Legal Firms in the New Normal: How to Return Users and Equipment Safely to the Office

With businesses throughout the UK beginning their return to a ‘new normal’ way of working, what considerations should your legal firm be making to ensure your people remain productive whilst keeping data safe and secure at all times?

Following several turbulent months that have seen a mass migration to remote working for a huge number of businesses across the UK, we are beginning to come to terms with what a ‘new normal’ way of working will look like. With the general consensus being that many desk-based workers will adopt a hybrid working model in which they split their time between their homes and their offices, businesses are taking their first steps towards reintroducing their people to the office environment. Cyber security and data protection should be primary considerations for all organisations throughout this process, not least legal firms that handle large quantities of highly confidential, commercially sensitive data.

How is your legal firm managing its return to the ‘new normal’? In this blog we will provide best practice advice on how to bring your users and equipment back from the wild in a manner that minimises risk and maximises productivity.

Reviewing User Accounts

As users begin to return to the office, you have an opportunity to review their user accounts. Healthy user account admin is essential to your legal firm, not only for productivity – giving users access to the tools they need, when they need them – but also for cyber security and data protection, as former staff and disgruntled employees have the potential to wreak havoc if they have access to systems and data they shouldn’t. There are four key areas you should address when reviewing user accounts:

  • Suspended accounts. Review your suspended accounts, and decide on whether or not you still require them. If furloughed users’ accounts have been suspended, when will the users be returning? Plan for users’ returns – there’s nothing worse than getting back to the office only to find your login has been suspended and you are unable to work.
  • Elevated privileges. With a distributed user base and less IT staff to service support requests, certain users may have been given elevated privileges so they can remain productive. Remember that malware detonates in the context of the user – if any of your users have elevated access such as local admin to install software, the risk and potential impact of a cyber-attack increases. Review elevated privileges, and remove them if they are no longer necessary.
  • Account aging. Some users may not have logged in to their accounts for several months. Account aging suspends inactive accounts, rendering them unusable. Make sure to review before users come back to work.
  • Atypical login activity. As IT support staff start to come back to work, there may be an opportunity to review logs for atypical login activity – for example logging in from other countries, multiple logins from different locations, or logins from unexpected devices. If you have an Azure tenancy, Azure Active Directory Identity Protection will enable you to identify high risk users and secure their access as appropriate.

Keeping it Clean

It is much harder to control how your staff use their devices when they are away from the corporate environment. If your users and their devices have been away from the office for some time, what have they been using their laptops and equipment for? Non-work uses such as teaching children and streaming may be innocent enough, but they have the potential to introduce security vulnerabilities that become damaging when the equipment is reintroduced to the corporate environment. Consider these three areas when returning user equipment to the office:

  • Patching reviews. It goes without saying, but you should always stay up-to-date with latest patching versions. In order to do this, review your patching policy to ensure it is fit for purpose. You should also look for devices that haven’t been connected for some time – including those in your office. If they haven’t connected to the VPN for an extended period, they may have outdated patching levels that should be addressed as a priority.
  • Car wash and compliance standards. You should always review devices before they are allowed back into the office. Have a separated or segmented section of your network to connect and run a ‘car wash’ system scan on all devices and update them before they reconnect to the corporate network. You should also establish your minimum compliance standards to expedite the process. At a minimum we suggest all devices should have critical security patches for operating systems and apps, and an antivirus signature that is less than one week old.
  • Device software audit. What software has been downloaded to a device whilst it’s been out in the wild, especially by users who have been given extended user privileges such as local admin rights? Make sure to not just check user privileges, but also audit software and remove unwanted, potentially vulnerable software from devices.

Legal Firms in the New Normal

This is a challenging time for all businesses. Legal firms face a unique set of considerations as they return to the ‘new normal’, given the complexity of their operations and the highly confidential nature of the data they manage. By reviewing user accounts and carrying out a ‘car wash’ on returning user equipment in alignment with defined compliance standards, you will take important steps towards developing a hybrid working model that ensures your people remain productive whilst keeping data safe and secure at all times.

For support and guidance on how your legal firm should be approaching its return to the ‘new normal’ in a secure manner that minimises risk and maximises productivity, check out our legal services and arrange a consultation with one of our experts.

You can also register to attend our webinar ‘Return To The Office Safely: Ransomware Threat Update for Law Firms and Accountants’, in which we will review the threat landscape for legal firms.

Related posts

CNS Cyber Intelligence Report: Threats Related to Ransomware 19/06/20

CNS Cyber Intelligence Report: Threats Related to Ransomware 19/06/20

This Cyber Intelligence Report provides details of the increased organisational

Working Better Together: How to Maximise Your Microsoft Teams Adoption

Working Better Together: How to Maximise Your Microsoft Teams Adoption

Microsoft Teams is revolutionising the way organisations work together. These

Phishing Trends: Adapting to Keep Cybercriminals at Bay

Phishing Trends: Adapting to Keep Cybercriminals at Bay

Cybercriminals are evolving their attack techniques in order to exploit