Sheryl A. Falk is a co-leader of Winston & Strawn's global privacy and data security task force. Courtesy photo How Law Firms Can Harden Their Data Security During COVID-19 Crisis
Law firms, already an attractive target for cybercriminals, now face a workforce operating from informal home environments.
March 17, 2020 at 06:07 PM
3 minute read
The COVID-19 pandemic has forced law firms into a new work paradigm, switching overnight to a remote workforce. Law firms, already an attractive target for cybercriminals, now face a workforce operating from informal home environments. As a result, law firms must address data security risks as they balance making data available for remote access.
Sheryl A. Falk, a co-leader of Winston & Strawn's global privacy and data security task force, answers some of the questions surrounding how a remote workforce can still protect client information. Her answers have been edited for clarity and brevity.
What actions can law firms take to protect confidential client data?
Law firms should consider and adapt to new data security challenges presented by remote work.
- Ensure that all connections to the law firm's information systems are made via a secure connection through a VPN or virtual desktop, with appropriate access controls in place, such as two-factor authentication;
- Restrict employee access to data needed to do their specific job functions;
- Stay on top of patching to update the firm's anti-virus and malware prevention software;
- Provide a secure portal for employees to use to upload confidential or sensitive data; and
- Ensure that the company's email system has appropriate phishing detection.
What should law firms communicate to their employees about remote work expectations?
Law firms should arm employees with information to keep data safe. Redistribute any firm data security policies, such as bring your own device policy or written information security program. Counsel employees on remote working best practices:
- Avoid the use of company computers or devices for personal use;
- Ensure any personal computer used to work has up-to-date antivirus and malware protection;
- Avoid using public Wi-Fi as it is more susceptible to hacking;
- Avoid transferring any confidential or sensitive information via email; and
- Be vigilant for phishing emails, and be on guard for requests to enter credentials or make payments.
How should firms be prepared to respond to potential cybersecurity incidents?
Firms should stay alert for potential unauthorized access, including monitoring logs and external connections to the network systems to detect an unauthorized third party from penetrating the law firm's network. Firms should also ready their response to an incident by quickly reviewing their data security response plan and cyberinsurance. Communicate with the designated response team and outline responsibilities ahead of time. Ensure that employees have a number to call to notify the firm of a suspected data security incident.
While it is not possible to prevent every cyberattack, law firms that take action to secure their data will be best positioned to weather this virus crisis.
Sheryl A. Falk is a co-leader of Winston & Strawn's global privacy and data security task force. She concentrates her practice in data security, cyber and other internal investigations, trade secret litigation, and complex commercial litigation.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
Snowflake Faces Avalanche of Federal Lawsuits Over Massive Data Breach
DOJ, 8 State AGs Sue RealPage for Alleged Sherman Act Violations in Algorithmic Pricing Scheme
Law Firms Mentioned
Trending Stories
- 1Gibson Dunn Sued By Crypto Client After Lateral Hire Causes Conflict of Interest
- 2Trump's Solicitor General Expected to 'Flip' Prelogar's Positions at Supreme Court
- 3Pharmacy Lawyers See Promise in NY Regulator's Curbs on PBM Industry
- 4Outgoing USPTO Director Kathi Vidal: ‘We All Want the Country to Be in a Better Place’
- 5Supreme Court Will Review Constitutionality Of FCC's Universal Service Fund
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
