The COVID-19 virus has taken over the word. Many countries, including the United States, have implemented preventative measures. Across the nation, working people are requested to work from home whenever possible. This means that lawyers and legal staff are now working remotely. However, not all home computers or even work laptops are up-to-date on cybersecurity measures. Thus, working at home may expose sensitive information.
With the COVID-19 virus leaving many people worried, they are less likely to pay attention to computer security. In this new environment, breaching a law firm client's security ranks right at the top of the list of worries for law firms.
On March 13, 2020 the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency encouraged those that are moving to remote working status “to adopt a heightened state of cybersecurity,” as there is a significantly elevated risk of malware, phishing attacks and ransomware demands in the midst of the coronavirus pandemic.
While a law firm may use virtual private networks for telework and may also have a plan in place to deal with security emergencies, the risk remains that sensetive data can be lost or exposed. In the midst of this crisis, it is important to have a level of awareness of what constitutes security for the firm's client files.
There is not one law firm that would want to find themselves dealing with a ransomware attack.
What steps law firms need to take to keep data secure
- Give your law firm's IT department all the support it needs. Ensure they have the resources on hand to keep data secure. Ensure all updates are taking place right away.
- Give all remote workers the right kind of equipment and ensure it is properly configured and has updated software.
- Assess what remote workers are using, whether it is their own computer at home or one acquired via a school or other organization. It may be a good idea to encrypt hard drives and provide a virtual private network for connecting. Moreover, all connections need to have multifactor authentication to log in.
- Inform all those working remotely that there are policies that must be followed when working with law firm data and in accessing a network. Spell out in clear language what an acceptable internet connection entails and the types of devices that may be used to connect online. All policies and directions need to be clear and in plain language that does not leave employees guessing about what to do.
- All law firm equipment taken home for work must stay there and never leave the home. Law firms should provide a “What to do” memo in case equipment is stolen or lost.
- Increase monitoring of client data and information.
- In some situations it would be best for nonessential staff to take leave instead of having to work remotely. Do not run afoul of the Fair Labor Standards Act.
- Hold a cybersecurity event, or webinar, and educate staff about the very real risks of of cyberthreats.
- Have workers double-check any and all unusual communications. Educate workers on what to look out for in suspicious emails or phishing attmepts.
- If your law firm has existing contracts with other support vendors have the IT professionals review the terms of each contract targeting cybersecurity. Also check on data breach insurance.
- Provide all remote workers and all law firm staff with a list of emergency contract numbers.
With all of these tips and suggestions, the most important things to remember are timing and communication. How quickly your firm responds to a security threat or breach is key.
The COVID-19 pandemic brings with it more than health concerns. While it may be a saving grace that in 2020 we have even better cybersecurity protections in place than ever before, law firms need to make sure they are prepared.