Mail: It might be possible to have the mail temporarily forwarded to your home by the postal service. Check the rules carefully to see what will be forwarded and what will not. If your office suite remains operational as an essential business but you are unable to work there (e.g., law firms are not essential businesses in your area), check to see if that office will forward mail to your home. Consider using “Informed Delivery” by USPS. This might allow you to see the mail that’s on its way to you.
Phones: Have phones forwarded to your home office if necessary. If employees will have telephone communications in their home on behalf of your firm, make sure they maintain confidentiality standards. Have a written policy as to how they can achieve this. If you are considering a VoIP for the first time, research options carefully and ensure employees know how to use the one you select.
Video Conferencing: Use encryption to make sure your communications remain confidential and privileged. Add passwords to your conferences to further reduce the risk of hacking or other interference. Keep abreast of the latest security developments. On video conference platforms like Zoom, for example, you can now control your data routing to avoid certain regions if you have a paid account.
Update Your DNS Servers: Speak with your IT consultant about upgrading your DNS servers to avoid dangerous websites. There are reports of a significant spike in criminal activity targeting those working from home.
Require Dual Authentication: Whenever possible, require all employees to use dual authentication to increase security.
Wireless Networks: Consider whether to use a Virtual Private Network (VPN) at home. If you have employees, it might be wise to buy VPN service for everyone in the firm and require its use.
Encryption of Devices: If you do not already require firm devices be encrypted, considering implementing this immediately. With more firm equipment at home (or being transported between home and office), the risk of data being compromised is increased. Consider implementing a policy that requires all laptops, external hard drives, thumb drives, etc. to be encrypted with strong passwords. Of course, be sure to think this through carefully to make sure you do not get locked out of your devices.
Use Strong Passwords: Rather than simply instructing employees to use strong passwords, enforce this requirement through your software administrative settings whenever possible. For instances when this is not feasible, give employees specific guidance on proper password management, including how to create a strong password and how often they should be changed.
Clients with Diminished Capacity: Keep in mind that clients may have underlying conditions exacerbated by the current crisis. Read the applicable Rule 1.14 and comments carefully, keeping in mind that “as far as reasonably possible, maintain a normal client-lawyer relationship with the client.” ABA Model Rule 1.14(a).
Employment Law Concerns: Consult with an employment law attorney to make sure you are compliant with those laws.
Supervision: Be sure to make reasonable efforts to supervise subordinates. See ABA Model Rules 5.1 and 5.3 with comments. Overcommunicate. Make your expectations as clear as possible. Ensure that all employees have the necessary training—including knowledge of firm technology—to provide quality, confidential services to your clients.
Multi-Jurisdictional Practice: For those lawyers who have fled a jurisdiction where they are admitted to practice, make sure that you are authorized to practice where you are now physically located. See Rules 5.5 and 8.5. For more details on this, see my article entitled “The Law of Outlaws: Rules and Jurisdiction When Establishing an Out-of-State Practice Under Rule 5.5(d)(2)”: https://www.aila.org/practice/ethics/mjp/rules-jurisdiction-establishing-out-of-state-pract
Physical Files: Avoid allowing employees to bring physical files home unless it is absolutely necessary. If there is no other choice, give detailed written instructions on how files are to be secured at home. Use a tracking system so that you remain aware at all times of the physical location of the file.
Communicate with Family: Lawyers should make every effort to maintain confidentiality of communications with clients and others. Lawyers and firm staff should remind family members and roommates on a regular basis to keep all information they might inadvertently see or hear completely confidential.
Buy Cyber Insurance: There are reports that cybercrime has increased significantly during this crisis. Responding to a data breach or similar event can be extremely stressful, expensive and time consuming. Your cyber insurance carrier may have helpful suggestions on securing your firm’s network. Cyber insurance policies vary greatly on what services they provide. If you don’t have one in mind, consult your state bar association for guidance on selecting one.
Consult an IT Professional: Before implementing any of the ideas listed here (and for additional guidance), consult your IT professional. This area is continually changing, and these suggestions should be considered ideas for further investigation.
Lawyer Assistance Programs: If all of this becomes overwhelming, and you are having trouble coping (physically, mentally, or emotionally), call your local Lawyer Assistance Program (LAP). Make sure immediately family or close friends have this number in case they need to call it on your behalf during an emergency. See the ABA’s list of programs to find one near you: https://www.americanbar.org/groups/lawyer_assistance/resources/lap_programs_by_state/
Learn as You Go: This crisis began as an emergency. Accordingly, lawyers’ actions must be viewed in that context. However, as the crisis continues and we all settle into our new routines, the emergency status diminishes. That is to say that through time, lawyers will be expected to continually improve their practice management and ethics practices. Firm policies, procedures and playbooks need to be updated to reflect the new (temporary) normal.