The QLS Ethics and Practice Centre has advised firms to ensure that staff returning to the office after lockdown are not bringing digital viruses with them.
As law offices re-open, employees may be temperature tested and hand-sanitised to protect the firm from transmission of respiratory viruses, but the same effort should also be devoted to preventing digital infection.
Many law office staff working from home during lockdown were forced to use their own networks and devices rather than work-supplied equipment. Portable storage devices or documents that have been opened on an infected laptop can introduce malware into the firm data environment on return.
Firm data may also not be under appropriate control, being spread across privately owned devices and accounts.
Mitigation:
- Ensure all firm data is identified and returned to appropriate locations on firm systems. This is an important management task, so time should be set aside to do it. Staff should be asked to certify that they have located relevant data and followed the firm protocol for returning it.
- Ensure portable devices are encrypted prior to moving data on them. Windows Pro includes Bitlocker, a simple and effective encryption system which can be used to encrypt USB drives, SD cards and internal hard-drives. Other free and low cost encryption tools are readily available.
- On arrival back at the office, all devices and documents should be scanned for viruses using an up-to-date quality virus scanning suite before being copied to the firm system.
- Once returned, firm data should be deleted from staff-owned laptops and storage devices using appropriate ‘shredding’ software. (For removable drives, formatting may be sufficient).
- Firm-owned laptops should also be scanned and software updated if required.
- Any remote connection ports opened to allow technical support or data access away from the office should be closed. (For the technically minded this blog post from Microsoft explains how and why).
Managing work-from-home risks in the future
QLS recommends that client information not be accessed on privately owned devices, especially if firm data is copied to portable drives or cloud accounts not controlled by the firm.
Work-supplied phones and laptops are the gold standard, but if resources do not permit this, a private device accessing information through a portal or app is a more easily managed risk than copying large volumes to portable storage, employee laptops or Gmail accounts.
For further information please do not hesitate to contact the QLS Ethics and Practice Centre on 07 3842 5843 or ethics@qls.com.au.
Share this article