Cyber-security for law firms: Everything you need to know for 2022 (Part 3 of 5)
Access Legal has written a five-part blog on cyber-security: Part 3 covers 7 top tips for law firms to ensure their cyber-security for homeworkers is solid.
When the Prime Minister spoke to the nation on 23 March 2020 instructing us all to work from home where possible, the scale and speed of the change looking back now was quite unbelievable. Some businesses were more prepared for this than others, but on the whole, law firms seem to have found the transition relatively straight-forward. Those with good practice management software providers have had homeworking options available to them for many years.
While most firms could breathe a sigh of relief that the tech was working from home and that they could continue to deliver services to clients, the serious and urgent need to consider the cyber-threats facing them were hard to ignore. Many law firms now have in place the required level of cyber-security solicitors need to be able practise from home safely.
With homeworking here to stay, as many law firms plan a hybrid working model for the future of law, closing and downsizing their offices, here is a check-list of the top 7 recommendations for those firms catching up with cyber-security for homeworkers:
1. Make sure you have a clear reporting mechanism in place
Ensure you have a clear reporting mechanism in place for your homeworkers that they can use to officially report and log any security concerns or problems so that your IT people are fully aware of any potential threats to the business. People who don’t work in IT may not recognise the significance of a cyber-threat, so if you don’t make lines of communication available and easy, they may not alert the right people early enough.
2. Strong passwords with two-factor authentication are a must
If you haven’t done this yet, we highly recommend you do it today! Don’t delay any longer. There is lots of excellent advice on the National Cyber Security Centre website about passwords and 2FA here.
3. Consider all the devices in use at home and ensure they are safe
Across the country home workers are using a combination of their employers’ devices (PCs, laptops etc.) as well as their own personal devices (phones, tablets etc.) sometimes referred to as BYOD (bring-your-own-device). Either way, law firms must make sure their staff understand the risks of using devices away from the office for work purposes.
Make sure they are all running the most recent software for both operating system and applications, including anti-virus software of course. Make sure staff know how to keep devices safe when away from the office, and what to do about reporting lost or stolen devices as soon as possible to the relevant IT staff to ensure your firm remains safe. For homeworkers it is probably better to supply equipment rather than allow BYOD (bring-your-own-device) so you the firm can monitor “who, what, when, where and how?”.
4. Switch on encryption
Devices are more likely to be lost or stolen when you have staff set up for home working. Most modern devices have encryption built in, but it may need configuring or switching on. Ensure all devices that are being used at home by your workers are set to encrypt data while at rest.
5. Use mobile device management
It’s a good idea to set up all your home-working devices with a standard configuration so that your IT people can lock them or delete data from them remotely, using MDM (Mobile Device Management).
6. Have a VPN in place
Having a Virtual Private Network (VPN) in place provides an additional layer of security for home workers accessing your firm’s IT resources – e.g. your practice management system, your email system etc. If you are already using VPN, make sure it is fully patched. You may need extra licences, capacity or bandwidth if you’re supporting more home workers.
Your users should avoid using free WiFi hotspots without using a VPN to ensure your/their device’s traffic is encrypted and harder for a cyber-criminal to intercept. For law firms using a hosted solution for their Practice Management Software, on the cloud their systems should be fully patched and optimised. If you manage your own IT infrastructure inhouse it is worth checking.
7. Empower your staff to spot scams, risks and threats
Human error might be the cause of many of the world’s data breaches today, but it is important to remember that your people are your first line of defence too. Regular training instils the right competencies and behaviours across the workforce and for homeworkers delivering key training material of this nature remotely using eLearning courses is ideal. Completing modules on a ‘little and often’ basis, enables people to build training into their day and apply the teachings to their work. It also means new starters, currently onboarding at home, are empowered to grow their knowledge and adhere to security policies from the moment they join.
From a compliance perspective, a good learning management system (LMS) helps firms to plan, track and evidence training, and signpost people to relevant eLearning courses.
More cyber-security resources from Access Legal:
- PDF Document: The Ultimate Guide to Cyber-Security for Law Firms.
- Webinar Recording: Access All Areas Panel Discussion on Cyber-Security October 2021 – Cyber-Security for Law Firms – the trends, the threats and the considerations.
- For help with your legal practice management software or digital learning and compliance you can reach Access Legal on 0845 345 3300 or via our online enquiry form.
This is part 3 of a 5-part blog by The Access Group on Cyber-security for law firms.
Kindly shared by Access Legal
Main photo courtesy of Pixabay