When working from home (WFH) became a necessity, our legal clients quickly went remote.   

I suspect many other Charlotte law firms did the same.  

But I also suspect that—in the hasty transition to WFH—some firms allowed attorneys to directly access corporate data from personal computers (PCs) or laptops. 

If this describes your WFH setup, you’ve placed your cybersecurity and client data in jeopardy.  

No law firm should allow work from non-firm-owned devices (without a crucial protection). Here’s why…  

Using personal laptops/PCs is a dangerous WFH setup.   

Before I explain why this WFH setup creates risk, I need to make an important clarification.   

Attorneys can safely work from personal laptops/PCsbut only if remote control technology is used.  

Remote control technology allows you to command an office computer offsite. From your personal laptop/PC, you can see your office computer screen. However, your personal device is not processing the information in view. The office computer is doing all the work, and the only data transmitted to your personal device is your office computer screen.  

Done right, this scenario isn’t problematic. In fact, I’ve recommended it.  

The danger occurs when attorneys log in and access Microsoft 365, line-of-business applications, etc. directly from their laptops/PCs.  

The risk is explained by a simple principle: If you don’t own it, you can’t control it.  

Let’s look at this in fuller detail: 

1. You lack full control over cybersecurity protections. 

Let’s say your firm purchases laptops for its attorneys. On these laptops, my team can install the same cybersecurity technologies that are present on your office computers.  

That’s not the case for attorney-owned devices.  

Because these laptops/PCs are personal property, attorneys can always refuse a necessary (but unwanted) protection.    

2. You can’t control the behavior of attorneys.

When not working, an attorney may access personal emails, surf the net, or download applications on his or her device.  

This allows personal risk to morph into corporate risk.  

Here’s an example. One of your attorneys visits a website and accidentally downloads spyware. This malicious software then captures the username and password to his or her Worldox account. 

3. You can’t control a personal device if an attorney leaves your practice.  

Attorneys don’t stay at a firm forever. Some retire. Some join other practices. Some go on to establish their own firms.  

When an attorney leaves your organization, you can’t retrieve his or her personal laptop/PC.  

Any stored data on that computer is there to stay.  

Find a WFH setup that retains control while empowering your attorneys.  

If you’re a practice manager, you don’t have to choose between an effective WFH setup and safeguarding your data. You don’t face an either-or decision.   

When it comes to mitigating WFH risk, you have a handful of different options. The key is determining which is best for your firm.  

If you’d like our help creating a secure WFH environment for your law firm, call us at 704-464-3075 or send a message to info@weareproactive.com.  

Steve Kennen, president of Proactive IT and cybersecurity expert

About Steve Kennen

As an expert in information technology infrastructure management, cybersecurity, and cyber risk management practices for small businesses, Steve spearheads initiatives that keep his clients secure and their business operations running smoothly. His core message is that the details matter.