Originally published June 26, 2020, by Bill Sorenson, VP of Product, at www.elite.com.
Learning from the COVID-19 Impact
We’ve seen a dramatic change over the last four months in relation to the coronavirus pandemic. One of the significant places that have impacted most firms is the work-at-home requirements placed across the country. Some firms were able to respond quickly, and others struggled for a significant time to enable their employees to work. One of the large impacts has been the increased risk exposure associated with cybersecurity. How you handle this impacts your firm’s value, both overall as well as in the marketplace.
Risk Management at the Heart: Protecting Your Assets
It all gets back to risk. In our industry, most of what we do and the decisions we make are related to risk and risk mitigation. When we look at cybersecurity, there’s no difference. Expanding your risk footprint with work-at-home employees dramatically increased your risk. The question is, is it short-term or not?
- Running Your Technical Environment: First let’s look at your technical environment and, as an example, how you run 3E® or ProLaw® and your other applications. You may run it internally with your own equipment, in a computer center somewhere else, or in the public cloud. Each implementation has different risks and productivity considerations for your employees and the firm. For the firms that have run it and the rest of their applications in the cloud, the move to work-at-home was simple. They were already used to the idea that their employees could work from anywhere. For the other firms, the move to work-at-home created a hectic environment with a struggle to get everyone working at the same time, the performance was horrible, and security became an immediate concern.
- Cybersecurity as a Base: When we look at cybersecurity and the extension of a firm’s environment to each employees’ home, many things raise red flags. First, simply locking down employees’ technology to restrict confidential information exposure has been key. Additionally, in many situations, the computers people use at home are shared. This dramatically increases the exposure to the firm. By implementing key controls around the devices that employees use, firms have been able to reduce this risk exposure quickly. Make sure you’ve reviewed the risks specific to your firm and have implemented controls to keep your firm’s data secure.
- Coming to Grips with Reality: Going forward, there will now be an increased focus on disaster recovery, business continuity, and cybersecurity. Focusing on those protections related to your employees and the remote workforce will significantly level-up your overall security. In a time when there is a dramatic focus on hacking each of your employees, there is no time to waste to secure your environment.
Protections Needed Now
- Work-at-Home: You need to implement technical controls on each user’s device and put in place additional policies and procedures around work-at-home, bring your own device, and possibly, confidential information exposure.
- Disaster Recovery / Business Continuity: You need to review your disaster recovery and business continuity plans and look at how they were implemented with COVID-19 and adjust.
- The Human Element: Training, training, training. It is time to step up and help your employees protect you. If you haven’t already rolled out cybersecurity training, it’s time to do that now. And this includes partners. Partners are really the focus of phishing attempts and, many times, are greenfield for hackers. By training employees, you increase the sentries that are protecting the firm.
- Direction to the Cloud: One thing COVID-19 has shown us is that firms that had already adopted the cloud were well prepared. They made those decisions based on cybersecurity, costs, and productivity gains for the firm. It is time for you to look at that as an adoption rather than a review. By choosing Amazon® AWS, or Microsoft® Azure®, you’re able to leverage the best in the world at costs you can afford. The key piece is finding a partner who’s focused on your industry.
The Transition Back
As the pandemic progresses and different states begin to transition industries back to a more normal work life, it’ll be time for you to look at transitioning your firm back. As you’re making that decision, take into account the lessons you’ve learned during the pandemic. Key takeaways from this article for you and your core partners to review include:
- Staffing Lessons: How did our staff respond, and how did we help them?
- Client Lessons: Were we able to provide what our clients needed and expand our services in response to the pandemic? If not, could we have?
- Technical Lessons: Were we prepared for this emergency? Did we use our disaster recovery plan, or did we take it for granted? Do we need more focus on moving to the cloud now to protect us from this type of situation going forward?
- Firm Lessons: Was our mindset one of quick response and focus on where we could help, or was it reactive and overwhelming? Would we be better served by spending time walking through realistic examples and responses? Can we be better prepared?
Set up some time with the firm leaders and take the time needed to go through your new normal. As you are reviewing the past months, be open to input, criticism, new methods, and ideas from all levels. Many people have been impacted in several different manners. Understand how you can step forward and help your partners, staff, and your clients now and in the future.