There is no denying that cyber infiltration has become of critical concern to the practice of law. Our firms, and we as individual attorneys, have a professional and legal obligation to protect our clients’ personal information.

Instances of viruses, phishing, and ransomware are not new terms to the practice of law.   However, in a post-Covid world that embraces working remotely, we would be remiss, both as individual lawyers and law firms, in thinking that our current responsibility is limited to cybersecurity at the office.  

When working from home or traveling— whether domestic or international—it is always important to practice safe online behavior and take proactive steps to secure devices that are connected to the Internet. The simple truth is that the more we travel and work remotely, the more we are at risk for cyber attacks. 

Here are some suggestions for preventive measures you and your firm can take while conducting any remote work. 

1. Protect your devices with anti-virus software and set your security software to run regular security scans.  In addition sign up for automatic updates

Make sure you have updated to the latest version of your web browser, as well as all operating systems  (i.e. patches). 

2. Conduct regular back-ups of all information stored on your computers and mobile devices to either an external device or cloud service in case your device is compromised.

3. Create strong passwords.   The following are some guidelines:

Password length should be at least eight characters (the longer the better). Include numbers, symbols, and both uppercase and lowercase letters. 

Avoid using personal information such as your name, birthday, username, or email address.

Choose a Phrase Rather than a word. An example would be “to be or not to be, that is the question” can be translated as, “2borNoT2bTHATisdq?”.  

Avoid using the same password for multiple accounts.

Never use an all number password.   Hackers have software that can capture all number passwords in seconds.

4. Increase your authentication protection. Enable multi-factor authentication (MFA) to help ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other services that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring and generate a random code that only you have.  

5. Turn off auto connect. Some devices will automatically seek and connect to available wireless networks or Bluetooth devices. This instant connection increases opportunity for cyber criminals to remotely access your devices. Disable these features so that you actively choose when to connect to a safe network. 

6. Avoid connecting to any public wireless hotspot. If you do use an unsecured public access point, do not partake in sensitive activities (e.g., banking) that require passwords or credit cards. Your personal hotspot is a safer alternative to free WiFi. 

7. Use a Virtual Private Network (VPN). When connecting remotely use a Virtual Private Network, or VPN, a helps to protect remote workers online while enabling them to have the same security, functionality, and appearance as if they were within the firms network. A VPN encrypts internet traffic and makes it unreadable to anyone who intercepts it. Make sure employees only use the VPN when working remotely and when accessing company information remotely.

8.  If you’re unsure who an email is from—even if the details appear accurate—or if the email looks “phishy,” do not respond and do not click on any links or attachments found in that email. You can hold the curser over the abbreviated address to see if the email came from a non-phishing address.  

9.  Limit what information you post on social media—Disable location services that allow anyone to see where you are—and where you aren’t. 

10. Separate work and personal devices. When your staff uses the same device for both firm and personal purposes, it increases potential for breach of the firm’s data.

11. Distribute a list of the above preventative measures to your employees and have regular meetings to make certain that all preventive measures are being utilized.

Unfortunately, there is no software or combination of preventive measures that can provide a full-proof guarantee against ever-emerging viruses, and phishing schemes. In the event of an infiltration, the ultimate protection lies in the form of a Cyber Insurance Policy.  It is critical to understand the forms of coverage available so that your firm and its employees are adequately protected in the event of a breach.

About the Author:

Catherine Agacinski is a Board Certified Workers Compensation Attorney and Licensed Insurance Agent.  She, along with her father Marty Agacinski, are principals of 3 Generations Insurance Agency, a boutique insurance agency specializing in Legal Liability and Cyber Insurance for law firms.  Marty Agacinski has been a licensed Insurance Agent in Multiple States for over 40 years.  3 Generations Insurance is available to provide the necessary analysis of your current coverage and provide reasonable quotes, and otherwise assist you in your cybersecurity needs.