More than half—57%—of law firms offered telecommuting options for their attorneys in 2016, up nearly 4% from the previous year, according to results of a survey of firms that represented more than 18,000 lawyers. This growing trend is perhaps not surprising considering that lawyers can now be more productive than ever before while working from home or another location.
Maintaining billable-hours performance is the obvious top priority for granting attorneys a telecommuting option, but firms must also be cognizant of the myriad data protection and client confidentiality risks posed when lawyers work from a remote location.
The key to ensuring both attorney productivity and data security is technology selection, including the software and hardware used for dictation- and transcription-file transfer, access, and storage. The proper, strategically chosen technology, in conjunction with following firm-mandated policies concerning the management of confidential information, allows firms to confidently offer an attractive job benefit to talented attorneys while ensuring that their data and bottom line are protected.
Education and Training
Protecting client and firm information is becoming more of a concern as cyber attacks against firms are on the rise. A study by a legal cyber-security company released last year of more than 200 law firms showed that all participants had been targeted by a cybercriminal at least once—and 40% did not even know about the attempt(s). Additionally, 95% of the firms studied were not compliant with their own data governance and cybersecurity policies, according to the study.
These findings indicate that not only do law firms need the appropriate security barriers in place, but they also require training and testing on internal policies and procedures.
When creating a policy, firms should consider all aspects of the telecommuting process, including:
- How will employees access files?
- Will there be protocols for paper copies of files?
- Will employees be able to store paper files in their home or remote offices?
- What processes should be put in place for file sharing and reviewing?
To ensure the highest level of security, firms’ educational programs must ensure employees are using their technology wisely from home, and are using best practices when it comes to data and file access. For example, attorneys may dictate an email on their phone’s native digital-assistant application and have the recording file automatically sent to the recipient. This information, however, may not be secure, even when stored in certain cloud-based server platforms, leaving it vulnerable to attacks. Firm policies, which should be reviewed and signed by telecommuting professionals, need to specifically prohibit such actions as they inadvertently and unnecessarily risk client or firm information.
Tools of the Trade
In order for employees to take proactive measures to protect sensitive information, organizations must provide the tools for telecommuters to form safe technology practices. Encryption is the foundation of comprehensive data security. Even smartphone applications, if downloaded for business use, should use encryption.
Voice recorder apps, for example, are incredibly useful for attorneys, not just for client-related document creation, but also for creating voice memos and other internal documentation that helps client work and firm operations run more efficiently. To maximize security, these apps for all mobile professionals need to encrypt the recording files, but also be integrated with a secure cloud-based dictation management platform that encrypts voice files again when they are transferred to the cloud and again when stored. That means before implementing any cloud solutions, firms must review the service’s security protocols to be sure that their sensitive data will be protected.
Additionally, organizations can require two-step authentication, personal identification numbers (PINs) and tokens that change each time a user requests access to a virtual private network (VPN), which will keep data secure if a device is stolen or if the firm is hacked by a third party.
Mitigating the Security Risks of Remote Work
Firms that want to start their own telecommuting programs should begin by further educating themselves on security risks, assessing those risks, developing policies, and deciding which professionals they will permit to telecommute.
By instituting such policies and establishing a secure hardware and software infrastructure, firms and their attorneys can enjoy the flexibility and efficiency of productively working from any location. At the same time, firms can rest assured that they are protecting the confidentiality of their clients’ data as well as their own.