How to help employees working remotely protect client data

Experts are warning law firms to protect themselves from all viruses — cyber and real — when pivoting to a completely remote workforce as the U.S. responds to the COVID-19 pandemic.

“Cybersecurity is a moving target,” said Ruth Hill Bro, co-chair of the ABA Cybersecurity Legal Task Force and moderator of the American Bar Association webinar “Remote Working in a Time of COVID-19: Cybersecurity Issues You Need to Know.” Law firms are attractive targets for hackers and the risk of cyber breaches multiplies as more employees work remotely, raising the stakes for law firms to protect sensitive client data. The outbreak also creates opportunities for hackers and scammers. “There are thousands of COVID-19 scam and malware sites being created daily,” Bro said. Train employees not to click on links that offer COVID-19 updates. “We have to educate our team members and our employees about what is happening and what things they shouldn’t click on.”

As the line blurs between work and home life, employers must stay focused on the security of their data. Firms should ensure that all work is done on secure servers, using multifactor authentication to gain access to information.

“The most important goal for a law firm is protecting their data, whether working in the office or remotely,” said panelist Jill Rhodes, vice president and chief information officer for Option Care Health. Decide whether employees will use a company device or a personal device, and how networks will be secured. Rhodes suggested following the National Institute of Standards and Technology’s cybersecurity framework.

In general, employees may need more flexible arrangements when working from home, as not all work-from-home situations are identical. Some employees may have a dedicated home office with a door that assures privacy, while others may need to work at a kitchen table in a noisy house full of people, including children who are not in school, said panelist Christine Lyon, a partner at Morrison & Foerster LLP’s privacy and data security practice. Legal secretaries and other support staff may not have any experience working from home and may need additional boundaries or guidance, Lyon said. “Despite everyone’s best efforts, it will not be business as usual,” she said. “I think we will need to be flexible with that.”

Collaboration tools, such as cloud-based Microsoft Teams, are essential to keep communication flowing, which is especially important for remote workers to feel connected. Video conferencing can compensate for the lack of in-person communication. “We are using Microsoft Teams, which seems to be working very well,” Rhodes said.

While no one knows how long the COVID-19 threat will last or how long working remotely will be necessary, current estimates are calling for physical distancing through summer and for up to 18 months, said panelist Dr. Aileen Marty, an infectious disease expert. She outlined steps for employers to take once workers return to the office, such as cleaning all surfaces thoroughly. “It’s a very easy virus to clean, just soap and water is enough to clean it off of surfaces, but it can last on surfaces for a prolonged period of time.”

Panelists offered key takeaways for legal employers to keep in mind while managing their workforce during the COVID-19 pandemic:

• Take a risk-based approach and ensure data is secure as it travels from the employee working at home to your data center.
• Prioritize work that is essential versus projects that can be put on hold.
• Communicate honestly and openly about what you know and don’t know.
• Remain vigilant with cybersecurity measures and flexible with employees’ needs.

“Remote Working in a Time of COVID-19: Cybersecurity Issues You Need to Know” is available on demand for free for ABA members. For more free COVID-related webinars, go here.