Law firms are continuing to assist clients even if their operations have been significantly impacted by COVID-19. Risk of data breach is a major concern for professionals working from remotely or from home, more so for lawyers. Keeping confidential information secure is a basic part of a law firm’s service, but this has become very challenging as working from home increases cyber security risks. Lawyers can rely on digital transcription service providers to convert various types of audio content into text, but all their transcripts and other documents they handle, share and store need to be shielded from hacking.
“The most important goal for a law firm is protecting their data, whether working in the office or remotely,” said Jill Rhodes, vice president and chief information officer for Option Care Health, in an article published by the American Bar Association (ABA).
Working from home poses specific cyber security risks. Home set-ups may not have hardware firewalls and password best practices are often not followed. Also, as legal teams are physically distanced, they can become victims of social engineering – a technique cyber criminals use to trick people into giving away confidential information. Another concern is that as public and open WiFi networks are susceptible to hacking, logging into the office DMS from your home computer can be risky.
Here are the steps that lawyers need to take keep sensitive client data safe when working from home:
- Educate yourself about on proper use of computers, internet connectivity and email account.
- Don’t use your personal email accounts for official purposes like transferring confidential data. Setting up a cloud solution is ideal way to share files securely with colleagues and external third parties.
- Follow the same security standards and data security practices as when working in the office. The best policy for the law offices would be to provide employees with computers and other hardware and determine how their network will be secured. There must be a clear policy for those who work on their own devices.
- Set a strong password on your home WiFi router, computer, and other devices and protect access to files with passwords and user access settings. Two-factor password authentication is recommended. A password and other information can be required for two-factor identification. Change passwords frequently.
- Have a dedicated workspace. Even so, if you leave your machine, lock it. Set an auto lock after a maximum of five minutes for your computer.
- Watch out for phishing emails, messages and videos. Know how to recognize a phishing email. Red flags of a risky email as listed in a 2020 Birmingham Bar Association (BBA) webinar report are:
- Purports to be from the IRS, a court, or other government entity
- Purports to be from a financial institution or healthcare provider
- Purports to be from any other intimidating authority or name
- Makes an urgent request with a short deadline like 24 hours
- Insists that transfer of money be kept secret
- Has a suspicious or misspelled sender email address or domain
- Has a generic, unusual or incorrect name in greeting
- Requests changes in vendor payment instructions
- Requests personal information like account numbers
- Requests clicking on unfamiliar or suspicious URL links
- Offers rewards if click on link or open attachment and reply
- Requests to download a file, especially an .exe file
- Asks for login and password
- Be aware of malware risks. Malware or malicious software includes computer viruses, worms, trojan horses, ransomware, spyware, and other malicious programs. Things to strictly avoid when working remotely:
- Don’t open risky emails or email attachments
- Don’t click on risky links in emails or websites
- Don’t download games or non-work apps
- Don’t open risky thumb drives or discs
- Don’t visit unsafe, suspicious or fake websites
- Don’t trust telephone caller ID
- Block unsafe, suspicious or fake websites
- Install up-to-date antivirus and security software to ensure it is patched against known cyber vulnerabilities. Make sure that anti-virus applications are arranged to scan your device, attachments and downloads. Consider upgrading the software to one with a cloud portal so that control and alerts are sustained centrally. If your software cannot be updated, replace it.
- Backup important files in a remote, independent facility. Partnering with a cloud vendor can provide more security However, the BBA report recommends that when choosing a cloud vendor, a lawyer should consider “whether the data will be secure and backed-up and whether he or she will have any problems if his or her relationship with the vendor might end”.
Lawyers’ ethical rules require them to be proficient and to safeguard all the confidential information they handle. This means having the necessary systems and procedures in place, using good judgement, and importantly, being technologically competent place to avoid technology-related scams. Law firms that rely on legal transcription service providers should choose a firm that can ensure the confidentiality of their clients’ sensitive information.