Working from home? Practice good digital hygiene
Attorneys working from home to avoid spreading or catching COVID-19 can avoid computer viruses, too, with good digital hygiene and a little common sense, according to a South Florida lawyer and leading cyber security expert.
Alfred Saikali, who chairs the Privacy and Data Security Practice for Shook, Hardy and Bacon, says working from home during the national crisis doesn’t necessarily pose an increased risk. (Saikali’s 52-minute video, “Cybersecurity for the Everyday Lawyer,” was added last year to The Florida Bar’s LegalFuel Speaker Series.)
“If you take the right steps and precautions, you’ll be fine,” Saikali said. “You’ve just got to learn to implement some smart decisions when using some new technologies.”
Topping the list, Saikali says, is making sure that the home device is connected to the office systems through a VPN, or a virtual private network.
Think of a steel tunnel, Saikali said.
“And on one end of the tunnel is you, the lawyer, in your house, and on the other end of the tunnel is your systems, mainframes and servers,” he said. “Because it’s made of steel, it’s very difficult to intercept the communications from one end to the other.”
Next, and equally important, Saikali said, is implementing MFA, or multi-factor authentication.
MFA is typically triggered when a system user logs into a network and enters a login and password.
“Then I get another request, typically on my cell phone, and it says, ‘did you just try to login?’ And then I type, ‘yes.’”
MFA is frequently used in online banking, when account holders, after typing in a login and password, are also asked to enter a code that is automatically texted to their phones.
“It’s probably the number one thing a person can do to limit data breeches,” he said.
Lawyers who are conducting meetings on conferencing applications, such as Zoom, should be careful to activate privacy settings, to prevent unauthorized users from listening in, Saikali said.
“You should probably be doing that, even when you’re using it in the office,” he said.
Always encrypt sensitive documents when storing them on a computer or portable storage device, such as a thumb drive, Saikali said.
“Encrypting it is like locking it in a safe,” Saikali said. “When you want to read it, you need a password to access it.”
The 2014 Florida Information Protection Act does not require data managers to notify customers about data breeches that are limited to encrypted information, Saikali said.
“The technology is that secure,” he said.
Continue to use common sense when opening emails, Saikali said. The COVID-19 emergency has spawned scores of false alerts laden with malware.
“Now we’re getting these COVID-19 emails from everybody under the sun,” Saikali said. “You should only click on a link from a trusted source.”