Remote Access Security Matters Today More Than Ever
Mobile accessibility has been changing the way everybody in the world works, and the legal field is no exception. These days, everybody is expected to work on the go; work hours, work days and even where you get the work done is in a state of flux. Technology has given us the ability to step away from our desks, and many firms are taking advantage of the ability to work remotely. The resistance to telecommuting that we have seen in previous years has given way to a new acceptance, driven primarily by advances in connectivity and network access, as well as more reliable and secure cloud storage and communications.
The many benefits of working remotely
Working remotely has a range of benefits to the legal professional. It allows you to spend more time with your loved ones, less time in your car commuting to and from the office, and if a client has an issue they need addressed, you can respond immediately via your mobile device. In transit, you can stay connected to your email and other forms of messaging, and if you need to pull and all-nighter, you can connect to your office network from home to access all the information you need. The American Bar Association estimates that lawyers spend about a quarter of their time working remotely, and as the years go by, more client and internal functions are taking place online. From a client standpoint, this could be through secure client portals, from which they can view and print documents for signature. From the attorney’s perspective, this could be cloud access to case documentation, calendars, schedules, invoicing and CRMs, all of which are usually deployed through a cloud service, like Office 365. This allows lawyers and other legal professionals the ability to work with clients on a global scale, but with added access comes the very real and present risk of a security breach.
Security always matters
Inherent with the enhanced access implied by working remotely comes the potential for lapses in security. Law firms are among the top ten targets for cyber-thieves, putting them at a heightened risk for a malware, ransomware or DDoS attack. Law firms can become a target due to the highly sensitive information they administrate. Everything from attorney-client privileged communication, property information, intellectual property, payment and banking information, and various personal metrics could be at risk. As we move towards a future in which remote working will be ever more prevalent, here are some tips to keep your firm secure in the face of it all:
Security Tip #1: Put some time and attention into your infrastructure
Hire an IT security firm or specialist to come in and assess your IT infrastructure. If you are operating on an older operating system or network, it may be time to upgrade. Even if you have an up-to-date system, chances are you may be overlooking some simple solutions that can go a long way to protecting the integrity of your confidential information. Your website security is also a key issue. Distributed denial of service attacks (DDoS) can take down your system quickly, flooding your network with malicious traffic that will effectively overload your servers. Once your defenses are down, access can be gained. Another common way of gaining entry is through social engineering practices, which target your employees directly, coercing them to click on ads or download attachments from emails that may contain malicious content. Train your entire workforce to recognize these tactics, and have your IT security consultant set up failsafe protocols that will protect your data, both incoming and outgoing.
Security Tip #2: Migrate Systems to the Cloud
The cloud is one of the most flexible ways to store and absorb large volumes of data. The security features available for cloud networks are among the most robust available; deployed invisibly over the network, there is no extra hardware to install, and they are constantly updated to protect you from the latest threats. Cloud servers are also highly scalable, allowing you the capacity to store huge amounts of data without the extra expense of physical servers and security. While working offsite, use a virtual personal network (VPN) to access sensitive information, and always work within the confines of your office network.
Security Tip #3: Change your passwords frequently
Your password security is of utmost importance, especially in the case of remote access. It is possible to automate this process, so that the system prompts each user to change their password every 30 days, or within another pre-determined timeframe. This goes for secure client portals as well. Employ a two-factor authentication process to add another layer of security.
Security Tip #4: Keep all software and operating systems updated
The changes to current cyber-threats are in a constant state of flux, so it is absolutely imperative that you keep all systems up to date. Most software these days is administered by a license, which should update your software automatically. This will protect you from the latest threats by providing you with new patches as they become available. A good example of how an oversight such as this became front page news is Mossack Fonseca, the company responsible for the release of the Panama Papers. The firm did not update their systems, which included their ‘secure’ client portal, and their website. Through this vulnerability, cyber-thieves gained access to millions of emails, as well as other confidential files and documents. A simple update could have avoided this calamity, which caused major problems for many of their clients, and destroyed their business reputation in the process.
Security Tip #5: Make sure all mobile devices are secure
We all use our smartphones to access correspondence, documents, and whatever else our technology will allow. Lawyers are no different, with more than 90% reporting that they accessed information on an unsecure, unencrypted device. By using unsecured, unencrypted devices, laptops and computers, it is next to impossible to manage and control what information is accessed, and by whom. Establish clear protocols to ensure that your firm’s data can only be viewed on secure, approved devices. As time goes by, remote connectivity and telecommuting will become more prevalent in the legal profession. Don’t make the mistake of skimping on security just for the convenience of staying connected. Put the appropriate measures in place so that your client’s data is always protected, and your firm secure from any form of cyber-attack.