Lawyer Portal Careers Contact Us

Law Society of Alberta

  • Who We Are
    • Indigenous Land Acknowledgements

      Indigenous land acknowledgements to recognize the traditional territories that the Law Society of Alberta serves.
      • About Us
      • Executive Leadership Team
      • Board & Committees
        • Board Directory
        • Board Meetings
        • Committees and Task Forces
        • Other Bodies
      • Key Initiatives
        • Indigenous Initiatives
        • COVID-19 Updates
      • Engagement with Public and Profession
      • Affiliations
      • Annual & Financial Reports
      • Strategic Plan
      • Awards & Scholarships
        • Distinguished Service Awards
        • Recognition of Service
        • Scholarships
      • Frequently Asked Questions
  • For the Public
    • Complaints

      Find out more about the types of complaints the Law Society can or cannot help you with and how to file a complaint.
      • Find a Lawyer
      • Complaints
      • Finding Files & Wills
      • Public Resources
      • Financial Claims
      • Notices
      • Careers
  • Lawyers & Students
    • Become a Lawyer in Alberta

      Find information on how to apply to be a lawyer in Alberta whether you are internationally trained, a law student or a lawyer from another Canadian jurisdiction.
      • Become a Lawyer
      • Membership Services
      • Forms & Certificates
      • Making A Payment
      • Trust Accounting & Safety
        • Responsible Lawyers
        • Filing Requirements
        • Anti-Money Laundering Model Rules
      • Professional Development
      • Fraud & Loss Prevention
      • Practice Advisors
      • Practice Management Consultations
      • Approved Legal Services Providers
      • Complaints
      • Equity Ombudsperson
      • Alberta Lawyers Indemnity Association
        • Report a Claim
        • Group Policy
        • ALIAlerts
        • ALIAdvisories
  • Resource Centre
    • Newest resource:

      Understanding and Avoiding Law Society Complaints
      • Learning Centre
      • Student Resources
      • Public Resources
      • Disaster Planning and Recovery
      • Upcoming Events
      • Media Room
      • eBulletins
      • Latest News
      • Lawyer Programs
        • Mentor Connect
        • Mentor Express
        • AdvisorLink
        • Locum Connect
        • Practice Management Consultations
        • SoloNet
        • Assist
      • Key Resources
        • Client Relationships
        • Communication & Research
        • Equity & Diversity
        • Ethics & Professionalism
        • Practice Management
        • Substantive Legal Knowledge
        • Trust Accounting & Safety
        • Wellness
        • Webinars
  • Regulation
    • Act, Code & Rules

      The Law Society of Alberta derives its authority from the Legal Profession Act and sets out standards through its Rules and Code of Conduct.
      • Act, Code & Rules
      • Hearings
        • Schedule
        • Decisions & Outcomes
        • Complaint Dismissal Appeals
        • Adjudicator Directory
        • Tribunal Office
      • Notices
        • Custodianship
        • Disbarment
        • Reinstatement
        • Resignation
        • Suspension
      • Unauthorized Practice of Law
  • Find a Lawyer
Resource Centre
  • Learning Centre
  • Lawyer Programs
    • Mentor Connect
      • Mentor Moments
    • Mentor Express
    • AdvisorLink
      • AdvisorLink Online Request
    • Locum Connect
      • Locum Listing
      • Locum Opportunity Listing
    • SoloNet
  • Key Resources
    • Client Relationship Management
    • Communication, Analytical & Research Skills
    • Ethics & Professionalism
    • Equity & Diversity
    • Practice Management
      • Leaving the Practice of Law
      • Returning to Practice
    • Substantive Legal Knowledge
    • Trust Accounting & Safety
    • Wellness
    • Webinars
      • Approved Legal Services Provider Webinar
      • Respectful Workplace Model Policy Webinar
  • Disaster Planning and Recovery
  • Student Resources
  • Public Resources
  • Upcoming Events
  • Media Room
  • eBulletins
  • Latest from the Law Society
  • Home
  • Resource Centre
  • Key Resources
  • Practice Management
  • Protecting Client Confidentiality and Data Security While Working Remotely
Protecting Client Confidentiality and Data Security While Working Remotely

With COVID-19 creating unprecedented health risks around the globe, criminals are taking advantage of the disruption to phish, hack, steal and ransom their way into computer networks.

