COVID-19: Threats Abound: How to Protect Your Remote Workforce

The COVID-19 pandemic has changed the conversation around remote work. Today the challenge is less about gaining flexibility and a competitive edge. Rather, the conversation has moved to social isolation, self-imposed and forced quarantines and sobering questions about business continuity. This is a real challenge in the face of a viral outbreak that is predicted to affect our communities on a level not seen in decades.

If there's an upside to this unsettling period, it's that the same cloud that irrevocably changed the way companies do business in recent years will now help them navigate through this pandemic. By enabling remote work in response to this crisis, companies will emerge nimbler, more technologically sound and more productive.

As more employees — or all employees in most organizations — work remotely, law firms must employ security best practices to ensure that the extended reliance on the cloud doesn't expose sensitive data or cripple daily operations.

Following is a practical checklist of systems, technologies and processes to consider when evolving your firm for remote work and selecting your cloud technology provider.

Securing your Remote Workforce

There are many remote work strategies and controls that law firms can implement in order to significantly reduce the likelihood of a data breach, limit exposure of sensitive information and maintain security in a virtual office scenario.

All firms relying on a remote workforce should be implementing the following measures in order to ensure the safest possible environment.

• Password Requirements. Passwords are the first line of defense against unauthorized access to your systems and information. You should have strict requirements for employee passwords that ensure length, complexity and randomness. Changing passwords at frequent intervals and using a password manager are also recommended.
• Multifactor Authentication Policy. Multifactor authentication is one of the best ways to prevent unauthorized access to email accounts and systems. A multifactor authentication policy requires a user to have two pieces of information to gain access, not simply a password. This prevents attackers from gaining entry even if user passwords or credentials have been compromised.
• Role-Based Access Control. Role-based access control is a neutral access policy that restricts every user's access rights on the basis of the role played within the organization, with specific access granted to specific roles. Also known as a zero trust model, this approach restructures access within your firm's systems based on a "never trust, always verify" philosophy targeted specifically at preventing improper access.
• Strong Encryption at Rest and in Transit. Strong encryption is crucial to protecting your data from outside eyes, and you need to be sure that your data is secure at all times, regardless of where it is or how it's being used. Strong encryption must be in place when data is at rest, or simply residing in your system, as well as when it's in transit, or moving from one location to another. Equally important, you must know who has access to the encryption keys at all times.
• BYOD or Company-Supplied Hardware. Many employees use their own devices to access firm data and track and manage time and communications, but the better practice is for the firm to supply hardware that is consistent, secure and managed as part of a best practices IT strategy. That way, remote workers will not require huge IT overhead to support their hardware or activity.
• Meeting Recording and Transcriptions. Virtual meetings offer convenience, but audio/video challenges and file sharing can sometimes be complicated. We suggest an organization standardize on a widely used virtual meeting system with a robust mobile app. There are many inexpensive, accurate and fast services. Record the meetings and then store transcripts of what was discussed, thereby creating and preserving an official record and minutes of the meeting.
• Proactive Security Monitoring with AI Behavior-Based Protection. Proactive security monitoring is crucial to detecting threats before they wreak havoc on your systems. Behavior-based security measures that incorporate advanced AI and machine learning are designed to proactively monitor all activities in order to identify anomalies and deviations from normal patterns. This monitoring then offers a protective response as soon as a threat is detected.
• Auditing, Training and Planning. Aside from the specific tools and measures outlined above, dedicate firm resources to the prevention of cybersecurity threats on all fronts. This includes performing regular cybersecurity audits of your own networks and systems, requiring employees to undergo regular training in security best practices and revising your overall incident response plan as the cybersecurity threat continues to evolve.

Be Proactive

The immediate need to support remote work has brought with it an increasingly complex and risky cybersecurity landscape. Thinking proactively about remote work strategy and controls, business continuity and disaster recovery and application management when choosing or monitoring a cloud provider is the best way to prevent cybersecurity breaches before they happen.

*****

Tomas Suros is a technology advocate working at the intersection of IT and client consulting. With AbacusNext since 2004, he currently serves as global director of product marketing, guiding firms through the process of identifying forward-facing technology options and ensuring the successful implementation of a tailored solution. He can be reached at [email protected].