Rely on the most comprehensive, up-to-date legal content designed and curated by lawyers for lawyers
Work faster and smarter to improve your drafting productivity without increasing risk
Accelerate the creation and use of high quality and trusted legal documents and forms
Streamline how you manage your legal business with proven tools and processes
Manage risk and compliance in your organisation to reduce your risk profile
Stay up to date and informed with insights from our trusted experts, news and information sources
Access the best content in the industry, effortlessly — confident that your news is trustworthy and up to date.
Find up-to-date guidance on points of law and then easily pull up sources to support your advice with Lexis PSL
Check out our straightforward definitions of common legal terms.
Our trusted tax intelligence solutions, highly-regarded exam training and education materials help guide and tutor Tax professionals
Access our unrivalled global news content, business information and analytics solutions
Insurance, risk and compliance intelligence using big data, proprietary linking and advanced analytics.
A leading provider of software platforms for professional services firms
In-depth analysis, commentary and practical information to help you protect your business
LexisNexis Blogs shed light on topics affecting the legal profession and the issues you're facing
Legal professionals trust us to help navigate change. Find out how we help ensure they exceed expectations
Lex Chat is a LexisNexis current affairs podcast sharing insights on topics for the legal profession
Discuss the latest legal developments, ask questions, and share best practice with other LexisPSL subscribers
This Q&A explains the main technology risks associated with temporary homeworking and suggests some risk mitigation measures you may wish to consider putting in place.
Temporary homeworking in situations such as a pandemic (eg coronavirus (COVID-19)) will present staff with new challenges and an unfamiliar, often stressful, situation. To protect you, your staff and your customers/clients, you should:
introduce and communicate sensible and pragmatic security arrangements that support you and your staff while using remote IT systems, and
consider giving staff simple how-to guides for your systems and programmes to help them adapt, particularly for staff who have not routinely worked remotely before
Working outside a secured office presents some additional challenges for management too.
Staff may be more likely to have devices stolen when they are away from the office, and there may also be an increased likelihood that someone who is not authorised to access a device or system could gain access to information on your devices, or use them to access your work systems.
There are several steps you can take to keep your devices safe when they are not in the office:
encrypt laptops and install a system to track and delete data from other work devices such as tablets and phones remotely if they are lost or stolen
use two-factor authentication for log-ins where possible, ie your systems require two different methods to prove identity before allowing access, for instance a password combined with a code sent to a mobile phone
ensure you and all staff avoid predictable passwords—staff may need guidance on this—see Precedents: Password policy and Passwords—quick guide to getting it right
advise staff to be careful about who can see or overhear what you are doing when working with sensitive information—see Precedents: Information security awareness campaign—confidential calls and Information security awareness campaign—information on the move
remind staff to always clear workspaces of papers and lock device screens when they’re not working, including when they are working from home—see Precedents: Clear desk and clear screen policy and Information security awareness campaign—clear desks
ensure lost or stolen devices can be tracked, locked or wiped—mobile device management software is available to help you here
keep your devices and apps up to date, and remind staff to do the same—all manufacturers release regular updates that contain critical security updates to keep devices protected, and
prohibit staff from using unknown Wi-Fi hotspots, and remind them regularly—see Precedent: Information security awareness campaign—using Wi-Fi
Sometimes a move to mass homeworking is made necessarily rapidly, eg in response to a pandemic situation and resulting government instructions to work from home. Many staff in this situation may need or want to use their own devices rather than work-issued machines, at least temporarily. These can be less secure.
You should ensure your security controls can be applied to any device your staff members are using. As with protecting your work devices, this presents challenges. Key security aspects you should consider include:
limiting the information shared by devices
creating an effective bring your own device (BYOD) policy—see Precedent: Policy—bring your own device (BYOD)
using technical controls, such as mobile device management
planning for security incidents—see Precedent: Cybercrime prevention strategy and incident management plan
giving staff a choice of approved devices
the IT support you will need for managing a range of devices
educating staff about their responsibilities when using personally-owned devices for work purposes—see Precedent: Training materials—bring your own device to work, and
understanding data protection aspects of BYOD—see Practice Note: Bring your own device (BYOD)
See further Practice Note: Bring your own device (BYOD) and Bring your own device policy—checklist.
You must make sure your staff can securely access your IT resources. The best way to do this is with a virtual private network (VPN) from a reputable provider.
make sure your systems are protected against ransomware and other malware
backup your important data to protect it from loss due to an accident or a cyber attack
restrict access to your backup, and
ensure you know how to restore your system from a backup
For more guidance, see Practice Note: Pandemic (COVID–19)—information/cyber–security—considerations and resources—law firms and Q&A: What cybercrime risks do I need to consider during a pandemic (eg coronavirus (COVID-19))?
This might be a good time to update your staff on the technology risks associated with working from home.
Make sure staff know the importance of keeping software and devices up to date.
Make sure they know how to report any problems or breaches to you—see Precedents: Cybercrime prevention strategy and incident management plan and Training materials—information management and security.
Use training and awareness to help build a positive and blame-free culture of reporting, where staff feel comfortable raising issues and concerns. Training and awareness tools you may wish to use are peppered throughout the guidance above. They are listed here for convenience, along with some additional tools you may find helpful in raising staff awareness of the issues and providing training:
Passwords—quick guide to getting it right
Cybercrime awareness campaign
Information security awareness campaign—confidential calls
Information security awareness campaign—information on the move
Clear desk and clear screen policy
Information security awareness campaign—clear desks
Information security awareness campaign—using Wi-Fi
Policy—bring your own device (BYOD)
Cybercrime prevention strategy and incident management plan
Training materials—information management and security
Training materials—bring your own device to work
Training materials—cybercrime and cybersecurity
Free trials are only available to individuals based in the UK
* denotes a required field
Access this article and thousands of others like it free by subscribing to our blog.
Read full article
Already a subscriber? Login
0330 161 1234