By Gina Eliadis, director of marketing & business development at Goodell DeVries
We've spent a good chunk of this year working remotely to limit the spread of coronavirus. Even if you've managed to keep the kids, partner and pets out of your home office, there are still other parties keen to eavesdrop on your day-to-day operations. To keep our marketing and business development efforts moving forward during these strange times, many of us have turned to platforms and devices at home that we wouldn't normally use in the office. The increased dependence on our home networks and equipment, along with the rush toward free platforms, has uncovered new or little known pitfalls in data security and privacy, including issues that may be particularly problematic for law firms.
April was both a good and bad month for the video conferencing platform, Zoom. Its user base (at least for the basic free plan) grew by millions. But its security flaws surfaced quickly and regularly. In early April, we learned that 2,300 sets of Zoom login credentials had been stolen and shared among cybercriminals. We also learned that hackers put up for sale two critical vulnerabilities that would allow someone to hack and spy on users. Recorded Zoom meetings also created risk. Those videos were discovered to reside on the open web without password protection. This is by no means an exhaustive list. But Zoom reports it has been working to correct issues and close vulnerabilities as they are brought to light. At the time this article is published, there will likely have been additional reported issues and additional fixes.
It's not hard to imagine how these security and privacy flaws may create chaos for individual users and businesses. But for law firms especially, there is a particularly critical casualty: attorney-client communications. Client meetings conducted via Zoom, if recorded for any reason, may have been stored in that pool of unsecured videos on the open web. Likewise, hackers would have been able to listen in and/or steal personal data during live meetings.
Another threat to client communications is in your living room or your pocket: voice assistants, like Alexa, Google Assistant or Siri. A series of reports over the last year has revealed that human reviewers at Amazon, Google and Apple were listening to and transcribing snippets of speech captured by these devices, ostensibly to improve voice recognition capabilities. In an especially egregious incident, a worker at Google reportedly leaked 1,000 of these recordings.
The implication for client confidentiality is clear. With so many of us conducting firm business at home, there is even more conversation for these devices to capture, particularly when we're on a conference or video call within range of our Alexa. Our lawyers may have already seen the warnings, as reported here, but as marketing and business development professionals who also discuss client details, we should likewise exercise caution. For tips on protecting your privacy from voice assistants, see this guidance from the Federal Trade Commission.
Law firm marketing teams have been scrambling to publish client alerts and adapt our business development efforts to the COVID-19 area. For most of us, it's difficult, if not impossible, to stay current on data security and privacy issues. If you're part of a firm with a robust information technology department, leverage that resource by watching for important updates from your technology team. If you're unsure as to how secure your devices may be or what vulnerabilities may befall a particular platform, talk with your IT professionals.
It's also good practice for marketing professionals, in these times as well as any time, to add technology news to your news feed. Even after we return to the office, chances are that we will continue to work remotely more frequently than we did pre-pandemic. As we've seen this past year, a surge in usage of various platforms and technologies that are ideal for easy use anywhere can be a bonanza for cybercriminals. It's critical that we monitor for "big" technology stories so that potential issues are at least on our radar, even if the details are better left to IT professionals.