As working from home becomes the new normal, special care should be taken to maintain your firm’s cybersecurity.
The combination of unusual working conditions and COVID-19 stress can create lethal vulnerabilities in your network systems.
“Remote work means a rise in the number of devices employees are using for their jobs, and an increase in the use of online conferencing tools like Zoom, Google Hangouts, Microsoft Teams, and Slack,” writes Aaron Holmes for Business Insider. “That shift also give hackers a larger number of potential targets.”
Cybersecurity experts are predicting a spike in business hacks and breaches as a result of the COVID-19 crisis. For more on this, see this report from Business Insider and this advisory from the Department of Homeland Security.
10 Risk Management Tips for Working at Home Safely
1. Make sure everyone on your team is up to speed on basic security hygiene, including strong passwords and multifactor authentication. In the recent Alta Pro webinar, “10 Things Every Lawyer Should Know About Cybersecurity,” attorney Kevin O’Hagan singled out multi-factor authentication as one of the best ways to protect yourself against unwanted intrusions.
2. Upgrade password requirements. Now may be a good time to invest in a password manager. In the alternative, use new, complex and lengthy passwords when working from home. Change them regularly.
3. Be especially wary of suspicious emails and avoid clicking on links that are unfamiliar. Hackers are always a step ahead of the game, and in these stressful times they are two steps ahead. Already there are reports of “phishing scams that capitalize on COVID-19 fears” and hackers impersonating health authorities to lure people into clicking on malicious links.
4. Remind workers to never share personal or financial information via email or message. “Most phishing schemes aim to extract people’s personal information or login credentials as quickly as possible,” writes Holmes. “If you think someone at your company is asking for your personal information, call them to confirm, and if necessary, give them the information via phone.”
5. Before circulating or acting on news about COVID-19 and its impact on your law firm verify that it’s coming from a trusted source.Phishing scams depend on social engineering – often through misinformation – to get people to act out of fear or panic.
7. Require employees to use private WiFi. “If employees need to work from hotels, conference rooms and other public places, require them to use a mobile hotspot (such as those available through a smartphone) to access a secure connection,” writes Jim Sams for Insurance Journal.
8. Make sure your VPNs are patched and up-to-date. “A virtual private network lets people remotely share data as if they were connected to a shared private network,” writes Holmes. “Several popular VPN services were found to have critical vulnerabilities earlier this year — companies should make sure all workers have downloaded the most patched, up-to-date version.”
9. Consider using encrypted messaging services for work communication. Look no further than Jeff Bezos to see what can happen when private information is shared in non-encrypted ways.
10. Have an Incident Response Plan. This should include step-by-step protocols on what to do when you have a cyber incident or something goes wrong. A key component of an effective Response Plan: a method for recovery of lost or inaccessible data.
If you practice in Wisconsin, Texas, Minnesota, Ohio, Illinois, Indiana or Michigan, you can stay on top of ethics and risk management news by being a member of Alta Pro Lawyers RPG. You’ll get access to free webinars, the Pro Practice Playbook, Reminger ProLink, Ask the Risk Pro and more. Here’s how to join.