As staff and lawyers perform their jobs outside the office, with limited access to IT support, criminals have increased opportunities to disrupt a firm or organization’s operations.

In response to these risks, the Law Society is helping lawyers to:

  • Prevent fraud and scams that could jeopardize clients’ interests;
  • Recognize the security implications of working remotely;
  • Implement measures to mitigate against potential security breaches; and
  • Use legal technology to deliver legal services safely and securely.
Top Ten Tips

These are our top ten tips to protect client confidentiality and data security while working remotely:

  1. Use separate computers, email and online accounts for personal and work activities, if possible.
  2. Encrypt all devices and use strong passwords. No exceptions.
  3. Use two-factor authentication wherever possible.
  4. Be especially vigilant against phishing attacks. Cyber-criminals are actively looking for ways to access your computer and steal firm or client information.
  5. Always lock your computer screen when not working.
  6. Have a Plan B in case your Internet service goes down or you encounter technical problems.
  7. Backup your work often. Regularly test your ability to restore backup copies to ensure the system is working properly.
  8. Ensure that all devices have the latest operating systems and software updates.
  9. Never use public Wi-Fi for confidential client matters.
  10. Deactivate smart speakers when working from home.

In this time of uncertainty, there are many things to keep in mind, to keep your data safe from fraudsters and to protect the integrity of your clients’ information. For more suggestions and helpful tips, keep reading.

Preventing Fraud and Scams

Fraudsters are a creative group. They may target you, your staff and your clients to deceive you with:

  • Fake government programs, tax rebates or demands for payment of supposed back-taxes, to elicit your banking information.
  • Fake safety and COVID-19 alerts, with attachments that log your keystrokes to learn your passwords.
  • Fake charitable requests asking for donations.

Beware of these and other phishing attacks that could be targeting your firm. Fraudsters will go to extreme lengths to disguise their emails so you think they are coming from clients, opposing counsel or even a member of your own firm. Keep in mind, if there is value in the information being sought, and you are being directed to ignore normal procedures and take immediate action, you should exercise caution before taking any action.

If you receive any of these communications from an unsolicited source, proceed with extreme caution. Never open attachments or links, and never provide banking or other confidential information, unless you are certain about the source.

When in doubt, contact the sender using a different means of communication to confirm that the message is authentic. Do so before wiring money to a new bank account or sending funds by a different method than previously instructed. Never respond using the email address or phone number contained in the original message since you could simply be replying to the fraudster.

For more suggestions, see the Computer/Network Security Checklist and Top 10 Ways to Secure Your Online World on our website.

Working From Home

Every lawyer working remotely should take measures to minimize the chances of a security breach, including:

  • Use a secure Wi-Fi network at home. A firewall and password will prevent strangers from accessing your system.
  • Avoid sending or receiving confidential information on any public Wi-Fi network. Hackers are adept at making illegitimate public networks appear secure to learn your password or gain control of your device.
  • Use a password manager program like 1Password, LastPass or Dashlane to improve the quality of your passwords and help you to remember them.
  • Visit How Secure Is My Password? to learn how secure your password might be and how long it would take to be hacked.
  • Set your computer to automatically go to sleep if left unattended.
  • Use separate personal and work accounts for email, banking and social media. Remind employees to restrict their office email account to business-related matters.
  • Ensure that paper records stored at home cannot be accessed by others. Use a locked room or filing cabinet if available.
  • Work in a private area, especially if you plan to do a lot of video conferencing.
  • Encrypt your mobile devices as well as your hard drives. MacOS (Disk Utility and File Vault) and Windows (Bitlocker) come with free built-in encryption software.
  • Turn on the settings for mobile devices (iOS, Android) that let you erase them remotely if you lose them.
  • Use two-factor authentication wherever possible (iOS, Android). Two-factor authentication is an extra layer of security that you can turn on to make it harder for attackers to gain access to your devices or online accounts. This alone will significantly reduce the chances of being hacked.
  • Use Virtual Private Networks (VPNs) or other secure systems to access to your office computers from home. Your IT department or consultant can help you do this.
  • Limit the access that users have to different parts of your computer network and types of information (accounting, HR, client files, etc.). Avoid giving them unlimited ‘administrator’ status unless they need access throughout your system or need to install software.
  • If possible, use a work-issued laptop. The security measures you take for granted at the office may not exist on your home computer.
  • Keep all systems and programs current. Download security updates when they become available to close loopholes that would otherwise leave you exposed. Install anti-virus software on all devices.
  • Backup client files and accounting records regularly to an offsite location. To make sure it is working, test the system regularly by trying to recover a document from the backup.
  • Develop an ‘offline’ way to contact employees in case your computer system is compromised and unworkable. Exchange landline and cell numbers with each other. Create a group account for key personnel on a secure texting app.
  • Do not discuss sensitive information near smart speakers (Amazon Echo, Google Nest, etc.). Better yet, turn them off when working from home. Hackers can use smart speakers to access your private conversations and meetings.

