Building a Successful Law Firm—Without an Office

Rent is one of the largest expenses for law firms, sometimes taking up as much as 10 percent of their gross revenue. Too, it’s not uncommon for workers in large cities to have hour-plus commutes to their offices. The majority of today’s clients are more interested in efficiency and reasonable prices than how glamorous their lawyer’s office is. As a result, firms are choosing another way to work: virtual offices.

Marcia Watson Wasserman, Founder and President of Comprehensive Management Solutions, Inc., serves as a consulting COO for boutique and mid-sized law firms, helping numerous lawyers develop and sustain virtual offices. She joined the Law Firm Marketing Catalyst podcast to share her expertise and advice for lawyers considering moving toward virtual work.

Know who you’re working with

With a virtual office, you can’t pop into a colleague’s office or bump into them in the hallway. You won’t see what they’re doing on a daily basis, so you need to trust that they share the same goals, work ethic and commitment to firm culture as you. Marcia finds that people who have worked together at a brick-and-mortar firm before going virtual tend to work best, because an in-person relationship and sense of trust is already established. If you’re going virtual, find colleagues you already know personally, or at the very least, spend plenty of in-person time with them before committing to anything.

Understand your tech tools

 It’s impossible to have a virtual firm without the help of cloud-based technology tools. To have a successful virtual firm, everyone must be an expert on those tools. Law firms are notorious for buying software, then failing to learn how to use it—that won’t fly with a virtual firm. You need remote systems and procedures that streamline your practice and benefit your clients, and everyone must be comfortable using them. At a minimum, you’ll have to invest both money and training time in document management software, video conferencing software, client portals for paying bills, collaboration tools and, of course, encryption and data security tools.

Cultivate communication

How to delegate work, how to offer feedback, how to manage work among teams, when and how to have meetings—these questions are equally important at virtual or brick-and-mortar firms. But at virtual firms, it becomes even more critical that you discuss them openly and have communications systems in place. When communication is only happening by email, it can easily break down. Video conferencing, phone calls and planned communication are the antidote to this problem. Virtual connection also needs to be backed up with in-person events like retreats and social gatherings, at least annually. Maintaining communication at a virtual firm isn’t just important for client work, it’s also crucial to maintain firm culture.

Working from home sounds great, but it’s not for everyone. Some people get lonely working remotely. Others get distracted or they lack the motivation to work if they’re not in an office. Just like lawyers, support staff must have the right personality and skillset to work virtually. Another element to consider with support staff is wage and hour law in your location. Most support staff are non-exempt, and you have to consider supervision, insurance and the myriad of issues that arise when you have staff working remotely. Management issues don’t go away when support staff is out of sight.

Take advantage of time to network

Virtual work doesn’t mean staying home staring at your computer all day. The majority of work might be done from your home office, but networking can still happen in person. Join organizations, go to meetings and attend events to stay connected to your profession and your colleagues. Virtual work also offers more flexibility to meet with clients and attend events important to their industry. You’ll get to know your clients at a deeper level, which they’ll appreciate, and it will get you out of your work-from-home routine—a win for everyone.

If you can’t go fully virtual, start small

Not every firm is suited to virtual work, but many firms can use some of its elements to their advantage. Especially in large cities, more firms are using co-working spaces or opening small satellite offices that are more convenient for lawyers to get to. With more attorneys working outside of the main office a few days a week, the next logical step for some firms is to encourage office sharing. It’s a huge cultural shift for partners to share an office, but it can offer tremendous space and cost savings, and this concept typically doesn’t faze young associates.


© 2020 Berbay Marketing & Public Relations

For more on running a law firm, see the National Law Review Law Office Management section.

How Lawyers and Other Professionals Can Set Up Their Work-From-Home Space During COVID-19

Since the federal government’s mandated social distancing orders due to covid-19, working from home has presented new challenges for professionals at law, real estate and financial firms alike. Below are four tips on how you can get acclimated in your redefined workplace.

  1. Set Boundaries – One of the benefits of working from home is the ability to take advantage of the extra time on your hands since the work commute has vanished. However, it can be tempting to work from the most comfortable place in your home – your bed. Studies have found that working from your bed decreases productivity levels and makes it difficult to fall asleep at night because your brain associates your bed with work and stress. It is important to set boundaries between your workspace and your place of relaxation. Try setting up your space in a separate room such as the living room or guest room; in a smaller or studio apartment, you can set up a divider wall to establish designated spaces for work and play.
  2. Lights, Camera, Action! – Having your workspace near a window where natural lighting can seep through is an energy booster and stress reliever. According to medical professionals, the rays from the sun improve the communication between the regions of the temporal lobe which control emotions such as anxiety and stress. Sunlight also produces endorphins and serotonin hormones – “happy” hormones – that enhance our moods throughout the day.
  3. Minimize Distractions – While this is a challenge if your home has turned into a school and entertainment center, there are ways to avoid daily distractions. One example is limiting cell phone usage by using the “Screen Time’s Downtime” feature available on all Apple iPhone devices and many Android devices. Try setting it up during your work hours to avoid spending unnecessary time on social media. Wall calendars, daily to-do lists and designated browsers for personal and business activities can also keep your mind focused throughout the day. If you live with loved ones and/or roommates, establish “quiet hours” so everyone is on board and aware of your allocated time to focus.
  4. Create a Routine – When adapting to this new reality, creating a routine is key to maintaining your mental wellness and productivity. Shower at the same time you normally would, wear what you would normally wear to the office (although loungewear may be tempting!) and prepare your preferred type of coffee, tea or infused water to start your day. Most notably, make sure you go outside and remain active to improve blood circulation to the brain. When it’s time to return to business as usual, you won’t feel sluggish and your mind will feel ready more than ever to tackle the day.

© 2020 Berbay Marketing & Public Relations

For more on working from home, see the National Law Review Law Office Management section.

Mary Jane and the Remote Workplace

As shelter in place orders were rolled out in California, many businesses transitioned their workforce to remote work for the first time. Employers had to determine how to track hours worked or what qualified as a business expense. However, other unique questions arise with a remote workforce, such as how to handle employees using marijuana while working from home.

Over a decade ago, when California passed the Compassionate Use Act, an employee questioned an employer’s right to prohibit marijuana use. The California Supreme Court in Ross v. Ragingwire held the employer need not accommodate medicinal marijuana use, irrespective of the Compassionate Use Act of 1996. Ross reasoned that since the California Fair Employment and Housing Act (FEHA) does not require employers to accommodate illegal drug use, the employer could lawfully deny employment to individuals using medical marijuana, which remains illegal under federal law.

More recently, in 2016 California legalized marijuana for recreational use, which further complicated employee marijuana use at work. Despite the change in marijuana’s legal status, the law reiterated that an employer could have a policy against the use of drugs while working or at the workplace.

While the law permits employers to prohibit drug use at work, now a large portion of workers are working remotely, Unfortunately, the lines for employees may be blurred since they are in their own homes (and many people seem to need a little extra help getting through this pandemic).

Employers should remind employees that during working hours, the expectation is that employees will comply with all policies of the company, including drug and alcohol policies. If the company does not have a drug and alcohol policy, it may want to include information prohibiting the use of drugs and alcohol while performing work in a remote work agreement or work from home policy.

If a manager or supervisor suspects that an employee is using marijuana or other drugs while performing work for the company, the supervisor should be instructed to reiterate the company’s policies.

The more difficult aspect of a remote workplace is handling an employee who is clearly under the influence while working, such as appearing intoxicated at a video conference. In California, an employer can only request an employee undergo a drug test under limited circumstances, including if there is reasonable suspicion that the employee is under the influence. While there may be sufficient evidence to request a drug test, due to concerns surrounding COVID-19 including overwhelmed medical providers, an employer will need to more carefully consider whether to insist an employee submit to a drug test at this time. Similarly, as some employers are actually hiring new employees during COVID-19, they too may wish to consider whether to postpone typical post-offer, pre-hire drug tests until the current health crisis has calmed down. Of course, drug tests are still necessary for employees in safety-sensitive positions, but they typically are not working remotely.

If an employee voluntarily requests leave for drug rehabilitation, assuming the employer’s workforce is over 25 employees, the employer should grant the leave pursuant to California Labor Code Section 1025, unless the leave would result in an undue hardship. Other leaves may also apply, so employers should consult with their Jackson Lewis attorney. However, of note, all the new COVID-19 California Paid Sick Leaves are limited to either actual COVID-19 diagnosis or exposure, caring for family, or childcare issues only. As such there will be no need to grant paid sick leave to an employee who claims pandemic stress-induced drug use.

Employers should also be cautious that they are not overstepping into trying to control an employee’s lawful off-duty activities. This may include, for instance, seeing social media posts from employees using marijuana at home. Unless it’s clear from the post that the marijuana usage occurred during working hours, employers should refrain from taking any action.


Jackson Lewis P.C. © 2020

For more on remote working considerations, see the National Law Review Employment Law section.

Avoid Losing Money: Achieve Full Remote Access with Speed, Security & Scalability

Are your employees fully capable of accomplishing the same work that they could have done while in the office? Ideally, their in-office PC experience can be duplicated (securely) at home without any latency issues. If that’s not the case, your organization could be losing money with lost billable hours, or underutilization of existing solutions, etc. It’s paramount for the bottom line that your remote access capabilities are allowing your employees to achieve maximum efficiency to conduct business in a remote capacity.

There are three key areas of focus that need attention when planning a cost-effective and capable remote access strategy: speed, security, and scalability. “Putting effective security measures in place today along with mitigating remote access performance issues and ensuring the ability to adjust user access and scale will undoubtedly put you at a competitive advantage and positively affect your organization’s bottom line,” says Donnie W. Downs, President & CEO of Plan B Technologies, Inc.

First and foremost, the reliance on your employee’s end user device (or lack thereof) has a significant impact on what must be considered. There are two paths an organization can take to provide remote access to end users. The first is to allow end user devices to join the network as though they were plugged into a network jack in the office. The most common way to achieve this type of direct access is through a Virtual Private Network or VPN. The second approach is to present desktops and applications in a virtual session. This allows applications to be run on server horsepower in the organization’s datacenter and be used remotely from an end user device. Several products provide this capability, usually referred to as VDI or Terminal Services.

These options result in significantly different architectures. The primary difference is the level of dependency on the end user’s device. The VPN style solution relies heavily on the device’s capability and configuration. It’s required to provide all of the applications and computing power required by each end user. The VDI/Terminal services style solution requires much less from the end users devices. It is simply an interface to the remote session. The tradeoff is that a much more robust infrastructure is required in the organization’s data center or cloud.

Regardless of which way your organization is providing remote access today (VPN or virtual session), the speed, security and scalability (or lack thereof) will directly impact your cost.

SPEED

“To remain productive while working remotely, users need the same capabilities and performance they have when in the office,” says Downs. This translates to several things. They should be able to access all of the software and data they need. They should be able to access these resources using familiar workflows that don’t require separate remote access training. However, the most commonly missed requirement is that the remote access platform needs to provide adequate performance, so the remote access experience feels just like being in the office. Any latency will no doubt cause frustration and could ultimately affect your billable hours.

For direct access platforms this is a simple, yet potentially expensive formula. The remote access system needs to provide enough bandwidth so that the client device can access application servers, file servers, and other resources without slowing down. On the datacenter side, this means designing sufficient connectivity to the on-prem or cloud environments. Connectivity on the client-side, however, will always be more unpredictable. Slow residential connections, unreliable WIFI, and inconsistent cellular coverage are all challenges that will need to be addressed on this type of solution.

Performance within VDI/Terminal Services platforms is much more complex. Similar to direct access, we need to provide adequate bandwidth from the client to the remote access systems. However, this type of system typically has less demanding network requirements than a direct access system.  Advanced VDI/Terminal Services platforms also offer a wide variety of protocol optimizations that can accommodate high latency or low bandwidth connections. That’s only half of the puzzle though. Because the user is accessing a virtual session running in the datacenter, that session needs to provide adequate performance. At a basic level, this means that the CPU and memory must be sized correctly to accommodate the number of users. But the platform also needs to match in-office capabilities such as multiple monitors, 3D acceleration, printing, and video capability. Full-featured VDI/Terminal Services platforms provide these capabilities, but they must be properly designed and deployed to realize their full potential.

SECURITY

“Remote access can expose your business to many risks – but it doesn’t have to be this way,” says Downs. “Whether your organization is supporting 10 remote users or 1,000, you need to provide the necessary access while guarding your organization against outside threats.” For successful and secure remote access, it’s necessary to manage the risks and eliminate your blind spots to prevent data loss, phishing, or ransomware attacks.

On the surface, securing remote access environments requires many of the same basic considerations as any other public-facing infrastructure. These include mandatory multifactor authentication, application-aware firewalls, and properly configured encryption to guard your organization against security risks and protect corporate data. Remote access security is unique due to the risk introduced by the devices used by your employees. These devices can include IT managed devices that are allowed to leave the office or employee-owned unmanaged devices. If your remote access end users are logging in with their own devices, over the internet, there is room for a security breach without conducting these three protocols:

1/ Conduct Endpoint Posture Assessments

For direct access remote connectivity, security is especially relevant since the end user device is being provided a conduit into the organization network. Ideally, devices connecting to a direct access solution should be IT managed devices. This ensures that IT has the capability to control the endpoint configuration and security. However, there are many environments where direct access is required by employee-owned devices. In either case, the remote access solution should have the capability to do endpoint posture assessment. This allows an end user device to be scanned for compliance with security policies. These policies should include up to date operating system updates, valid and updated endpoint protection/antivirus, and enabled device encryption. The results of the scan (or assessment) can then be used to ensure only properly secured devices are able to connect to the network.

2/ Protect Against Key Logging and Other Malware

VDI/Terminal Services remote access systems rely on the end user device only as an interface to the virtual session. As a result, these solutions provide the ability to insulate the organization’s network from the end user device more than a direct access connection. Administrators can and should limit the ability for end user devices to pass file, print, and clipboard data, effectively preventing a compromise of the end user device from affecting the infrastructure. However, there is a gap in this insulation that is almost always overlooked. Malware on the end user device with key logging, screen recording, or remote-control capability can still allow the VDI/Terminal Services session to be compromised. Advanced VDI/Terminal Services platforms have protection for these types of attacks built in. This should be a mandatory requirement when selecting and implementing a VDI/Terminal Services solution.

3/ Deploy Robust Endpoint Protection

Regardless of the overall remote access strategy, both IT managed and employee-owned end user devices should have robust endpoint protection. Traditional definition-based antivirus products no longer provide sufficient protection. These should be combined with, or replaced by, solutions that perform both behavior analytics and advanced persistent thread (APT) protection.

SCALABILITY

Capacity planning for remote access can be very challenging. It is often one of the most varied or “bursty” workloads in an organization. Under normal operations it is used for dedicated remote workers or employees traveling. But when circumstances require large numbers of employees to be remote, as they do today, demand for these capabilities will spike. Proper planning can allow remote access systems to deal with this and keep the entire organization productive, regardless of where they are working.

There are three key elements that affect the scalability of direct access and VDI/Terminal Services solutions: software licensing, network bandwidth, and hardware capacity. It’s important to remember that these three pieces are interconnected. Upgrading any one of them will likely also require an upgrade to the others.

1/ Software Licensing

Licensing for remote access solutions is generally straight forward. There are variables in choosing the correct license type such as feature set and concurrent vs named users. But, in terms of sizing, direct access, and VDI/Terminal Services solutions are usually licensed based on the number of users they can service. Proper scalability relies on having a license pool large enough to support the entire user base. Purchasing licensing for an entire user base can be prohibitively expensive, so some vendors offer more flexible licensing. Two common flexible license models are subscription and burst licenses. Subscription licensing can often be increased or decreased as needed. Burst licensing allows for the purchase of a break-glass pool of licensing that allows for an increased user count for a short period of time. Both of these models allow remote access systems to rapidly expand to accommodate emergency remote workers. This type of flexibility should be considered when selecting a remote access platform to help save your organization from unnecessary costs.

2/ Network Bandwidth

Bandwidth and hardware flexibility are much more difficult to plan for. Indirect access and VDI/Terminal Services scenarios, each additional user requires more WAN bandwidth and more hardware resources. WAN circuits for on-prem datacenters can require significant lead time to provision and resize. There are solutions such as SD-WAN or burstable circuits that can allow flexibility and agility in these circuits. But this must be carefully preplanned and not left as a to-do item when the expanded capacity is actually needed.

