The wrong sort of activity on a law firm computer can have a serious negative impact. Even something you think is perfectly innocent can have big consequences.
Your IT team isn’t just making up rules to give you a hard time — there really is a risk that downloading a simple game on your work computer can lead to hacker attacks, data breaches, and other big problems.
And it’s not just your desktop computer that’s at risk. Whenever you use your smartphone, tablet, or another internet-connected device, you should follow security best practices.
With that in mind, here are 8 things you should never do on your dedicated law firm devices.
#1. Online shopping
Your spouse’s birthday is coming up, and you almost forgot. All you want to do is find them a thoughtful gift. It’s no big deal to shop at your desk, right?
Hold on.
While most shopping websites are secure, there has been a sharp rise in the number of scam shopping sites that are designed to lure you with seemingly great deals. You think you’re getting a deep discount, but what you’re really getting is hacked.
There’s also some risk involved when you input your financial information while using a shared wifi signal. Others who can access that network might be able to see your personal data.
Plus, your law firm might have a policy against using your work computer for personal things. If that’s the case, you can get yourself in trouble by visiting websites that are clearly not related to your case work.
The risk of catastrophic failure is small, but still real.
It’s always a best practice to do your personal shopping on your personal devices.
#2. Store personal files
Your family photos, receipts, and other personal documents don’t belong on a dedicated work device. It’s a much better idea to keep your personal files on a personal computer or, better, in your own cloud storage.
As with credit card information or other personal data, others in the firm with access to your work device will also have access to any files you store on it. What happens if IT comes to fix a problem for you and notices that you’ve been updating your resume? It’s not a good look.
There’s always a chance that your employment will unexpectedly end and the law firm will take back their computer. When that happens, they generally retrieve any important case files and then reset the device, wiping all of its memory to start fresh for the next person who uses it. Anything you were storing on that hard drive will be lost.
Furthermore, if the computer becomes infected with malware, the firm’s security tools could clear out any files you have stored.
#3. Save personal passwords
Speaking of personal things to which you don’t want to lose access, what about all your passwords?
Remembering all your different usernames and passwords is tough, which is why most web browsers offer a password management system. Those are convenient and help with security — but there’s a problem.
When you use your work computer, you’re logged in with your professional credentials. If you lose a password and need to recover it, you’ll need access to your work email to get in.
If your employment ends, you won’t have access to your saved passwords or your recovery email. You’ll have to go through extra steps to get into your accounts, and there may be some that can’t be recovered.
There are two possible solutions to this.
The first, and most obvious, is to access your personal accounts through your personal computer so that all of your credentials are saved where you can reach them. This also protects your personal information in the event of a data breach at work.
However, there’s another solution, too. By using a third party password vault like LastPass or OnePassword, you can store all of your personal usernames and passwords in a secure system where you know you’ll be able to get to them later from another device.
It’s a good idea to use one of these password managers for your professional credentials, too — just keep your personal and professional accounts separate.
#4. Turn off apps installed by the firm
When you get a computer from your law firm, they’ve already installed some applications on it. These might be VPNs, firewalls, antivirus software, or legal tech tools you need to do your job effectively.
Some law firms may also install software to track how a device is used. Employee-monitoring software grew in popularity during the pandemic, and while its use is subject to some controversy, there are plenty of law firm leaders who use it to watch for the types of activities mentioned in this article.
Unless you have express permission from IT, don’t remove any of these apps.
It might seem like one of these programs is slowing down your machine or just sitting there not doing anything, but many security apps run in the background. If you don’t recognize something on your computer, ask IT, but don’t just delete it yourself.
#5. Download sketchy files
You might have to download files for work, and that’s generally fine. It’s okay to download documents or software if you know the source and you’ve checked for red flags first.
However, every download carries a little risk.
Some things are higher risk than others. Computer games, for example, are a popular tool for hackers. Free game downloads may come with spyware or other malware that can compromise your computer system.
Since you’re a legal professional, this should go without saying, but we’ll remind you anyway: never download pirated files on your work (or your personal) devices.
Anything that offers to send you something for free that you’d normally have to buy — books, movies, studies, etc. — is very likely to deliver malware along with the file you think you’re getting.
Some of these pieces of malware are really nasty. They can shut down entire networks of computers, steal sensitive data, and might exist on your system for many months before you even realize there’s a problem. Be diligent and only download what you really need for work.
#6. Stream or download videos
What’s the harm in watching your favorite Netflix shows at work?
That depends on a few things.
First, is your law firm okay with it? Your manager might be worried about the distraction, and rightfully so. Clerical errors are the top cause of eFiling rejections, and almost half (40%) of legal malpractice claims come from administrative errors.
The other big problem is network speeds. Streaming media or downloading big video files takes up a lot of bandwidth, and on a shared network such as an office, that can slow down work for everyone who’s connected.
If you’re working from home, you’re not breaking any firm rules, and you’re not working on anything that requires your full attention, then streaming in the background might be okay.
#7. Unsecurely connect to public wifi
One of the nice things about remote work is that you can change your environment. Feeling a little too isolated or distracted at your home office? Head out to a coworking space or set up at your local coffee shop for a bit.
But be wary of public wifi networks.
On a public wifi network, there’s a small possibility that someone else on the same network could gain access to the files on your computer.
While most public wifi networks now use encryption to prevent these kinds of hacks, you don’t know for sure that your favorite coffee shop is using a secure connection. It’s not a big risk, but it’s also a risk that’s easy to avoid.
The best solution here is to use a virtual private network (VPN) whenever you connect to public wifi. You may even want to encourage your law firm’s efforts here — implementation of VPNs is simple, and even the smallest firm can benefit from the security impacts of these private networks.
#8. Forget that the firm can monitor activity on a work device
If your work device has monitoring software installed, your employer isn’t obligated to tell you about it.
This type of software has many possible capabilities — recording the apps used and websites visited, taking regular screenshots, logging keystrokes, and more. If you’ve been given a work device and the law firm told you to only use it for work, it’s a good idea to just assume that there’s a monitoring tool installed.
If your computer activity is being tracked, that means that this list of things to avoid is only a starting point.
Security is still the first concern, but now, you must also remain cognizant of what you do not want your employer to see.
In other words, don’t search for your next job or work on a side hustle from your law firm provided computer. Keep your internet history squeaky clean, and make sure you know the rules about using your work computer for any kind of personal tasks.
Also, don’t try to turn off or remove the software.
The firm has the right to install surveillance software on devices that they own, and you will only raise concerns over your own honesty by trying to turn it off. If you strongly object to monitoring, have a conversation with firm leadership about it.
Keep in mind that your employer can only install monitoring software without your knowledge on their devices.
If you work from a computer that you own, they need your consent to install a monitoring program, and it should only be active during working hours.
The key – keep professional and personal work separate
The bottom line is that non-work activities should be relegated to non-work devices.
That also means that if you have dedicated professional devices, you should do your work on those devices only. For instance, if you have a work laptop, take it home to catch up on research — don’t log in from your personal computer.
What if you work from a personal device?
If you freelance or work for a small firm, there’s a good chance that you don’t have a dedicated law firm computer or phone. You can still keep a safe distance between work and recreation, though.
Start with your file storage. Your law firm should share a cloud-based drive where all documents are stored. Use this exclusively and don’t store work files on your personal computer.
Then, consider how you spend your workday. It’s fine to listen to some music or answer a text message while you work, but keep working hours primarily focused on work. Then, when you’re done with work, unplug completely and resist the temptation to check messages or clean up your email inbox.
After all, unplugging isn’t just good for cybersecurity. It’s also necessary for your mental health.
