As part of LawCPD’s course on Lawyers’ Ethical Duties in the Digital Age, Cathryn Urquhart spoke with Zahn Nel, CIO of FilePro Cloud, about the more prominent and critical role that technology now plays in law firms and, consequently, the ethical expectations on lawyers.
Both Cathryn and Zahn agreed the increase in reliance on technology and cyber-attacks has heightened the standards of care and safeguarding measures needed by law firms. These measures include:
Improved password security
What was once optional, is now necessary. In particular, 2-factor authentication (2FA) is fast becoming a mandatory requirement for business cyber insurance.
What was once comfortable and convenient practices are no longer valid in today’s IT security environment Generic firm-wide passwords should be replaced by ones that are unique to each person with more complexity and changed frequently.
Review remote work setups
Many of the practices adopted at the start of the pandemic to pivot to Working From Home (WFH), are not necessarily the most secure solutions long term as they expose data safeguarding gaps.
The need to review these practices reflects the growing awareness that if firms are required to lock up physical client files, why treat digital files any differently?
Zahn illustrated this point with a few examples. Screen sharing can be a very insecure remote working method still in play for many firms. This method requires the computer and screen to be left open in the office to enable WFH. Thus anyone in the office is able to view what your team is working on remotely without authorisation eg cleaner, maintenance or other staff.
Another recent example relates to the use Office 365, especially for emails. There are a lot of reports from firms that have their Office 365 accounts compromised and then fake emails are being sent as replies after emails have been intercepted. Once again, Office 365 provides an MFA solution that prompts the user every time they log in to the Office 365 from a new device. Having a platform such as Office 365 is fantastic for remote working, but a big risk if a firm doesn’t have that function activated.
Assess real costs and benefits
Zahn recommends a cost benefit analysis is key to deciding how much to invest in a solution that delivers service to your clients that also provides data security. However, when conducting this analysis, it is also very important to bear in mind the financial cost and the impact on a firm’s reputation if it had to deal with the consequences of a data breach/cyber attack. Taking small, incremental steps can contribute towards a strong foundation for your firm’s IT security.
Practical steps to implement more secure systems
Zahn suggests 3 practical steps to get started in addressing a firm’s security pitfalls:
- Firms should start by reaching out to their tech providers on best practice and not be left to navigate these issues alone.
- Visit the ACSC website to review the Essential 8 Maturity Model and compare to your systems
- Conduct ongoing staff training on best practice.
Following more recent discussions with insurance brokers on cyber security risks, Zahn would also suggest the following steps worthwhile:
- Aligning your insurance policy requirements with your cyber strategy;
- Making sure you rehearse incidents and your response;
- Asking your broker to provide examples of incidents that affected businesses similar to yours; and
- Forming a relationship with the ‘insurance response team’ that would assist with an incident.
Finally, Zahn suggested that having a senior person in the firm designated as an IT champion in discussions on IT security procedures and strategy is critical as they will know the firm’s current manual processes and culture. The end solution will therefore be more comprehensive. In addition, this senior leadership will mean new standards will filter more effectively throughout the entire firm.
For more information on these technology issues, feel free to contact the FilePro Support team for a no obligation discussion.
About LAWCPD
Since 2008, LawCPD has partnered with leading legal minds and thought leaders to deliver engaging online CPD to lawyers across Australia. All of the online courses LawCPD offers to lawyers are interactive, self-paced and accessible on any device – making this one of the most convenient and flexible ways for lawyers to earn their CPD points. Learn more at LawCPD.com.au