While staff work remotely, your firm may already be using a cloud-based service provider, or you may be considering a full transition to cloud computing at this time. Please see The Basics of Cloud Computing for a discussion on the benefits and risks of cloud computing, and links to other resources.

Video Conferencing

When the pandemic forced lawyers to practise from home, there was a rush to use video conferencing to keep files moving and maintain contact with staff and clients.

The technology is easy to use and inexpensive, but, like any technology, it needs to be used correctly to preserve confidentiality. Some tips for this include:

  • Never reuse passwords or login information from previous video calls, and never post them online where cyber-criminals can use them to disrupt or eavesdrop on your calls.
  • Familiarize yourself with video settings that control guest access and usage. Most video conferencing software lets you direct guests to a holding area until you let them into the main conversation. You can prevent participants from recording the conversation and from sharing their screens without permission. Check your settings to ensure all these features are turned on.
  • Take a moment to confirm who is there and that you have the correct participants at the start of every video call. Pay particular attention to anyone whose webcam is turned off, making it harder to confirm their identity.
  • Quit the conversation immediately if an uninvited guest joins your video call. Reconnect with the intended participants on a new call with new login credentials.
  • Consider the impact if a video conference is hacked. The more sensitive the topic of conversation and the information being exchanged, the more caution is required.
Review Your Records and Systems

Another secret to protecting yourself against security breaches is to develop simple routines that everyone knows and can follow. Examples of these routines are:

  • Assign a specific person to be responsible for overseeing your firm’s computer security system. If possible, have them examine all devices to be sure they are safe.
  • Train staff about who to contact and what to do if they encounter suspicious email.
  • Develop clear reporting lines for handling money and require dual signatures for all bank withdrawals. Limit who has access to online bank accounts.
  • Regularly review banking and financial information. For example, when and how you review monthly bank reconciliations if prepared by someone else.
  • Record your decisions and your reasons for them.
Train Your Staff

Before you are confronted with an emergency situation, train your staff on how to prevent and properly respond to a cyber-attack. Help them to:

  • Create and use secure passwords.
  • Recognize scams.
  • Develop safe email practices, including not opening links or attachments from unfamiliar sources.
  • Securely store and dispose of confidential paper and electronic records.
  • Understand the risks of discussing confidential matters outside the office where they may be overheard.
  • Become familiar with your emergency response plan.
Develop a Contingency Plan

If you and your colleagues are working remotely, consider how your firm will function if you lose access to your computers or networks.

This may happen because your computers are frozen by ransomware, your passwords have been hacked or your office is physically compromised by a fire or flooding.

Have a plan for what you will do in the event of a cyber-attack. Include:

  • Reporting instructions in the event of a possible breach.
  • Instructions for staff on what to do, and not to do, until someone in authority gives the ‘all clear’ signal.

See Disaster Planning and Recovery for more things you can do to prepare for a disaster.

Has Your Email Address Been Compromised?

Check whether your email address has already been compromised by visiting the Have I Been Pwned? website.

Simply type in your email address and the site will tell you whether and which breaches have affected you. If you discover you have been the subject of a breach, immediately change your password.

