Cybersecurity Tips for Lawyers Working Remotely
The ethical obligation to be technologically competent is more important than ever.
By Nicole Black
It’s been nearly a year since the start of the pandemic. Shortly after its arrival, quarantines and shutdowns followed in many areas of the country, causing many law firms to shift to a remote workforce. With that sudden and unexpected transition to remote work, lawyers began to increasingly rely on cloud-based technologies in order to ensure that they could continue to represent their clients no matter where they happened to be working on any given day.
Many law firms continue to have attorneys and employees working remotely. As a result, the ethical obligation to be technologically competent is more important than ever. Fortunately, a number of different bar associations have weighed in on this issue since the start of the pandemic and have provided ethical guidance for lawyers to help ease the transition to remote work and ensure that lawyers who work from home continue to protect their clients’ confidential information.
Most recently, in mid-January 2021, guidance was offered by the State Bar of Wisconsin in Formal Ethics Opinion EF-21-02. In this opinion, advice is provided regarding a number of different issues related to practicing law remotely, including the duty of technology competence and lawyers’ obligations to protect confidentiality and communicate securely. Notably, as part of the guidance offered in the opinion, the Wisconsin Bar provided an in depth cybersecurity checklist for law firms. What follows are highlights of some of the most useful tips from the opinion, but make sure to read the opinion in its entirety for the full set of recommendations.
Take Steps to Protect Your Firm’s Systems
First and foremost, the Bar committee emphasized the importance of securing law firm devices and systems by putting into place strong safeguards that will provide protection in the event that devices are misplaced or stolen. Specifically, recommendations were made to use strong passwords and the layered security of multi-factor authentication:
- Require strong passwords to protect data and to access devices. The more complex the password, the less likely that an unauthorized user will be able to access data or devices by using password cracking techniques or software.
- Use two-factor or multifactor authentication to access firm information and firm networks. Although requiring an additional authentication step, such as a six-digit code sent to the lawyer’s phone or email, may seem inconvenient or burdensome, it is a reasonable precaution that increases protection and reduces the likelihood of unauthorized access by providing an additional layer of security beyond a strong password.
One way to ensure strong passwords are in place is to use a password manager such as LastPass or 1Password. And if you use multifactor authentication, many experts now advise that you use in-app authentication tools rather than SMS messaging, since doing so is more secure.
Another incredibly important piece of security advice offered in the opinion is to make sure that your firm’s workforce regularly installs software updates. By doing so, you close security loops holes that bad actors can sometimes exploit:
- Keep all software current: install updates immediately. Updates help patch security flaws or software vulnerabilities, which are security holes or weaknesses found in a software program or operating system.
Finally, for even more remote working cybersecurity tips, make sure to watch this webinar:”How to Run Your Law Firm Remotely During COVID-19.”
Implement Cybersecurity Best Practices in Your Firm
The Bar committee also explained the importance of ensuring that your firm’s entire workforce understands and implements cybersecurity measures. Specifically, the Bar committee highlighted the need to provide firm-wide cybersecurity training that covers the firm’s cybersecurity policies and procedures – especially as they relate to working remotely:
- Establish and implement policies and procedures for cybersecurity practices. These policies and procedures should be in writing and provided to all lawyers and nonlawyer assistants, and stress compliance.
- Establish and implement policies and procedures regarding remote work spaces to mitigate the risk of inadvertent or unauthorized disclosures of information relating to the representation of clients. Remote workspaces should be private to ensure that others do not have access to phone conversations, video conferences, or case-related materials.
To learn even more about law firm oversight and staff management, make sure to download this free guide: “Oversight: How to Run Your Law Firm Like a Business.”
Choose Reputable Cloud Computing Providers
One stand-out cybersecurity recommendation from the opinion is the value of choosing reputable providers for your law firm’s cloud computing software services. The Bar committee explained that because the company you choose for each cloud-based service will be handling your law firm’s confidential and sensitive information, it’s imperative that you carefully vet cloud computing providers in order to ensure that you fully understand how the company will handle and secure your firm’s data:
- Use reputable vendors for cloud services. Transmission and storage of firm and client information through a cloud service is appropriate provided the lawyer has made sufficient inquiry that the service is competent and reputable.
For even more advice on how to choose the right legal cloud software provider and successfully transition your law firm to the cloud, download this FREE guide: “Moving Your Law Practice to the Cloud.”
Secure and Encrypted Communication
Next, the Bar committee addressed secure communication. The committee acknowledged the emerging encryption standard for law firms communications. The committee confirmed that lawyers are required to make reasonable efforts to secure client information, and provided the following guidance in that regard:
- Encrypt emails or use other security to protect sensitive information from unauthorized disclosure. A lawyer should balance the interests in determining when encryption is appropriate.
- Encrypt electronic records, including backups containing sensitive information such as personally identifiable information.
For even more information on how to communicate effectively and securely with law firm clients, make sure to download this FREE guide for more: “Fix the Communication Problem.”
Finally, last, but not least, the Bar committee provided an insightful overview of where we are, how we got here, and where the legal profession is headed in the future:
“The COVID-19 pandemic has dramatically changed how lawyers work and represent their clients. Some of these changes may be temporary but others are likely part of a movement towards increased reliance on technology in the practice of law. As working remotely has become the new normal, lawyers must develop new skills and knowledge to comply with their core responsibilities.”
For even more future-facing insights, considerations, and recommendations for law firms, download this free guide: “Adapt or Fail Industry Changes Law Firms Can’t Afford to Ignore.”