The Covid-19 crisis has upended the legal industry, forcing law firms to adapt quickly to an almost entirely remote work environment.  As with any significant upheaval, this sudden and radical transformation of the legal profession creates new risk management challenges for law firms.  

In this four-part series we discuss some of the risk management issues that law firms face during the Covid-19 pandemic and offers some tips for minimizing those risks. 

Confidentiality and Cybersecurity

So much ink has been spilled lately about the need for law firms to have strong data security protocols, I won’t belabor this point.  Cybercrime is on the rise because this transition into a fully remote-work environment creates new vulnerabilities for the bad guys to exploit.  

Law firms are far from immune. On the contrary, they are natural targets for cybercriminals because law firms store and transmit loads of sensitive confidential information and lawyers are notorious for being technologically – let’s just say – behind the times.  Law firms should implement protocols that make it easier – not harder – for attorneys and staff to practice data security hygiene.  For example, if your servers are so antiquated that people keep getting booted off the system or they lose work because they have trouble saving files to the firm’s document management system, guess what? They will email confidential documents to their personal email accounts and download them onto their personal computers so they can get their work done.  These types of work-arounds create openings for cybercriminals to access confidential information. 

There are many articles out there written by people who are more qualified than I am to offer data security advice.  The best advice I can give is to read those articles and consult with data security experts like my colleague James Mariani, a privacy lawyer, who used to prosecute cybercrimes as an Assistant District Attorney.  Here are some of his data security tips for law firms:

  • Institute a firm-wide data security policy with appropriate safeguards
  • Use appropriate password protection, two-factor authentication, and encryption for all devices, including computers, home Wi-Fi routers and printers
  • Use secure recognized networks and a company-provided virtual private network (VPN) if possible
  • Disable smart speakers and other AI devices when having confidential conversations
  • Ensure that lawyers and staff are properly trained on new or unfamiliar technologies
  • Distribute a list of approved software including cloud-storage and file-share solutions to deter lawyers and staff from using unapproved software to transfer confidential data
  • Use secure video conferencing platforms and use passwords when discussing confidential matters
  • Train personnel to identify, avoid, and internally report potential cybercrimes and security incidents, such as phishing, ransomware attacks, inadvertently downloading malware, escrow and wire transfer scams, etc.
  • Determine whether the law firm’s insurance policy covers data security losses and, if not, consider supplementing the firm’s coverage

Isolation, Mental Health Issues, and Sickness

Although many of us are holed up with spouses, children or other family members, others are sheltering alone.  Even people who are surrounded by family still go through periods of feeling isolated and lonely, due to the lack of interaction with friends and colleagues.  Physical and emotional isolation creates stress and can lead to depression and other mental health issues.  Even if someone is mentally healthy, they may suffer physical illness during this time, which will affect their ability to work.  The risk of mental or physical impairment is not unique to the current crisis – but it can be more difficult to spot.  Because no one is coming into the office, it may take a lot longer to notice that a member of your team has disengaged. 

Going back to the theme of supervision, law firms should maintain regular and predictable communication with their lawyers and staff members, so that they notice if someone drops off the radar.  Practice group leaders should keep track of who attends weekly conference calls and check in personally with anyone who is missing.  Monitoring time records is another way to track engagement.  If someone has not entered their time for several days, it is a good idea to check in with them to see how they are doing.  Finally, make sure your personnel know about mental health resources that are available to them if they are filling anxious or depressed.  Once place to start is the ABA website, which has a useful list of mental health resources.

Conclusion

Every day, we receive confusing messages from the media and our political leaders about when, and under what conditions, things might go back to normal.  This confusion feeds anxiety, which can lead to mistakes.  Law firm management should be working to alleviate some of that anxiety by communicating regularly with lawyers and staff and sending the message that – in the midst of this uncertainty – the firm is working hard to anticipate and plan for whatever happens in the future.  That does not mean that law firms should fabricate a rosy outlook and pretend that everything is okay when it is not.  It means that law firm management should be communicating with personnel on a regular basis about how the firm is responding to the crisis and should ensure that everyone (from the senior partners to the mail room staff) feel they are receiving clear, accurate information and have open lines of communication. 

Check out the rest of our four-part series for more tips.

The full article originally appeared in Law360.com on April 29, 2020.