Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Remote Working? Time for Your Law Firm to Have a Security Review

May 20, 2020

Clark Hill published an excellent article on May 19th by our good friend Dave Ries and his colleague at the law firm, Jeffrey Wells. As we all know, the pandemic forced many law firms to quickly adapt to working at home and accessing the law firm network remotely.

For some law firms, security took a back seat to get the technology up and running. For others, while security was addressed, it was in the context of rapidly evolving remote work conditions and increasing demands and capacity in the face of the pandemic.

Now that things have settled down, it's a good time to review security practices. Read the whole article, which cites excellent resources, but here are some of the important things the authors think firms should consider:

  • Security, physical and digital, of the laptop, desktop or tablet used by the remote worker,
  • Special attention to securing worker-owned, bring your own device (BYOD) access to the company network,
  • Network security guidance for wired and wireless networks for the remote user,
  • A Virtual Private Network (VPN) or other secure connection, securely configured, between the remote device and the company network,
  • Strong authentication, including multifactor authentication, for access to the company network, applications, and services,
  • Automatic log-off after 15 minutes (or less) of inactivity,
  • Segmentation of the company network, to limit access to resources necessary for the remote worker,
  • Analysis of the increasing needs of the business regarding remote working and impact on the configuration and capacity of the network,
  • Use of data loss prevention (DLP) tools,
  • Logging of remote connections and activity by remote users and log retention,
  • Use of secure collaboration and conferencing services, securely configured,
  • Ensure current and correct operating systems and security patches are installed,
  • Include remote users in backup, business continuity and incident response plans,
  • Training in remote work security, including protection against phishing and social engineering, and
  • An efficient and scalable process for answering user questions and reporting incidents.

Very likely, in the hurly-burly of the pandemic, some security considerations were missed. This is a great time to engage in a thorough security review.

Well done and timely advice Dave and Jeffrey!

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson