number of wi-fi and access points, and general usage and programs can be kept up to date. Outside of the office it becomes more important to develop an effective plan to keep everyone’s security up to speed and to train staff on proper procedures.
Even with offices open, it’s likely there will be a shift toward long-term remote work – meaning firms should prepare rather than view the situation as short-term.
Confidentiality requirements
Under the Rules of Professional Conduct, lawyers should be careful to maintain confidentiality. This extends to proper use of technology. If you’re using technology you’re not sure is secure and client information is exposed, it could put you in front of the ethics committee.
Know what you’re using
Do research into all of the technology your remote staff is using. Is the data encrypted? How is the data stored? Who has access to it?
Make security everyone’s responsibility
Even in the office all it takes is one wrong click on a phishing email link to cause a data breach. Take time to train everyone on possible attempts to access data, how to avoid them and best practices. It’s important for the entire firm to know what could happen in the event client or confidential information is leaked.
If you have a pre-existing IT vendor, you can reach out to them to see if they have a handbook available to pass along or if they offer training. Alternatively, you can look to another outside company to provide training in the form of webinars or training modules. While outside the normal scope of what a lawyer, paralegal or file clerk might do, it’s a critical part of the job.
Use strong passwords
Many at-home routers and printer networks come with standard passwords that many can access. Router admin credentials or the network name and password that come with the router should always be changed[1]. It’s worth having someone available to help with making these changes or to send guided videos on how to do it.
Don’t use a VPN as a catch-all, but do use one
A Virtual Private Network (VPN) can be extremely helpful for encrypting information, making it so that even if information is intercepted it won’t be visible.
Some popular VPNs law firms could consider for remote work include TunnelBear, NordVPN and Encrypt.me[2].
Run regular updates and patches
Security priorities can get mixed up in the world of remote work. Make sure employees are on top of security patches though. These should be regularly scheduled and checked on or else it leaves vulnerabilities that hackers could target.
If your firm is using cloud-based programs, such as practice management tools, these will run updates automatically. When someone logs in from their browser, the updates are already applied, eliminating one potential risk.
References
1. How to Maintain Security When Employees Work Remotely
2. 3 Best VPN Providers for Lawyers