One of the benefits of being a lawyer with a laptop, tablet or smartphone is that you really can work anywhere with access to Wi-Fi and your files. But the question of security must be addressed. How can you protect yourself and your clients when working in public spaces? At ABA TECHSHOW last month, I picked up some valuable advice for lawyers who like to work in coffee shops.
Applying the Reasonableness Standard
At “Coffee Shop Office: The Ethics of Mobile Computing,” Sharon Nelson and Tom Mighell covered issues confronting lawyers who work remotely. The big issue, of course, is protecting client confidentiality. There’s no such thing as absolute security, so the next best thing is the “reasonableness standard.” When it comes to data security, look at your work circumstances, the technology you’re using and the data you’re working with. Then ask yourself the following questions.
- How sensitive is this data?
- What’s the likelihood of this data being disclosed if I don’t take any additional steps?
- What’s the cost of taking these steps?
- How difficult would it be to implement these security measures?
- Will taking these measures make it harder to represent my client?
As a general rule, it’s not a good idea to access client information when you’re in a public space. Coffee shops are good for doing general research and marketing activities. I work out of a co-working space in Phoenix called Co+Hoots one afternoon a week. I use that time to write blog posts, post and respond to discussion items on LinkedIn, and connect with co-workers. It’s not the time to be drafting contracts or writing memos to clients.
Eight Tips for Covering Your Legal Ass
For those who occasionally do real legal work in cafes, airports and other public spaces, however, here are the best tips I brought home from the session.
- Have your client give informed consent to forgo certain security measures, for example, to communicate via email.
- Turn off file sharing, especially on your mobile devices.
- Get a good firewall. Don’t rely on the one that came with your machine. Kaspersky Internet Security was recommended.
- Encrypt your data on mobile devices. TrueCrypt (free open source) for laptops and Iron Key for flash drives were suggested.
- Invest in a data loss prevention solution. This will prevent you from inadvertently sending out sensitive information, like your client’s social security number.
- Never access client or financial information while using public Wi-Fi. If you’re going to use your devices in public on a regular basis, consider getting your own virtual private network (VPN).
- Consider investing in a privacy screen that requires you to look head-on at your device to see it clearly. This prevents nosy people from seeing what you’re working on.
- Make sure you have strong passwords. While it’s said that a hacker can crack an eight-character password in two hours, it takes them 17 years to crack a 12-character alphanumeric password. Also, don’t use the same password in multiple places, and consider using Last Pass to generate and store your passwords.
The best tip? Hackers often target vulnerable targets first, so always make sure your security is stronger than your neighbor’s.
Ruth Carter is an Arizona lawyer with a virtual practice, The Carter Law Firm, focusing on intellectual property, social media, First Amendment and flash mob law. A 2011 law graduate, Ruth is co-founder of Improv Arizona and she blogs weekly at UndeniableRuth.com.
From the Editors: Dig Deeper
While you’re working on cleaning up your technology act, check this earlier post, Stupid Mistakes Lawyers Make With Technology, by Sharon Nelson and John Simek. You’ll also find excellent information security advice in their respective blogs, Ride the Lightning and Digital Samurai.
And here are a few more CYA tips for working remotely.
- Don’t Trifle with Password Safety by Vivian Manning
- Limiting Risk in the Cloud: Smarter SaaS Agreements by Tom Zuber
- Give Final Documents as Good Scrubbing by Deborah Savadra
- Wireless Hot Spot Safety Tips by Sheila Blackford