Legal practices are relaxing their traditional caution to take advantage of the numerous benefits of remote working. Benefits that can easily be undone by inadequate security. In this blog, we look at the advantages and risks of remote working and how your law firm can help protect against them.
Why work from home?
Two reasons: business continuity and increased productivity.
Remote working is a highly effective workaround when disruption or disaster strikes. Before the global pandemic forced firms to close their offices, recent flooding and disruption to UK transport networks were already causing problems for many UK law firms. Those with remote working were well-placed to weather the storm.
In fact, many law firms already allow staff to work from home, court or the coffee shop, while increasing numbers of ‘gig-economy’ lawyers have been working remotely in so-called ‘virtual law firms’.
There are also very compelling commercial incentives to implement remote working at your legal practice. On average, remote workers are 13% more productive, while remote working reduces office costs, improves staff retention and even lowers your firm’s carbon footprint.
But it’s not without risk.
Why remote working is a threat
If you work anywhere, remember that every point of access outside the office adds another potential risk. Law firms must be wary of the following key threats:
- Unsecured wifi networks—public wifi networks are prime hunting grounds for hackers. While you’re catching up on case files in a cosy coffee shop, bad actors could also be hard at work.
- Unsecured or compromised devices—personal devices can be an easier target compared to business devices and networks with more sophisticated virus protection and backup.
- Multiple devices create multiple opportunities for attacks—the proliferation of devices means pickpockets and hackers are spoilt for choice.
- Working in public places where members of the public may see sensitive data—this applies to court just as much as the coffee shop; if it’s out of the office, it’s out of your control.
- Lost devices—misplaced or stolen devices can pose a grave threat to your firm’s data security.
How can you protect your firm while enabling remote working?
Fortunately, there are plenty of measures you can take to reduce your firm's exposure to risk and start reaping the benefits of remote working.
Most importantly, don't make it easy for the criminals. Always secure mobile devices with a password and biometric recognition where possible. And make your passwords harder to crack.
Strong passwords comprise long strings of upper and lower case letters, numbers, and special characters. However, too many people still use weak passwords across multiple accounts. Recommend your colleagues use password managers to help create, remember and autofill unique passwords for each account.
Implement two-factor authentication (2FA) to add another layer of protection and set the bar higher for would-be-data thieves. 2FA means anyone with a stolen device will also need another device to be granted access.
While you’re thinking about passwords, confirm your colleagues have changed the default one on their home routers. After that, they should check all firmware updates are installed and set encryption to WPA2 or WPA3 (and switch off WPS).
Download security patches whenever they become available. You should always keep firewalls and anti-virus software up-to-date to provide a double layer of protection against malware.
Make sure colleagues are on guard for phishing emails, voicemails and text messages. Poor spelling and grammar on emails or web pages are a common giveaway. Never click links unless you completely trust the sender. If you do click on a link, be extra careful on websites without the HTTPS padlock symbol. Many scams and sites can also appear quite sophisticated, so be hyper-vigilant.
Legal practices can also learn from those that bend or break the law. Many people, from casual browsers to hardened criminals, use a Virtual Private Network (VPN) to hide their location when accessing the internet. Crucially, VPNs also encrypt your data, which makes them essential for anyone working remotely via unsecured wifi networks.
Even with all these measures, it's impossible to guarantee 100% security. Every law firm should back up data to mitigate the threat of human error, physical damage or cyberattacks. Cloud backups are particularly convenient and cost-effective and naturally suited to remote working.
Remote working may have been forced on many law firms recently. But even before the immediate business continuity need, many legal practices had begun to embrace the significant productivity, collaboration and cost benefits. With the appropriate security precautions, the legal industry can enjoy this critical enabler while protecting against bad actors trying to take advantage of the global pandemic.