New Remote Working Guidance And Cybersecurity Best Practices For Lawyers

Welcome to the future. Don't talk about cases in front of Siri or Alexa.

It’s hard to believe that we’re nearly a year into the pandemic. It’s been a long, arduous journey, and unfortunately there’s no immediate end in sight. The good news is that, overall, lawyers have adapted quite well to both the social distancing requirements and the unpredictable nature of the pandemic by adding new cloud-based tools to their law firms’ technology arsenals that make it possible for them to transition to remote work when needed.

However, as many lawyers have learned along the way, due to the confidential nature of their work, the practicalities of working remotely must necessarily conform to their ethical obligations. Fortunately, a number of different bar associations stepped up to the plate during the early stages of the pandemic and provided ethical guidance for lawyers to help ease the transition to remote work and ensure that lawyers protect their clients’ confidential information regardless of where they happen to be working on any given day. For example, I recently wrote about some of the ethics opinions regarding remote work and also rounded up recent developments regarding secure communication when working remotely.

Since I wrote those blog posts, the State Bar of Wisconsin added its two cents, issuing Wisconsin Formal Ethics Opinion EF-21-02 in mid-January. In that opinion, advice is offered regarding a number of different issues related to practicing law remotely, including the duty of technology competence and lawyers’ obligations to protect confidentiality and communicate securely.

Importantly, at the outset of the opinion, the committee wisely noted that because technology is always changing, it would not be providing specific requirements for remote work and instead would offer more elastic, overarching guidance.

Then the committee acknowledged that one of the more notable effects of the pandemic, which was to dramatically accelerate technology adoption by lawyers, would likely continue post-COVID. The committee explained that “technological advances have replaced many of these personal interactions, as well as other aspects of practice such as the transfer and storage of client information. In addition, it is expected that lawyers, like other professionals, will continue to work remotely in some form after the pandemic.”

Next, the committee addressed the duty of technology competence, and emphasized that lawyers must ensure that they stay on top of advancements in technology. According to the committee, basic technology competence includes, at the very least, “knowledge of the types of devices available for communication, software options for communication, preparation, transmission and storage of documents and other information, and the means to keep the devices and the information they transmit and store secure and private.”

Then, after focusing on a number of other overarching ethical obligations that are triggered when lawyers work remotely, including diligence, supervisory duties, and the unauthorized practice of law, the committee moved on to more practical advice. Specifically, they provided guidance in three areas: cybersecurity, training and supervision, and client preparation.

Sponsored

Because this section of the opinion is somewhat lengthy, I’m going to focus on the cybersecurity guidance. To that end, below you’ll find an edited version of the committee’s very useful list of cybersecurity best practices. Note that although I’ve provided a shortened summary of the list, there is lots more where that came from, so make sure to read the opinion in its entirety for lots of great advice and guidance on the ins and outs of running a virtual law firm.

So without further ado, here is the full list of cybersecurity best practices:

  • Require strong passwords to protect data and to access devices.
  • Use two-factor or multifactor authentication to access firm information and firm networks.
  • Avoid using unsecured or public WiFi when accessing or transmitting client information.
  • Use a virtual private network (VPN) when accessing or transmitting client information.
  • Use and keep current antivirus and antimalware software.
  • Keep all software current: install updates immediately.
  • Supply or require employees to use secure and encrypted laptops.
  • Do not use USB drives or other external devices unless they are owned by the firm or they are provided by a trusted source.
  • Specify how and where data created remotely will be stored and how it will be backed up.
  • Save data permanently only on the office network, not personal devices.
  • Use reputable vendors for cloud services.
  • Encrypt emails or use other security to protect sensitive information from unauthorized disclosure.
  • Encrypt electronic records, including backups containing sensitive information such as personally identifiable information.
  • Do not open suspicious attachments or click unusual links in messages, email, tweets, posts, or online ads.
  • Use websites that have enhanced security whenever possible.
  • Do not have work-related conversations in the presence of smart devices such as voice assistants.

Finally, the committee concluded the opinion with a great summary of where we are, how we got here, and where the legal profession is headed in the future: “The COVID-19 pandemic has dramatically changed how lawyers work and represent their clients. Some of these changes may be temporary but others are likely part of a movement towards increased reliance on technology in the practice of law. As working remotely has become the new normal, lawyers must develop new skills and knowledge to comply with their core responsibilities.”


Nicole Black is a Rochester, New York attorney and Director of Business and Community Relations at MyCase, web-based law practice management software. She’s been blogging since 2005, has written a weekly column for the Daily Record since 2007, is the author of Cloud Computing for Lawyers, co-authors Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York. She’s easily distracted by the potential of bright and shiny tech gadgets, along with good food and wine. You can follow her on Twitter at @nikiblack and she can be reached at niki.black@mycase.com.

CRM Banner