Facing the cybersecurity challenges of a remote legal workforce

Legal experts talk about strategies they developed during the pandemic at their organizations

Facing the cybersecurity challenges of a remote legal workforce

In this video, Canadian Lawyer speaks with three legal experts – Monica Goyal, lawyer and director of legal innovation at Caravel Law; Christina Porretta, general counsel of BDO Canada; and Eric Lavallée, partner trademark agent and head of Lavery Legal Laboratory on Artificial Intelligence – their organizations’ experiences in fighting the cybersecurity risks that have occurred during the pandemic.

Porretta says that BDO Canada, which has more than 4,000 employees and partners, has focused on security “because of the greater exposure to cyber risk, a spike in phishing and spoofing scams disguised as email from leadership, requesting a wire transfer, a phony website or security alert asking for login credentials”. The solution was to improve threat awareness through training. A vendor governance process was also introduced to improve risk assessments on the security safeguards for other parties when sharing data with vendor service providers.

For Goyal’s team at Caravel Law, remote work started even before the COVID-19 outbreak, but was heightened when hacking and cybersecurity issues occurred during the pandemic. Part of the solution was to outsource some of the organization’s cybersecurity requirements to Techify, a third-party service provider. The law firm, which consists of more than 60 lawyers across Canada, focused on providing virtual in-house services and deploying cloud-based technologies such as a password security application, to ensure a seamless transition. 

For Lavallée’s organization, Lavery Legal Laboratory on Artificial Intelligence, the cybersecurity concerns included not having enough notebook computers to distribute to the employees, which required them to use their own computers temporarily. The team’s priority was to protect the computers in accordance with internal cybersecurity policies, for example, in using antivirus software. When new computers became available to all, employees were trained in how to use the equipment and software, and how to deal with risks. He says the open-source community has provided advice on enhancing the cybersecurity of his team’s work set-up.

The lesson she has learned from adapting to the pandemic, says Porretta, is that it’s possible to work from anywhere and live a well-rounded life instead of always being in an office. “Now it's tried, tested and true that we can all be extremely productive from home or people [can take] a month and [go] to their cottage and [work] from there. And I think it’s fantastic,” she explains. 

For Lavallée, “having gone through all these cybersecurity measures ourselves, having deployed new tools internally, we are now much more aware of the challenges. And we’re better lawyers in helping our clients deploy tool-making agreements for firms that provide services because we know what we’re talking about. We’ve lived it”.

Goyal appreciates that people are much more receptive to the idea of online collaboration across the world. “[Previously], people were still kind of hesitant about using video technology, for example. But [the pandemic has pushed them] to use technologies and their skills in remote working that are different from working in person.”

Watch the full interview here