Where work happens today is changing at breakneck speed. The legal field is no different. Now more than ever, lawyers, paralegals and support staff are required to work on the go.
Nontraditional working hours and settings are becoming increasingly common. As technology enables more of us to untether from the physical office, those of you in the legal profession are taking advantage of the ability to work remotely at an accelerated rate. In fact, the American Bar Association estimates that 20 percent of lawyers now work from home, according to the 2015 Legal Technology Survey. The organization also found that fewer lawyers—only 63 percent—are working in traditional office settings. This represents an eight percent decrease from the previous year. So as you move from client meetings to the courtroom to networking functions, gaining remote access to email, client files and other systems necessary to provide clients’ with counsel is mandatory.
Remote Work Has Many Benefits
Empowered by new technology, the ability to work remotely has many benefits. It allows you to spend more time with your family, and less time commuting to and from the office. If a client has a quick question, you can respond in real-time via a mobile device. Or, when traveling to and from the courtroom, you can stay connected to email. If your case requires an unusually long night, you can easily login from home to wrap up remaining tasks. In fact, the ABA estimates that lawyers now spend 25 percent of their time working on legal tasks outside of the physical workplace.
Increased connectivity also enables those in the legal profession to work more easily with clients around the world. This is especially important when working on large national or global cases that stretch across multiple time zones. However, with these benefits comes an increased risk of a data breach.
Don’t Sacrifice Security
The benefits of increased connectivity are abundant, but the avenues of remote access leave law firms open to a potential security breach. Law firms are already among the top 10 targets for cybercriminals, and a recent report indicated a nearly 50 percent increase in the likelihood that a law firm would be a victim of a malware attack over the previous year.
Why are law firms a target? Because of the sensitive information they possess. Cybercriminals target confidential client business information, attorney-client privileged communications, intellectual property and payment card information, including credit card and PIN numbers.
In my own experience at SiteLock, we have seen an influx of law firms and lawyers searching for the right security partners and tools to help secure their firms from breach. As more in the legal profession take advantage of remote work, the following tips can help you protect your own firm from the challenges presented by this type of connectivity:
Tip 1: Invest In Infrastructure
Firms need to invest in infrastructure, paying special attention to security. Clients and lawyers need separate portals to access and share information related to cases. Often housed online, these portals must remain secure to protect confidential information and uphold the integrity of the attorney-client relationship.
Firms also often overlook the importance of website security. According to recent SiteLock® data, websites experience 22 attacks per day on average. Gaining access to a law firm’s website can allow cybercriminals to further infiltrate internal networks and access closely guarded information.
Tip 2: Use Cloud-Based Systems Wherever Possible
Your firm should use the cloud to its advantage. Cloud-based solutions are more elastic and able to absorb large outside attacks that may seek to disrupt service or steal sensitive information.
You should always utilize a virtual private network (VPN) to access information when working offsite. Housing your firm’s VPN in the cloud can minimize the need for local hardware and provides another layer of protection by creating a secure connection for continuing work outside the traditional office.
Tip 3: Change Passwords Regularly
Password security is a key cornerstone to a secure environment. It is especially important for systems that enable remote access. Your firm should automate this process and require all employees to change passwords across systems with access to the most sensitive data every 30 days. Clients also need to change access codes to keep their information, and that of other firm clients, safe.
Where possible, your firm should also employ two-factor authentication to provide another layer of protection and reduce breach attempts.
Tip 4: Stay Current With Software Updates
Your security is only as good as its latest software update. With cybercriminals constantly changing techniques, it’s imperative that firms keep software current with the latest protections added.
Look no further than Mossack Fonseca, the law firm behind the infamous Panama Papers breach. Mossack Fonseca neglected to update multiple systems, including its confidential client portal, email program and main website software. These vulnerabilities were exploited by cybercriminals who gained access to a record 4.8 million emails, 3 million database files, 2.1 million PDFs, 1.1 million images, 320,166 text files and 2,242 other files.
Ensure your firm is staying current on all security updates, including for remote network entry points, to prevent risk of tarnishing its reputation, and keeping information secure.
Tip 5: Secure All Devices
91 percent of lawyers report using smartphones to access information and documents for work, but many of these devices are not secure. Currently, only 27 percent of legal professionals at large law firms report using file and data encryption as a security measure to protect physical access to their laptops and connected devices. For firms with fewer than 100 lawyers, even less report using encryption.
Failing to secure and encrypt web-connected devices such as laptops and smartphones leaves your firm unable to manage what information is accessed and by whom. Procedures must be put in place to ensure that firm data can only be reviewed on approved, secure devices.
In the coming year, remote work and connectivity will continue to increase. Don’t sacrifice security for the ease of staying connected. Ensure proper protocols are in place to protect your clients’ data and information, defending your firm from cybercriminals.