7 Top Tips for Law Firms to Ensure Their Cyber Security for Homeworkers is Solid

When the Prime Minister spoke to the nation on 23-3-20 instructing us all to work from home where possible, the scale and speed of the change looking back now was quite unbelievable. Some businesses were more prepared for this than others, but on the whole, law firms seem to have found the transition relatively straightforward. Those with good practice management software providers have had homeworking options available to them for many years.

While most firms could breathe a sigh of relief that the tech was working from home and that they could continue to deliver services to clients, the serious and urgent need to consider the cyber threats facing them were hard to ignore. Many law firms now have in place the required level of cyber security solicitors need to be able to practise from home safely.

With home working here to stay, as many law firms plan a hybrid working model for the future of law, closing and downsizing their offices, here is a check-list of the top 7 recommendations for those firms catching up with cyber security for homeworkers:

1. Make sure you have a clear reporting mechanism in place

Ensure you have a clear reporting mechanism in place for your homeworkers that they can use to officially report and log any security concerns or problems so that your IT people are fully aware of any potential threats to the business. People who don’t work in IT may not recognise the significance of a cyber threat, so if you don’t make lines of communication available and easy, they may not alert the right people early enough.

2. Strong passwords With two-factor authentication are a must

If you haven’t done this yet, we highly recommend you do it today! Don’t delay any longer. There is lots of excellent advice on the National Cyber Security Centre website about passwords and 2FA here.

3. Consider all the devices in use at home & ensure they are safe

Across the country, home workers are using a combination of their employers’ devices (PCs, laptops etc.) as well as their own personal devices (phones, tablets etc.) sometimes referred to as BYOD (bring-your-own-device). Either way law firms must make sure their staff understand the risks of using devices away from the office for work purposes. Make sure they are all running the most recent software for both operating system and applications, including anti-virus software of course. Make sure staff know how to keep devices safe when away from the office, and what to do about reporting lost or stolen devices as soon as possible to the relevant IT staff to ensure your firm remains safe. For homeworkers, it is probably better to supply equipment rather than allow BYOD (bring-your-own-device) so you the firm can monitor “who, what, when, where and how?”.

4. Switch on encryption

Devices are more likely to be lost or stolen when you have staff set up for home working. Most modern devices have encryption built in, but it may need configuring or switching on. Ensure all devices that are being used at home by your workers are set to encrypt data while at rest.

5. Use mobile device management

It’s a good idea to set up all your home working devices with a standard configuration so that your IT people can lock them or delete data from them remotely, using MDM (Mobile Device Management).

5. Have a VPN in place

Having a Virtual Private Network (VPN) in place provides an additional layer of security for home workers accessing your firm’s IT resources – e.g. your practice management system, your email system etc. If you are already using VPN, make sure it is fully patched. You may need extra licences, capacity or bandwidth if you’re supporting more home workers. Your users should avoid using free WiFi hotspots without using a VPN to ensure your/their device’s traffic is encrypted and harder for a cybercriminal to intercept. For law firms using a hosted solution for their Practice Management Software, on the cloud their systems should be fully patched and optimised. If you manage your own IT infrastructure in-house it is worth checking.

6. Empower your staff to spot scams, risks & threats

Human error might be the cause of many of the world’s data breaches today, but it is important to remember that your people are your first line of defence too. Regular training instils the right competencies and behaviours across the workforce and for homeworkers delivering key training material of this nature remotely using eLearning courses is ideal. Completing modules on a ‘little and often’ basis, enables people to build training into their day and apply the teachings to their work. It also means new starters, currently onboarding at home, are empowered to grow their knowledge and adhere to security policies from the moment they join. From a compliance perspective, a good learning management system (LMS) helps firms to plan, track and evidence training, and signpost people to relevant eLearning courses.

More Cyber Security Resources from Access Legal


*Access Legal is the original source of this blog series: Cyber security for law firms.

Access Legal

Access Legal
Working in partnership with more than 3,500 UK law firms and underpinned by over 30 years of sector experience, Access Legal provides an unrivalled suite of complete software solutions. From case and practice management, finance, accounting and business intelligence to learning, compliance and HR – Access Legal helps firms take control of their time, improve efficiency and productivity. By providing software to manage every aspect of a firm’s operations, Access Legal enables ambitious firms to reach unlimited potential and have the freedom to focus on clients and people to drive profitability and growth. ​​​​Access Legal is part of The Access Group, a leading provider of business management software to mid-sized organisations. It helps more than 35,000 customers across commercial and not-for-profit sectors become more productive and efficient. Its innovative Access Workspace cloud solution transforms the way business software is used, giving every employee the freedom to do more. Founded in 1991, The Access Group employs more than 3000 staff.