Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.
Sign up for our Cybersecurity & Privacy newsletter
You must correct or enter the following before you can sign up:
Thank You!
Law360 (March 19, 2020, 9:58 PM EDT) -- While society focuses on how to avoid further spread of the coronavirus, law firms need to be mindful of how employees working remotely because of the pandemic can steer clear of computer viruses and other cybersecurity risks, several experts gathered by the American Bar Association said Thursday.
Requiring work to be performed on secure servers, training workers on best cybersecurity practices for when they are not in the office, and potentially providing employees with company-issued equipment are some of the tasks law firms will need to take on in short order, the experts said as part of a webinar on cybersecurity issues during the COVID-19 crisis.
With hackers aware that they may be able to exploit weakened technology systems because many lawyers and support staff are working remotely, and law firms obligated to protect their clients' sensitive personal information, firms cannot afford not to act.
"Don't forget cyber hygiene," said Ruth Hill Bro, a privacy and security lawyer who co-chairs the ABA's Cybersecurity Legal Task Force.
Law firms must also stay on top of local laws, which may require them to provide their employees with equipment to work remotely or limit the extent to which they can ask employees about their health or require checks such as temperature scans. Firms should also be aware of how relevant laws in the United States may differ from those in the European Union or other locales.
Aside from security is the issue of practicality: With no information technology workers on hand to repair laptops or other devices should an employee click on a dubious link and get a computer virus, firms must make a concerted effort to ensure that workers avoid phishing attempts, which could effectively cause an individual to lose their ability to work remotely, said Jill Rhodes, vice president and chief information security officer at Option Care Health.
Law firms should strive to avoid holding in-person conferences or other physical gatherings as much as possible, said Christine Lyon, a partner at Morrison & Foerster LLP's privacy and data security practice. But if an in-person gathering is unavoidable, Lyon encourages not only general precautions such as hand-washing and physical distance, but also that all participants provide their contact information and consent for sharing it with authorities.
Afterward, employers do not need complex cleansers to disinfect their doorknobs, conference tables and elevator buttons; a simple dose of soap and water has been found to cleanse surfaces of the virus, said Dr. Aileen Marty, professor at Florida International University's Herbert Wertheim College of Medicine.
"It's a very easy virus to clean," Marty said.
Firms also must recognize that not all work-from-home situations will be identical. While some employees will work in dedicated home offices with a door to provide isolation and a level of security, other employees may need to work from kitchen tables in a house full of other people who could potentially look over their shoulders, Lyon said.
Beyond attorneys, legal secretaries and other support staff may not have any experience with working from home and may need additional boundaries or guidance, Lyon said. And many households will be dealing with childcare, as children may essentially need to be home-schooled amid school closures during the pandemic, she said.
"Despite everyone's best efforts, it will not be business as usual," Lyon said. "I think we will need to be flexible with that."
--Editing by Alanna Weissman.
For a reprint of this article, please contact reprints@law360.com.
