Addressing Data Security and Privacy — Especially While Working Remotely

Father working from home while his two children are playing in the living room

Working remotely increases the probability of problems created by malware and ransomware, and the damage caused by them can be extreme. Therefore, a reasonable lawyer should take additional steps to secure the data if the burden of those steps is not too great. The following are what an IT department would likely take and a reasonable lawyer should take with their computing devices whether in an office or working remotely. The steps are generic, but include links pointing to more information to help a lawyer begin to learn how to accomplish each step.

1. Back Up Your Computer

Make regular backups of key data at least daily and store it in a safe location. For example, the backed-up data should be stored on a secure hosted service, or if backing up locally keep the backup media in a fire-proof safe.

Besides third-party backup services, some operating systems already include backup software.

The best way to test a backup is to periodically make a temporary file, and back it up. Then delete it on your device and restore it from the backup. If you cannot restore it, then the backup is no good.

2. Update and Patch Operating Systems and Applications

Only use supported operating systems (OS) and applications on your devices; for example, Windows 7 is no longer supported by Microsoft. In addition, both Microsoft and Apple release periodic updates to address security vulnerabilities.

Don’t delay too long; zero-day exploits can take advantage of a problem as soon as—or sometimes before—a patch or fix is available.

3. Manage Accounts

Only log in to your devices as an “administrator” when you must perform an administrative task, such as installing new software; use a “standard” account to perform day-to-day work.

Running as a standard user limits the potential damage if you encounter malware; for example, from a standard user account the malware can’t change system settings or install bad programs on the device.

4. Install Anti-Malware Software

Not only would a reasonable lawyer install this software, but they would ensure the anti-malware software is receiving the latest signature files, which help the anti-malware agent on the computer learn about the latest attacks.

Anti-malware software doesn’t stop everything, especially social-engineering hacks, such as an email that looks like it came from someone you work with to trick you into clicking on a malicious link or opening a malicious document. Therefore do not open attachments, click on links, or provide information by email unless you were expecting the communication from someone you know.

Windows 10 has a built-in anti-malware program, Windows Defender. Apple macOS has several processes to prevent malware, but it may be necessary to purchase a third-party product. Generally, legal professionals should avoid “free” software as it typically logs information about the device and the data, and may sell such information to advertisers.

5. Use a Virtual Private Network (VPN)

A VPN is created by establishing a virtual point-to-point connection using tunneling protocols over existing networks. Sometimes, a firm’s IT department may provide VPN software designed to work with an organization’s firewalls and network hardware.

VPN software is available from a variety of companies. Generally, one should avoid “free” VPN software, as it typically logs traffic; instead, look for a non-logging VPN.

6. Encryt Your Drives

Encrypting hard drives and portable drives will protect the data if your computer is stolen, lost, or left unattended. Fortunately, both Windows 10 (BitLocker) and macOS (FileVault) include encryption software.

7. Be Cautious With Conferencing Software

When using conferencing software, including Zoom, Teams, and FaceTime:

  • Close all applications other than the conferencing application;
  • Turn off mail notifications so someone does not see information about the message in a desktop pop-up;
  • Only enable peripherals—including cameras, microphones, and speakers—when needed during the conference session;
  • Do not share or click on links in conference chat sessions.

For more information, read “What You Should Know About Online Tools During the COVID-19 Crisis” and “Zooming with Caution: Best Practices for Using Zoom and Other Videoconferencing Tools.”

8. Update Network Equipment Firmware

Make sure your network equipment has the latest firmware. Network equipment includes modems, firewalls, routers and switches, and wireless access points. If using consumer rather than commercial-grade network equipment, this is critically important.

Ensure the device’s password is changed from the default to a strong, unique password. Some ISPs include a public WAP in the interface device to their network; if possible this WAP should be disabled.

9. Use Complex Passwords

A strong password has a mix of alphanumeric and special characters, and a mix of upper and lower case. Pass phrases may be better than passwords. A password or passphrase should be unique to a service or device.

Microsoft and others are recommending alternatives other than passwords, and many people are using password managers. To be extra cautious, consider using a Multifactor Authentication (MFA) that will require additional account verification via a code sent by phone or email.

Disclaimer

This information is provided “as is” without warranty of any kind. There is no warranty either implied or expressed that the advice will meet your requirements, is error or bug free, is timely or reliable, or will prevent data loss, theft, or misuse. Links to other websites in this article are provided “as is” and only as a courtesy. The author makes no warranty for the accuracy of information provided in the links or for any harm if a link is incorrect, no longer exists, or has been altered or hijacked to point to a malicious source.