As most of us have shifted to working remotely, the need for secure procedures to keep private information safe is at an all-time high. Have you reviewed your cybersecurity plan lately? Does it provide necessary means to keep private information private? Chances are, your cybersecurity plan needs to be updated to account for people working remotely due to the COVID-19 pandemic.
While the way we work may have changed, our duty to keep a client’s information confidential has not. In Texas, law firms are ethically bound to protect their client’s confidential information. Tex. Disciplinary R. Prof’l Conduct 1.05(a). The Model Rules of Professional Conduct, Rule 1.6., provides that, “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” And because attorneys have a duty to notify individuals of breaches to the security of their information, such a breach can be a nightmare for a law firm. So, there are a few things that are important to keep in mind, especially while lawyers and law firm employees are working from home.
The importance of providing cybersecurity training to all employees is higher than ever. People working from home are likely more relaxed, and may not take as many precautions as they would in an office setting. And since law firms have always been a target for hackers, making sure that everyone in your firm can detect and properly respond to the various tactics that hackers use is crucial. In 2018, the American Bar Association issued Formal Opinion 483 which discusses the importance of cybersecurity and how to handle breaches. According to that opinion, if/when a breach is detected, lawyers must take reasonable steps to stop the attacks and prevent additional damage from being done. But, in order to be able to detect and stop the breach, lawyers need to be trained, and that training should be periodically reinforced.
Additionally, choosing a secure document management system is key. Are your client documents stored on local file servers or in the cloud? The cloud has been around for a while now, and many firms have moved from paper files and/or saving files solely on a local server, to cloud-based files. This means that the documents can be accessed from anywhere with internet access, if you are using a true cloud-based system. However, this poses additional risks if people are accessing confidential documents from unsecure networks, like a local coffee shop. Therefore, having strong passwords and/or dual-authentication procedures and using a remote hot spot when a private, secure internet connection is unavailable will provide an additional layer of security needed to keep information private. Above all, it is crucial that in choosing a document management system, you understand the security procedures provided.
While security policies and procedures might not be on the forefront of a lawyer’s mind every day, it is a huge part of practicing law. Lawyers are trusted with extremely private and confidential information on a daily basis, which continuously poses risks. Making sure that proper training is provided, and that lawyers and law firm staff have an effective and secure document management system, will help ensure that even while working from home, your clients’ information will remain secure, private, and confidential.