This is the second part of our series for law firms on remote working and cyber security. It looks at how to keep your data secure.
Previously, we looked at why your law firm should be concerned about data safety when you have staff working from home. Created by the change in working practices resulting from the Covid pandemic, this is currently one of the biggest business risks affecting SME law firms.
Your focus may have been elsewhere for the past 12 months, understandably so. But ignoring this risk to data could leave you open to a serious breach or ransomware attack, which could result in costly reputational damage.
So, if you are a Partner of Practice Manager at a legal practice, what can you do to reduce this risk? Some straightforward actions (which do not require much technical knowledge) will provide reassurance to your clients that you are looking after their data.
These tips will help you keep your clients’ data secure whilst your team are working from home.
1. Be very careful what you send by email!
Standard email is not a secure means of sending information. Even if the data sent between email systems is encrypted, you have no control on the setup of the device(s) you are sending to. The person you are sending to could have had their email compromised by cyber criminals. Or they may have email set up on a phone or computer with no password. Don’t risk damage to your reputation! Use a well known secure email service such as Mimecast Secure Send or, if you have one, use your client portal.
2. You cannot rely on passwords!
Cloud-based business systems are an easy target for cyber criminals and on a compromised computer (something that is far more likely outside the controlled environment of your office network), they are a sitting duck. Ensure you have multifactor authentication set up on any web-based business system you work on and that all your staff use a password manager.
3. Have robust authorisation processes
It’s far easier for a cyber criminal to trick one of your team into disclosing confidential information, passwords or making a payment into a criminal bank account when your team is remote. You may think it won’t happen to you but sadly the statistics say otherwise. If you are giving instructions to clients or other staff to take actions involving money or confidential information, have a process which requires telephone confirmation before carrying them out.
4. Make it easy for staff to report suspicious activity
If you have a plan in place to help your team report any suspicious activity then it’s more likely that they will do so! In the event that their concerns are justified, you will be able to take action to limit any impact much faster. This is often known as a Security Incident Response plan. It’s important that once you have a plan in place, you communicate it to staff and make it easily viewable.
5. Use a privacy VPN
The biggest risk around your team working from home is the security of their home IT networks. It’s unlikely to be managed by qualified professionals or to have the same budget available as your office network, so it’s almost certainly less secure.
Using a VPN can help protect the privacy of data being transmitted from work computers in a home IT network. When set up correctly, it can meet the requirements of the UK Government Cyber Essentials standard too.
It may be that you can use an existing office VPN but many are not set up in such a way that they will help. The best approach is to use a privacy VPN that meets Cyber Essentials requirements.
These are our top tips for keeping your data secure but check out our special offers too …