Even before the COVID-19 pandemic affected how companies do business, the legal profession had embraced the concept of telecommuting for years. According to the American Bar Association’s 2019 Profile of the Legal Profession, almost 75 percent of lawyers were working remotely at least some of the time. As the COVID-19 pandemic continues to shape how we work and legal technology grows more accessible, one should only expect this percentage to rise.
Co-working spaces, cloud computing and virtual receptionists have permitted some law firms to abandon their offices entirely. Most lawyers, however, seek a middle ground: a practice capable of functioning remotely when convenient or necessary, but remain anchored to a physical office. The benefits of creating a remote-capable business are well worth the investment, enabling a firm to maximize productivity when traveling, attract top-level talent and maintain functionality during a crisis.
If the firm does not currently have a system for doing so, digitizing client files may be the most burdensome aspect of a remote-work upgrade. All physical documents that comprise a file should be scanned, saved and, unless the original must be preserved, shredded. Lawyers should prioritize active files, with an emphasis on streamlining current and prospective workflows before tackling the mountain of closed files in storage.
Even electronic files must be stored somewhere. The default option for law firms has long been on-premise servers, which require major hardware and installation costs, but permit total control over the security and privacy of firm data.
The alternative is cloud storage. Lawyers opting for a cloud-based solution outsource data privacy and security to a third-party vendor. The cloud provider guarantees the integrity and accessibility of firm data, protects it from outside intrusion, and bears hardware costs for a monthly or annual fee.
A “private cloud” is less familiar than the public cloud-storage solution. Both outsource the responsibility of owning and maintaining a server to a third-party vendor, but private clouds store firm data on a dedicated, single-tenant server, separate from other customers’ data.
How firm employees securely access firm systems may vary. Firms with their own dedicated servers typically use a virtual private network (VPN) to facilitate individual remote access. Other methods for remote access, including Remote Desktop Services or a Virtual Desktop Infrastructure, tend to be a less viable alternative for law firms given their higher cost, added upkeep, inferior security, and less flexible user experience relative to a VPN.
Where firm storage and services are cloud- or web-based, a VPN is not necessary. A lawyer working from home who logs on to Microsoft Exchange Online, Clio or other services with infrastructure independent of the firm has initiated a secure connection to that provider’s servers. In effect, access to these servers is always “remote,” even when the lawyer is at the office. As with any password-based application, however, strong passwords and multi-factor authentication are vital.
Countless warnings have been issued about the free Wi-Fi networks offered by hotels, airports, coffee shops and other public places. The primary threat is an attacker positioned between a user and the connection point, permitting them to intercept the user’s data on its way to the destination server.
Over the last decade, however, websites have steadily implemented Hypertext Transfer Protocol Secure (HTTPS), an encrypted internet protocol that protects communications between a user and a site. As of July 2020, HTTPS represents 95% of connections from Google Chrome users globally1 (up from 50% in 2014), encompassing virtually all commercial and social networking websites. Web browsers have also made significant strides with respect to signaling and defending against potential attacks.
While public Wi-Fi attacks are still possible, these advances have made them much easier to defend and more difficult to execute. Ransomware and phishing attacks have become far more lucrative for cybercriminals.
The more comprehensive approach to public Wi-Fi security involves a VPN. Lawyers who use a remote access VPN to connect to their firm network can use that same VPN to protect their traffic and conduct firm business on public Wi-Fi.
VoIP and Video Calls
Rather than having office calls forwarded to a cell phone or maintaining separate work cell and office numbers, a Voice over Internet Protocol (VoIP) system permits a lawyer to direct all work calls to a single number across several devices. With few exceptions, the firm’s existing number can be ported to the VoIP service. VoIP calls can be made using PC software, any smartphone and even analog phones equipped with an adapter. Lawyers have their “office line” with them wherever they happen to be working – usually at a much lower cost to the firm.
Video calls have likewise made significant headway as a way to conduct virtual meetings, especially during the spring of 2020 amid the coronavirus pandemic. The videoconferencing service Zoom, in particular, appealed to users with its intuitive interface, crystal clear video and sound quality, and attractive pricing, including a free tier for calls up to forty minutes.
Users quickly realized, however, that Zoom was rife with security flaws. For example, calls were not encrypted end-to-end, the transport encryption that the company offered was less secure than advertised, and encryption keys could be issued by servers in China even where all participants were in North America.2
Zoom’s missteps underscore the importance of examining the firm’s vendors. How is the vendor protecting calls from intrusion? Where are the servers located? What data is stored, who will have access to that data, and how can it be used? Apple’s FaceTime, Google’s Duo and Cisco’s Webex all support end-to-end encryption, meaning the provider itself cannot access call data even if it sought to do so.
The best way a firm can ensure that remote workers are equipped with effective, properly secured hardware is to issue the hardware itself. If the firm owns the device, it can exercise complete control over acceptable use and software or application downloads at all times, regardless of whether the employee is connected to the firm network. Implementing anti-virus, firewall, device encryption, data backups and other security measures is easier when devices are uniform throughout the firm, as are device and software updates.
For law firms of any size, taking steps toward remote-work capability often means greater firm productivity, reduced costs over the long term, and an advantage in hiring and employee retention. In times of crisis, it may very well be the difference that keeps your business afloat.
To learn more about how your firm can tackle remote work, review the following CNA guides:
1. Google. “HTTPS encryption on the web.” Transparency Report, July 22, 2020
2. Lee, Micah. “Zoom’s Encryption is ‘Not Suited for Secrets’ and has Surprising Links to China, Researchers Discover.” The Intercept, April 3, 2020.