Around 70% of law firms introduced remote work during the pandemic, and about 55% are still investing in remote work solutions today. But, even law firms who don’t typically offer remote and flexible working options to their full staff are likely to see that work happening over the holidays.
Even if your entire firm seems fully committed to disconnecting over their break, chances are that at least a few employees will be checking emails, firing off messages, or engaging in some form of work while away.
Your law firm may be at an increased risk of cyberattacks if your employees are working remotely—unless you’re planning ahead for when folks decide to clock in between snowball fights and family meals.
Clue in your IT partner
First of all, let your IT provider know ahead of time:
To make this estimate accurate and provide the information needed to reduce risk, you should ask your workforce. Make sure that any potential remote work is accounted for, that you take stock of all of the devices and places that may ping on your network while you’re away, and that employees know that they are accountable for following safety precautions and cyber controls while they’re on the go.
This allows your IT team to gauge threats, like remote logins from unfamiliar locations or devices, with ease and accuracy. It removes the assumption that “it could be someone working from an airport” or “that device is moving because someone is on the train”-- lines of thinking that lead to missed red flags.
Prep your people for travel best practices
Once you’ve logged the above information, hold employees to it. Share the precautions they’re responsible for taking, like:
Wasted energy is wasted money. It’s called “phantom energy,” and refers to the energy used by devices that are left plugged in or idle when not in use. Phantom energy can account for roughly 20% of the average office’s electricity bill per year, and a single computer can waste roughly $87 per year in phantom energy.
Do your wallet, the planet, and your devices a favor and power down the non-essential while you’re away!
If you’re fully cloud-based, this should be an easy task. But, if you have on-premises servers, those may need to stay connected to power in order for you to access your applications at home. Outside of servers, you can typically turn off most devices, unplug chargers and IoT tools (like Alexa), and shut off your router if you won’t be in the office.
As a bonus, turning down devices and infrastructure for the break can close some of the doors hackers can use to penetrate your law firm’s network while you’re away.
No one wants to go into the office on a holiday to reboot critical servers—but one bad snowstorm, downed tree, or citywide outage could knock out your power and disable your servers until someone manually reboots them.
If your servers host apps you may be using at home, like email services, you will want to get a backup battery installed so that in the event of an outage or interruption, you can roll the power over to the battery and save yourself a trip. Your IT partner can likely install this for you in a pretty quick and painless process ahead of the holidays—but reach out as far as possible in advance so they’ll have time to procure, install, and test the system.
As mentioned, incidents spike over holidays because hackers know you’re out of office, and probably will be slower to respond to security incidents. Some hacks can even fly under the radar until you return, if you even catch them then!
Is your threat monitoring running and will it be available while you’re OOO?
First and foremost, you’ll want to test your threat monitoring and response solution before you leave for the holidays. This will ensure that your system is ready to detect incidents and alert your IT team or partner to the threat.
You can complete a test through your IT partner, team, or security provider. But, one question remains: who’s going to respond?
Most IT partners have at least an emergency or on-call crew available over the holidays, but you should certainly double check. Whether you work with a Managed Services Provider or IT partner or an in-house IT team, you may want to clarify their working hours and how they will be monitoring and handling security incidents while they’re off the clock.
That said, your team is probably going to be turning off your work devices, or at least muting emails and calls, while you’re away. But, if your IT or security provider detects a threat, they’ll need to be able to get in touch with a decision-maker or a designated member of your incident response team.
Make sure your IT provider or team can reach someone in charge if an incident occurs while you're away. Your law firm should have an incident response plan in place that designates a capable and trained team member to take the call, and a backup person in case the first isn’t reachable.
How many of us leave tabs open, click “stay logged in” on programs we use frequently, or just plain shut the laptop when we’re done work for the day? If you’re finished using a program for the next few days, log out of it—this is especially important the longer you’ll be away.
Logging out is a simple way to prevent bad actors from leveraging stolen devices, which is especially pertinent when your team is planning to travel or leave devices unattended in the office or at home while they’re away.
Personal larceny and robbery spike by up to 20% over the holiday season, alongside dramatic rises in burglary rates. Computers are among the items 10% more likely to be stolen at this time.
From office break-ins to pickpocketing at transit stations, your work and personal devices are both at higher risk of theft while you leave them in an empty office, tuck them away at home and then travel to see family, or take them with you in your travels.
You may not notice if your work phone gets pickpocketed at the airport—at least not right away, since you’re off the clock. Your luggage containing your work or personal devices may be lost or stolen, your home or office could be burglarized, or you could just plain forget your laptop on the seat beside you after a long red-eye flight.
This is another reason never to mix work and play when it comes to your devices— if you’ve got a work phone and a cell phone, for example, both with work applications installed, you have now doubled the chance of thieves getting ahold of company and client data or penetrating your law firm’s network.
Logging out makes it much harder for hackers to utilize your stolen device, especially if it’s set up with MFA. If you’re already logged in on your stolen device, you’ve left the front door unlocked for data thieves to stroll in and do as they please. All it takes is a quick pickpocket, and they’ve got access to all of yours and your clients’ data.
The same goes for devices in the office. Logging out of key devices helps prevent remote hackers from accessing your network or thieves from using the devices they’ve stolen to do so. This quick action adds a barrier of security and alerts your IT team, especially if they know no one is supposed to be in the office or where folks are expected to log in from.
If all else fails, your law firm’s final line of defense is a backup system. Ensure your data backup systems are working properly to prevent critical losses in the event of device destruction, outages, or a breach. Now is the time to test these systems, especially if you haven’t in awhile, to protect the countless billable hours of work and precious client data from being wiped out permanently.
Steps you can take include:
Your MSP, other IT provider, or in-house team should be able to complete this test for you and share the results. Make sure to do this well ahead of your break to give your team time to fix any issues that are identified!
The team at Strategic Technology Solutions wishes you a happy and safe holiday season. We believe it is a great privilege to support law firms like yours, and we see firsthand how hard your team works year-round to provide the vital and trustworthy services your clients need.
We hope you are able to take some time away and enjoy these hard-earned holidays off, and when you return, we’ll be here to help you with all of your IT needs.
Learn more about our legal expertise here, and if you have questions about your holiday prep or 2026 technology projects, get in touch!