How to work from home safely – “Alexa, are you listening in to my client conversations?”

You have probably been working from home for several weeks now. Hopefully things are running smoothly and any initial bumps in the road have been ironed out: you’ve purchased those additional software licences to ensure that everyone’s up and running from home offices, and internet connections have been upgraded to help ensure the best possible client/work experience.

Unfortunately, Covid-19 has created new opportunities for cyber fraud, as criminals move to capitalise on changes to ‘usual’ security arrangements due to remote working.

Just last week, the Solicitors Regulation Authority announced that it has received specific reports about law firms being targeted by criminals, and had removed more than 2,000 online scams. In one case, fraudsters had attempted to create a standing order for £4,000 a month from a firm’s client account.

Quite frankly, the last thing you need right now is a client security breach and with it, the threat of financial penalties, not to mention reputational damage. Without the right protections in place, lawyers  – who handle highly sensitive information and significant amounts of money – are sitting ducks for cybercriminals.

We’ve put together a few tips that you might like to share with your staff, which are designed to help you prevent fraud and scams whilst enabling you to continue to deliver legal services online as safely and securely as possible.

Switch off visual/voice activated devices

Voice activated devices, such as Amazon’s Echo and Google’s Nest, are designed to record and store audio only after they detect a word to wake them up – but testing by Northeastern University and Imperial College London found that the devices can be inadvertently activated between 1.5 and 19 times a day.

It would be wise to err on the side of caution and advise your fee earners to switch off any kind of visual or voice enabled device, to be certain that sensitive client information isn’t picked up.

Posit, the voice assistant included in Osprey Approach, is activated with the physical click by a user, so does not suffer from this potential security concern by ‘listening’ in the background.

Share information with clients and colleagues using encrypted methods

You’ll likely be communicating with clients in many different ways, so it’s vital to ensure that all channels you’re using are encrypted and secure, such as Osprey’s client portal.

What is encryption?

In simple terms, encryption takes readable data and alters it so that it appears random. Although encrypted data appears random, the encryption process takes a ‘key’ and logically randomises the data, meaning that it can be decrypted using the same key when it needs to be accessed again.

It goes without saying that, as a legal professional, it’s your duty to keep client information confidential, which isn’t easy without encrypted channels.

For video calls with clients and colleagues, we’d suggest using Microsoft Teams. It works exceptionally well for intra-company communication, and also allows for easy to use video calls and screen-sharing with clients and third-parties.

When it comes to document sharing, ensure that your emails, as well as your client portal, are encrypted. Support for encrypted emails is patchy right now, so we’d recommend using a cloud-based client portal like Osprey’s, which allows you to share, and receive, files in a safe way. In addition to your encrypted connection, it virus-scans all files as they are uploaded to ensure all parties remain safe.

Other points to consider

• Simplify your calls with a system such as Microsoft’s 365 Phone System. Being a cloud-based telephony service for your home-working law firm, it offers greater security and advanced functionality over traditional phone systems. We’d be happy to get you up and running;
• Use a password manager to create and safely store complex and secure passwords;
• Enable two-factor-authentication wherever possible, which adds a further layer of protection;
• Be aware of what data is important and be extra vigilant when storing or sending anything remotely; and,
• Encourage your team to communicate and be open. If they suspect they’ve spotted a potential security risk, ask that they inform you as soon as possible.

By arming your fee earners with the right, secure tools and encouraging them to think about being cyber aware, there’s no reason why your firm can’t continue to provide high levels of client service from anywhere.