If You Think You Have Fallen Victim to a Scam

If you fall victim to a scam, stop the bleeding by terminating access rights and securing documents. Then immediately contact:

  • Your IT provider for directions about what to do next.
  • Your bank so they can freeze your account and prevent unauthorized withdrawals.
  • The Law Society of Alberta’s Trust Safety department for guidance and assistance with your trust account.
  • Your insurance broker to determine what you need to preserve or access any cyber insurance coverage you have available.

If you have any questions, feel free to contact the Law Society’s Practice Management Department or the Practice Advisors Office at any time.

.

Written by: Len Polsky, Manager, Practice Management

Printed from https://www.lawsociety.ab.ca on February 27, 2021 at 12:10:18 PM
Law Society of Alberta ©2021 Law Society of Alberta.
  • Latest
  • Contact Us
  • Privacy
  • Sitemap
  • Careers
©2021 Law Society of Alberta.
  • Who We Are
    • Back
    • About Us
    • Executive Leadership Team
    • Board & Committees
      • Back
      • Board Directory
      • Board Meetings
      • Committees and Task Forces
      • Other Bodies
    • Key Initiatives
      • Back
      • Indigenous Initiatives
      • COVID-19 Updates
    • Engagement with Public and Profession
    • Affiliations
    • Annual & Financial Reports
    • Strategic Plan
    • Awards & Scholarships
      • Back
      • Distinguished Service Awards
      • Recognition of Service
      • Scholarships
    • Frequently Asked Questions
  • For the Public
    • Back
    • Find a Lawyer
    • Complaints
    • Finding Files & Wills
    • Public Resources
    • Financial Claims
    • Notices
    • Careers
  • Lawyers & Students
    • Back
    • Become a Lawyer
    • Membership Services
    • Forms & Certificates
    • Making A Payment
    • Trust Accounting & Safety
      • Back
      • Responsible Lawyers
      • Filing Requirements
      • Anti-Money Laundering Model Rules
    • Professional Development
    • Fraud & Loss Prevention
    • Practice Advisors
    • Practice Management Consultations
    • Approved Legal Services Providers
    • Complaints
    • Equity Ombudsperson
    • Alberta Lawyers Indemnity Association
      • Back
      • Report a Claim
      • Group Policy
      • ALIAlerts
      • ALIAdvisories
  • Resource Centre
    • Back
    • Learning Centre
    • Student Resources
    • Public Resources
    • Disaster Planning and Recovery
    • Upcoming Events
    • Media Room
    • eBulletins
    • Latest News
    • Lawyer Programs
      • Back
      • Mentor Connect
      • Mentor Express
      • AdvisorLink
      • Locum Connect
      • Practice Management Consultations
      • SoloNet
      • Assist
    • Key Resources
      • Back
      • Client Relationships
      • Communication & Research
      • Equity & Diversity
      • Ethics & Professionalism
      • Practice Management
      • Substantive Legal Knowledge
      • Trust Accounting & Safety
      • Wellness
      • Webinars
  • Regulation
    • Back
    • Act, Code & Rules
    • Hearings
      • Back
      • Schedule
      • Decisions & Outcomes
      • Complaint Dismissal Appeals
      • Adjudicator Directory
      • Tribunal Office
    • Notices
      • Back
      • Custodianship
      • Disbarment
      • Reinstatement
      • Resignation
      • Suspension
    • Unauthorized Practice of Law
  • Find a Lawyer
  • Lawyer Portal
  • Contact

Email: AdvisorLink

Fill in the form below to get in touch with AdvisorLink
  • 1. AdvisorLink (operated by the Office of the Practice Advisors) and the Advisors accept no liability whatsoever arising from assistance given to lawyers or to any persons claiming through or under them.
    2. Lawyers are obligated to independently verify statements of law, procedure or fact made to them by the Advisor, before relying on them.
    3. AdvisorLink must not be used as a substitute for the lawyers’ own thorough research and analysis or for the lawyers’ own professional judgment.

Email: Accounting

Fill in the form below to get in touch with Accounting
  • Drop files here or
      Text, PDF, MSOffice, and Images only. Max size 20 MB.

    Email: Customer Service

    Fill in the form below to get in touch.
    • Drop files here or
        Text, PDF, MSOffice, and Images only. Max size 20 MB.

