The year 2020 will be remembered as the year that lawyers were catapulted into the future. As a result of COVID-19, the majority of law firms suddenly found themselves thrust into a work-from-home (WFH) environment. Some were prepared for working remotely, but many were not. We’ve helped a lot of lawyers transition to a different working environment by providing training and implementing new technologies in their practice. Along the way, we’ve learned some things about how lawyers have responded to the pandemic. Here are ten cybersecurity lessons we’ve learned about WFH.
1. Home networks are 3.5 times more likely to have at least one family of malware than corporate networks. A study by BitSight analyzed data from 41,000 U.S. companies. The study found that 25% of devices (e.g. printers, computers, IoT devices, etc.) on a home network had services exposed to the internet. Another scary statistic is that “Nearly one in two organizations (45%) had one or more devices accessing its corporate network from a home network with at least one malware infection.” Ouch.
2. Sharing the device you use for law firm work with family members is a bad idea. Devices used to access the law firm network and work on confidential client data should only be used for that purpose. Family members should not be using the same device even if there is a separate login ID and password for the device. If a family member inadvertently performs an action that allows the installation of malware, client data and law firm access could be compromised.
3. Zoom is currently the choice of clients/potential clients. Teams, Webex, Zoom, and GoToMeeting are all good video conferencing platforms. The reality is that Zoom is the technology of choice for your current and potential clients. All the other platforms are playing catch-up to Zoom. Despite some early histrionic media reports, you can use Zoom securely for client communications.
4. Make sure your confidential client conversations are kept private. Many of us are sharing working space in our homes. As a lawyer, you have an obligation to ensure that client conversations are private. That means having a separate room to conduct client conversations and consider using a headset too. You wouldn’t loudly discuss a client matter while commuting on the train so why would you allow family members to eavesdrop?
5. Employee security awareness training is more important than ever. The WFH environment has put law firm employees into situations that carry different risks than when they were in the firm’s office. As item #1 in our list identifies, we need to be even more diligent with practicing safe computing. The cyber criminals know there are a lot of targets working from home using insecure home networks, Training employees to recognize the current cyber threats is an absolute must at this time.
