The COVID-19 pandemic has led to many law firms asking their employees to work from home for an unknown length of time. For you and your staff, this represents a major adjustment to the normal work routine. For hackers, it represents a huge opportunity.
Remote work has always been a source of cybersecurity risk. In normal times, firms would train lawyers and staff on how to minimize their exposure to hacks before they let them work remotely. But these are not normal times. And, as a result, many are now going through crash courses on the ways to protect their firm from ransomware and how to avoid phishing scams. Just this past week, we learned a new term — “Zoombombing” — after trolls began hacking Zoom videoconferences.
Here is a look at the basic steps that you should take to avoid getting hacked when working from home.
Use Strong Passwords and Multifactor Authentication
Let’s start with the basics. When you are working in the office, your devices and accounts are protected by a corporate firewall that keeps hackers from stealing your login details. You are unlikely to have these protections when you work from home.
Moving to remote working is a great time to look at your basic cyber hygiene. You should know how to choose strong passwords and ensure that every account you use (both for business and pleasure) is protected by a strong, unique password. You can use a password manager to remember these passwords for you.
It’s also a good time to turn on some systems that you might not have been using up until now. Multifactor authentication is a system in which you will need a second device, typically a smartphone, in order to log in to your accounts. This will prevent an attacker from getting access, even if they manage to steal your password.
Avoid Suspicious Emails
You should also be particularly wary of suspicious emails during this time. Hackers are already running phishing scams that capitalize on COVID-19 fears, posing as health authorities to get people to click on malicious links that can install malware on your home device.
For hackers, remote workers are a prized target for this kind of attack, because their home networks do not normally provide anything like the level of protection of business systems. If a hacker manages to compromise a home computer, they can then use it as a way into corporate networks.
Use a VPN
One of the most important tools that remote employees can use to improve their cybersecurity is a virtual private network (VPN). These systems encrypt all of the information you exchange with the wider web, making it essentially impossible to steal. This previously posted guide to VPNs for beginners has details of how to install one on your home system.
Just be aware that not all VPNs offer the same level of protection. While there are some great (and free) VPNs out there, several popular VPN services were found to have critical vulnerabilities earlier this year. Check review sites to make sure that the VPN you choose is respectable, and read up on why VPN jurisdictions matter before installing one.
Use Encrypted Messaging Services
Another major lesson we can learn from recent data breaches is that business-focused encrypted messaging services offer a good level of protection against cyberattacks. When employees are working from an office, internal team communication can be hidden by firewalls and encrypted servers. When they work from home, emails and other forms of electronic communication can be intercepted.
A good solution to this is to move to an encrypted messaging service. This will need to be done, of course, as a team decision to ensure that all your colleagues are using the same system. You should also be aware, as the Jeff Bezos hack proved, that consumer-level messaging apps like WhatsApp have been a major target for hackers. A better option is to use an enterprise-focused service like Wickr, which also includes other collaboration apps.
Another critical part of staying safe when you work from home, albeit one that is often forgotten, is to stay connected with your colleagues and clients. This is crucial for two reasons. If you spot a hack in progress, it’s important that you share this information with colleagues so that they can take action to avoid becoming a victim.
Secondly, clear communication can help to avoid panic, especially among your clients. When people panic, they tend to make mistakes. So at this time of crisis, you should reassure clients that your business is still functioning normally and that you are still looking after their data. You can use a variety of systems for this, but given the urgency of the current situation, it might even be worth sending a message through your appointment reminder software, direct to customer’s phones, to tell them that you’ve got their back.
(Read “Continuity of Care: Reassuring Your Clients You’re Prepared for the COVID-19 Crisis” by Susan Kostal.)
Prepare for the Worst
Though the steps above can dramatically reduce the chances of remote workers falling victim to a hack, no security measures are ever perfect. For that reason, businesses need to put in place detailed plans to deal with the aftermath of a data breach.
These should include the technical measures that will be taken to protect data, but also the way that you will communicate the bad news to your customers.
After the Crisis
Taking these steps now is important, and not only in the context of the COVID-19 pandemic. Improving your cybersecurity is an ongoing process, and should involve both regular security audits and using ethical hacking to improve cybersecurity. By putting in place the tools and processes in this list, you’ll be protecting yourself (and your business) long after the current crisis is over.
More on Zoom and Staying Safe (and Sane) at Home
- “Getting Started With Zoom — and Using It Securely” by Sharon Nelson and John Simek
- “Working From Home: Ways to Protect Your Health and Sanity During the COVID-19 Crisis” by Jamie Spannhake
- “Handling Fear and Stress During a Prolonged Crisis” by Shawn Healy
- “Beyond Remote Work: How COVID-19 Will Affect Solo and Small Law Firms” by Roy Ginsburg
“Working Remotely and Securely: What Lawyers Need to Know” is presented by Sharon Nelson and John Simek of Sensei Enterprises and covers the technology and security issues of working from home.
“Legal Marketing in the Midst of the COVID-19 Crisis,” with Jay Harrington and Stefanie Marrone, discusses the issues law firms, lawyers and legal marketers need to be thinking about during the COVID-19 crisis.
Register for the Rocket Aid Virtual Legal Conference
This interactive live conference will feature some of the top thought leaders in legal technology and business. Learn how to thrive in a remote environment, network with other lawyers, and help those affected by COVID-19. AND all registration fees will be donated directly to United Way’s COVID-19 Fund, as well as Probono.net and Feeding America, a charity network of more than 200 food banks. Get the details and register here.
Subscribe to Attorney at Work
Get really good ideas every day for your law practice: Subscribe to the Daily Dispatch (it’s free). Follow us on Twitter @attnyatwork.