Ensure that you have up-to-date out-of-office contact details for all your staff, and confirmation about whether they can work from home (for example, do they have broadband and/or a computer at home, and/or a room to work in).
If you have an IT supplier who looks after your computer network or specialist software, then they should be your first port of call for remote access. You should emphasise that you require access to be as secure as possible, to include a robust VPN and/or two-factor authentication for remote users.
Remote desktop – if possible, your IT provider should set your local PC/laptop up as a ‘dumb’ terminal. Effectively, this means that you should have all the protections set up on your office system. Consider remote access (see below) as a more cost-effective alternative.
If you can manage remote working, this should be trialled as soon as possible, for as many staff members as possible. It is proving very difficult to acquire laptops. Therefore, you should enquire of your supplier if they can guarantee delivery of laptops and, if not, whether their proposed solution can be implemented safely and securely using staff’s own devices.
Remote access services – if you do not have an IT supplier who looks after these matters, or your IT supplier does not have capacity to address your needs at this point in time, then you should consider subscribing to one of the secure remote-access services that allow you to control a PC in your office remotely.
Such services include Logmein Pro (www.logmein.com), Gotomypc Pro (get.gotomypc.com), Teamviewer (www.teamviewer.com) and Splashtop (www.splashtop.com). MS Office 365 Online allows you to have Word, Excel and Outlook on your PC/laptop/iPad, synchronised against a personal account.
By using one of these services, you are using an encrypted channel as a link, and then using internal office security.
Practitioners need to be realistic about what can be achieved with technology, given their existing capabilities/skills. They should plan their home offices anticipating restriction on movement, including the bringing of physical files and paperwork home.
Storage – do not create and store client documents locally on your local PC/laptop. Rather, connect to your office PC remotely, and use the office security as outlined above.
Software – there should be little need to use local software on your local PC/laptop.
Fraud/phishing – attempts are unfortunately on the increase, and the committee draws your attention to its publication in relation to not sending bank details by email in the Jan/Feb 2017 Gazette (p28).
Password security (PCs/laptops) – consider installing two-step password protection or password-based authentication, such as a password and a PIN sent to your mobile phone. Your IT supplier may be able to set Microsoft Authenticator as part of your Microsoft package.
Physical security – IT devices and paper files should be held securely in a locked cabinet, in a locked room.
Email – to avoid data breaches, extra security precautions need to be taken in relation to the content of emails. See our page in relation to encryption in this regard. External correspondence with attachments should have ‘highly confidential’ in the subject line.
Online file sharing – online file-sharing services may not be secure enough for sensitive and confidential communications. All large files or data sets should be sent using applications that provide a number of security features, including:
- Link-expiry settings,
- Number of allowed downloads, and
- Password protection.
Local administration access – within firms, users should be required to use IT assistance to install new software on their devices. This is necessary, as it prevents unauthorised or malicious software being installed on computers, and will stop any potential malware from running with administrator rights.
If you are the IT administrator for your practice, you should remind your co-workers of this requirement. Practitioners need to satisfy themselves on their GDPR obligations in the use of all products, in the normal manner. We would caution against the use of apps that haven’t been assessed as ‘GDPR compliant’.
Sharing of IT devices – while we do not recommend sharing IT devices, we understand that the reality is that families may have to share PCs/laptops. Consider installing a remote server sandbox – for example, Splashtop Remote Desktop (www.splashtop.com) or Windows Sandbox.
Telecon and videocon
Keeping in touch with staff/clients – we recommend that, at a minimum, teleconferencing facilities are set up and tested initially with staff. Feedback is that videoconferencing facilities are preferred and can be accessed via smartphones.
Planning and good manners are especially important in online meetings. Service providers known to the committee are Zoom, Blue Jeans, MS Teams, and Google Hangouts. However, the committee is not in a position to endorse specific products.
Practitioners who rely on in-house transcription of dictation will need to ensure that their digital-dictation systems function for remote workers. They should liaise with their digital-dictation software supplier to ascertain if this can be done and, if not, what solutions they recommend.
We are not aware of shortages of hardware for remote transcription. However, if you need to buy additional hardware, such as foot-pedals or headsets, then you should not delay in ordering them. Products known to the committee are Dragon, Winscribe, Speechwite and Bighand.
If dictation cannot be operated on your remote-access system, then you might need to consider a cloud-based dictation system, such as Philips Speechlive (www.speechlive.com) or Olympus Dictation Delivery Service (www.olympus.co.uk).
Other established digital-dictation software companies, such as Winscribe or Bighand, may also have suitable solutions. If you cannot get a supplier to implement a suitable solution, then you may need to look for a stopgap solution.
There are various stand-alone dictation apps that allow you to create and email dictations directly from your phone – for example, the Dictate+Connect app.
On the transcription side, typists can download the stand-alone Express Scribe application (www.nch.com.au/scribe), which will work with most foot-pedals and standard dictation file formats. Obviously, this approach may give rise to security concerns.
Audio files can be dictated in such a way as to be anonymised, with party details and other identifying information omitted (to be filled in later). Audio files can also be enclosed in password-protected zip files using compression software, such as WinZip (www.winzip.com).
Remote transcription/outsourcing dictation – some products allow the encrypted digital dictation to be either allocated to a staff member or outsourced to a third party for typing. You might even consider outsourcing your transcription typing for a period. Companies such as Quill/Documents Direct, TPro.io and Speechwrite provide these types of services.
Website – you should consider putting a note on your website as to how your firm will be functioning during the public-health crisis and how your firm should be contacted.
Email footers/disclaimers can be a useful place to put information as to how your office will operate during the public-health crisis.
Phones – most modern phone systems allow calls to be redirected to another phone number, such as a solicitor’s mobile. You should make enquiries of your phone-system supplier in this regard. VOIP systems provide the most flexibility, but ISDN systems also have significant features. Beyond that, your phone-line supplier may be able to provide the service for you externally.
Again, it may be difficult to get your supplier to do this immediately, as suppliers are under severe pressure. Alternatively, and additionally, your phone system may also allow you to set up a phone message for unanswered calls. This can be used to provide details of alternative phone numbers, and to provide other useful information.
Phone-line suppliers also generally provide business customers with a hosted conference calls facility, which will not require you to make any changes to your office phone system.
Post/scanning – you might also consider redirecting your post and/or DX to an alternative address, such as a partner’s home address. You might further consider buying a desktop scanner (such as the FuijitsuScanSnap ix1500) to allow you to scan post and other documentation at home and email it on to other practitioners.
Messaging apps – these may be helpful, but need close supervision. These include Telegram and WhatsApp.
You will need PDF software that will allow you to manipulate PDF documents, including reducing PDFs in size to make them small enough to email. Kofax Power PDF (formerly Nuance Power PDF) (www.kofax.com/products/power-pdf) is a reasonably priced alternative to the market leader, Adobe Acrobat Pro. If you are buying a desktop scanner, then you may receive PDF-editing software.