      Email: General Feedback

      Fill in the form below to get in touch with General Feedback
      • Drop files here or
          Text, PDF, MSOffice, and Images only. Max size 20 MB.

        Email: Communications and Media Relations

        Fill in the form below to get in touch with Communications and Media Relations.
        • Drop files here or
            Text, PDF, MSOffice, and Images only. Max size 20 MB.

          Email: Indigenous Initiatives Liaison

          Fill in the form below to get in touch with Andrea Menard
          • Drop files here or
              Text, PDF, MSOffice, and Images only. Max size 20 MB.

            Email: Membership Services

            Fill in the form below to get in touch with Membership Services
            • Drop files here or
                Text, PDF, MSOffice, and Images only. Max size 20 MB.

              Email: Manager, Membership Services

              Fill in the form below to get in touch with Tina McKay
              • Drop files here or
                  Text, PDF, MSOffice, and Images only. Max size 20 MB.

                Email: Elizabeth Aspinall

                Fill in the form below to get in touch with Elizabeth Aspinall
                • Drop files here or
                    Text, PDF, MSOffice, and Images only. Max size 20 MB.

                  Email: Jesse Mackenzie

                  Fill in the form below to get in touch with Jesse Mackenzie
                  • Drop files here or
                      Text, PDF, MSOffice, and Images only. Max size 20 MB.

                    Email: Allan Guty

                    Fill in the form below to get in touch with Allan Guty
                    • Drop files here or
                        Text, PDF, MSOffice, and Images only. Max size 20 MB.

                      Email: SoloNet

                      Fill in the form below to get in touch with SoloNet
                      • Drop files here or
                          Text, PDF, MSOffice, and Images only. Max size 20 MB.

                        Email: Practice Management

                        • Drop files here or
                            Text, PDF, MSOffice, and Images only. Max size 20 MB.

                          Email: Nancy Bains

                          Fill in the form below to get in touch with Nancy Bains
                          • Drop files here or
                              Text, PDF, MSOffice, and Images only. Max size 20 MB.

                            Email: Inform Trust Safety

                            Fill in the form below to get in touch with Inform Trust Safety
                            • Drop files here or
                                Text, PDF, MSOffice, and Images only. Max size 20 MB.

                              Email: Trust Safety

                              Fill in the form below to get in touch with Trust Safety
                              • Drop files here or
                                  Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                Email: Information Management

                                Fill in the form below to get in touch with Information Management
                                • Drop files here or
                                    Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                  Email: Election

                                  Fill in the form below to get in touch with Election
                                  • Drop files here or
                                      Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                    Email: Justicia Project

                                    Fill in the form below to get in touch with Justicia Project
                                    • Drop files here or
                                        Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                      Email: Locum Connect

                                      Fill in the form below to get in touch with Locum Connect
                                      • Drop files here or
                                          Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                        Email: Mentor Connect

                                        Fill in the form below to get in touch with Mentor Connect
                                        • Drop files here or
                                            Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                          Email: Mentor Express

                                          Fill in the form below to get in touch with Mentor Express
                                          • Drop files here or
                                              Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                            Email: Indigenous Law Student Summer Employment Program

                                            Fill in the form below to get in touch with Indigenous Law Student Summer Employment Program
                                            • Drop files here or
                                                Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                              Email: ALIA

                                              Fill in the form below to get in touch with ALIA
                                              • Drop files here or
                                                  Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                                Email: ALIAlert fraud alerts

                                                Fill in the form below to get in touch with ALIAlert fraud alerts
                                                • Drop files here or
                                                    Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                                  Email: Equity Ombudsperson

                                                  Fill in the form below to get in touch with Elizabeth Aspinall
                                                  • Drop files here or
                                                      Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                                    Email: Tribunal Office

                                                    Fill in the form below to get in touch with Tribunal Office
                                                    • Drop files here or
                                                        Text, PDF, MSOffice, and Images only. Max size 20 MB.

                                                      Email: Custodianship

                                                      Fill in the form below to get in touch with Custodianship
                                                      • Drop files here or
                                                          Text, PDF, MSOffice, and Images only. Max size 20 MB.