item image
28 Apr 2020

Working from Home? Here are 3 Things Law Firms Should Know About Cybersecurity

A large section of the legal industry has gone digital as a result of the Coronavirus pandemic—something experts didn’t think we’d see anytime soon. Yet with so many firm employees spending more time online, it means that cybercriminal activity is rising as well.

For law firms that weren’t prepared to go digital, the time is now to enforce and reinforce some prudent security policies.

Here are three things to help you (and your law firm) stay safe while working online from a home office.

1) Assess Your Network and Cybersecurity Defenses Now

One of the toughest lessons many law firms learned as a result of the pandemic is that they were simply not prepared to shift their entire workforce to virtual offices. Firms that didn’t have a remote workforce quickly learned that the tools they had on hand were not intended,  nor designed to work safely off-site, even through a VPN or the internet.

A VPN, or virtual private network, is a service that allows access the internet, as if you were connected to a private network—anonymously and from any location.

Unfortunately, many of the security tools used by law firms depend on the local network and aren’t well-equipped to go remote—often exposing partners and employees to cyber risks.

While law firms have begun to spend more money in IT security, data breaches are still costing companies billions.

It is for this reason that remote-connection tools such as VPNs, instant messenger platforms, video conferencing tools and daily employee webinars are particularly valuable.

But even these platforms aren’t wholly prepared for the types of threats out there, with Zoom Video Communications already having some legal troubles with instances of ‘Zoom Bombing’.

“Zoom bombing,” according to Grit Daily News, a New York based news outlet for millennials and Gen-Z, is a new technique in the wake of COVID-19, where attackers are able to identify, discover and infiltrate insecure video conferences.

2) Use Multi-Factor Authentication

If you aren’t familiar with two- or multi-factor authentication, you should be. That’s when there’s a redundant security checkpoint that makes doubly sure you are who you say you are.

You want to make it as difficult as possible for data to pass between the machine originating the connection and your remote/virtual desktop. A firm’s security team should bridge this gap by disabling “shared drive” access between the host and virtual device—no information should be passing directly between the two.

3) Beware of COVID-19 Phishing Emails

From a security standpoint, make sure that you’re aware of your firm’s security policies, with specific regard to phishing emails. “Phishing” is a form of social engineering, in which online attackers use your online interests against you. No matter how savvy you may be with cybersecurity, these are unprecedented times.

Stay vigilant—cybercriminals are exploiting the Coronavirus pandemic to send fake emails with dangerous links to employees.

For example, you may get an email message that appears to come from company officials or your IT department, asking you to open a link to a new company policy related to the coronavirus. If you click on the attachment or embedded link, you could potential download malware onto your device.

If an email look suspicious to you, don’t click. Instead, immediately report the phishing attempt to your employer. Want to learn how to detect phishing? The FTC has an entire subsection of its website dedicated to the topic.

 

Andrew Rossow is a telephonic solutions consultant at LexisNexis. He is also a practicing millennial attorney, law professor, entrepreneur, writer and speaker on privacy, cybersecurity, AI, AR/VR, blockchain and digital currencies. He has written for many outlets and contributed to cybersecurity and technology publications. He currently writes for The Today Show, Grit Daily News, Law360, and CoinTelegraph. Utilizing his millennial background to its fullest potential, Rossow provides a well-rounded perspective on social media crime, technology and privacy implications. He has been featured in Fast Company, Entrepreneur, and Forbes.