It's the long weekend, you're away with family and an unexpected deadline comes up. Your client or partner is waiting on you, and you can't get your large document to transfer from one application to another. You decide to bypass the problem and email it to yourself using your spouse's gmail account. There, problem solved.
Working remotely with uncooperative technology can be very frustrating; employees will often resort to using creative workarounds to get around the limitations of the system. Very clever. Very resourceful. And very dangerous.
In this age of connectivity, remote access is a necessity for a successful law firm. But it also brings risk, requiring a secure infrastructure and best practices for firm employees. Cybercrime is rising all across the globe, and lawyers in particular are a prime target. A system breach can easily cost a mid-sized law firm hundreds of thousands of dollars, and the resulting professional, legal and reputational damage can be catastrophic.
Are your remote working practices inadvertently bringing vulnerability to your firm and clients? We've compiled some important guidelines to help you keep your firm and client data safe.
Reduce points of vulnerability
Keep all of your data in one secure online location. Using one central platform, such as reputable document management software, not only keeps your team organized but also reduces opportunities for a breach.
We love our mobile devices, and so do thieves. Avoid saving sensitive information on your mobile devices for any period of time. Even 'deleted' files can be retrieved from your hard drive and accessed, and if your laptop becomes infected by malware or the files become corrupted, you could lose them forever.
Often distributed by vendors at conferences, USB sticks or 'memory sticks' are handy little things. But as our mothers always warned us, don't use it if you don't know where it's been. USB sticks are common carriers of malware, spreading it from one device to another. They can also be easily lost or stolen, and unless you are encrypting your files, the data is easy pickings for hackers.
Dropbox, Google Drive, Sync: today there is a wide variety of relatively secure open source (free) applications for data storage and transferring. Many, such as Dropbox, encrypt the data they host. But even the most secure file hosting sites are risky if they aren't managed properly. Often, the link to a shared document can be accessed by anyone who gets a hold of it, and it can easily fall into the wrong hands should your device be stolen, contract malware or if your email is breached.
In cases where you are uploading a file to another user's online folder, you have no control over the security settings. Also, don't forget that if you're uploading from an unsecured device, the files remain on your local drive and are vulnerable.
- Store files on your laptop, tablet or phone
- Store or transfer files on a USB stick
- Transfer confidential files via a third-party application without understanding the risks
Ensure your connections are secure
Cellular data can be expensive or unreliable, so many lawyers opt to use public WiFi in locations such as coffee shops, airports and on public transportation. Unfortunately public WiFi is not secure, and it's especially risky if your firm doesn't require a password to get into its network - it's practically an open door for hackers. Some WiFi networks are actually fake, designed to trick you into signing on to their access point where they will capture your information.
- Connect to public WiFi when working with sensitive files (including your email)
- Connect to public WiFi on a device that contains sensitive files
Separate your personal and professional technology
Because they are familiar, employees are more likely to use personal applications to work with professional data while offsite, increasing the risk of exposure and attacks. The last thing you want is to have to explain to a client how your spouse accidentally emailed a sensitive file from your home desktop to your wine & book club.
- Use your professional email for personal tasks
- Store sensitive firm files on a personal device
- Allow others to access your professional devices and accounts
- Borrow others' devices for professional purposes
The majority of law firm security breaches are facilitated by employees.
Do you know how to spot a phishing email or fake WiFi account?
Protect your firm by following our Security Best Practices for Law Firm Professionals
Password best practices
There are many 'rules' for strong passwords, such as using multiple characters and numerical values, avoiding easy-to-guess words and dates, assigning unique passwords to each device or account, and changing those passwords regularly.
Good passwords are helpful for keeping a stolen device secure, however even the strongest password won't protect you if a hacker steals it. All it takes is a stealthy malware installation on your system - usually achieved by getting you to click a link - and the hacker can log your key strokes, capturing your passwords and gaining full access to your system.
To combat this, many law firms use two-factor authentication, which requires employees to confirm their login from another device, usually their cell phone. This extra layer of protection is easy to implement and is a very effective safeguard against hackers.
- Use easy-to-guess passwords
- Share your passwords with anyone, even colleagues
- Share your passwords over the phone or email, not matter who is asking. No reputable IT vendor, financial institution or agency will ever ask you to disclose your password when they initiate contact.
Keep track of any obstacles and inefficiencies you experience with remote access, and maintain an open dialogue with your firm's IT management. If remote working is proving to be a regular frustration, it may be time to review your firm's IT protocols and infrastructure.
For a successful, modern law practice, security should never be a barrier to productivity.