The COVID-19 pandemic forced lawyers and judges to practice outside of their physical facilities, and continue professional services from their home offices. That same period was the worst on record for cyber attacks:

• The Sodin (a.k.a. REvil and Sodinokibi) ransomware gang infiltrated a group of law firms and published directories, customer lists, contracts and credentials to the dark web.
• Gootloader offered free resources and templates for professionals (lawyers, doctors and engineers) which were infected and used to establish initial access.
• Attackers posed as law students to establish a mentor relationship with senior partners and judges and then sent a link to a survey which deployed payloader malware.

In response, the American Bar Association (ABA) published Formal Opinion 498 (FO498) to address practicing law outside of the traditional brick-and-mortar office environment. It reminds lawyers that while the ABA Model Rules of Professional Conduct permit virtual practice, these Rules provide minimum requirements and recommendations for virtual practice, particularly in the areas of competence, confidentiality and supervision.

ABA FO498 is more aspirational than prescriptive. Let's take a look at how you can operate a secure virtual law practice in the areas of:

• Managing software and hardware;
• Accessing client data and transferring documents;
• Securing virtual meetings; and
• Addressing listening devices.

Managing Software and Hardware

In the wake of massive software and vendor exploits (SolarWinds Orion and Microsoft Exchange), FO498 reminds lawyers of their obligations to review vendor terms and conditions to ensure that client confidentiality is protected. But vendor management goes beyond T&Cs. Lawyers are required to ensure these systems are up to date with service patches which are often deployed to eliminate security vulnerabilities.