3/ Hardware Capacity

Hardware scaling has similar limitations. Adding remote access capacity can require hardware resources ranging from larger firewalls to additional servers depending on the specific remote access platform. Expanding physical firewall and server platforms requires the procurement of additional hardware. During widespread emergencies, unpredictable availability of hardware can lead to significant delays in getting this done. Fortunately, most remote access platforms allow the integration of on-prem and public cloud-based deployments. A common strategy is to deploy systems into the public cloud as an extension of the normal production environment. These systems can then be spun up when needed to provide the additional capacity. This is a complex architecture that requires diligent design and planning, but it can provide a vast amount of scalability at reasonable cost.

Positioning your organization with a remote access strategy that can scale will save you time and money in the future. It’s unknown how long the effects of the coronavirus pandemic will impact the landscape of remote work for organizations. Planning and preparing to continue to conduct business with a secure and robust remote access strategy in place will put you ahead of your competition.


© 2020 Plan B Technologies, Inc. All Rights Reserved.

For more on remote working see the Labor & Employment section of the National Law Review.

Make Remote Access for Your Employees Safer & Quicker with Disciplined User Rights

During times of disruption as well as an unpredictable future, your organization’s focus on “the basics” regarding a fundamental remote access strategy and design is essential. The newly widespread remote working environment dictated by various states’ stay at home orders due to the Coronavirus pandemic, demand that successful organizations of tomorrow fully grasp the fundamentals of safe and remote access protocols and prepare for the elastic growth of a disciplined remote access initiative.

The landscape of remote access is forever changed. Regardless of your organization’s existing hardware, software or network (WAN) and cloud design,  basic planning activities – which pave the runway for successful remote access – ensure your organization’s sustainability and enhance your competitiveness in a crowded marketplace.

First and foremost, it’s recommended you audit your current infrastructure design – including a review of your hardware, software, infrastructure, bandwidth, security etc. Any high performing organization’s s remote access strategy should maintain SLAs (Service Level Agreements) or project deadlines and objectives with all internal users and exercise resiliency when confronted with the performance, compliance, and security demands needed to scale.

Three core strategic planning activities are highly recommended prior to, or in parallel with, an audit of your remote access posture:

Clean Up Your Users

Identity hygiene is a constant necessity of any organization to ensure its security stance and guarantee fluidity in the face of dynamic change. Legacy user account cleanup falls into this category, but the lesser practiced aspects of identity hygiene include organization unit restructuring and security group management. These components of a well-tuned identity management infrastructure represent the organizational layout of a business and mapping of processes to business roles which too often grow organically as companies mature. Complacency to organic growth has led many organizations to make drastic and costly decisions to start over rather than re-organize, in order to remove the cancer that has developed in their identity management infrastructure.

Segment User Roles

Likewise, segmenting roles is critical to identity hygiene. Most enterprises have adopted the bifurcation of administrator and personal accounts to ensure audit trails but considerably fewer have aligned security stance to personnel role. As tenure grows and roles change to meet the needs of the organization, new rights and responsibilities are created and added to those individuals with few taken away as the firm’s requirements change. Aligning roles to responsibilities, and more importantly permissions, assures audit compliance without complex explanations and eases transition should those trusted employees ultimately leave the company.

Assign Least Access Rights to Segmented Roles

Finally, the selection of rights assigned to those segmented roles solidifies a corporate identity management strategy. Whether assigned through a workflow engine or maintained through formalized manual processes, assuring least access aligned to each role eliminates the organic growth of unnecessary permissions or access to no longer appropriate applications. This last part is a key facet of a comprehensive strategy that many organizations – including large enterprises – develop complacency around. And the removal of access is no longer strictly necessary. It is too easy to allow excuses that support and even justify this laxity but it’s this very lassitude for least access which opens doors to ransomware propagation, disgruntled and disaffected IT administrators and glaring audit infractions.

In summary, organizational resilience is steeped in discipline. Crisis management and the daily “X factor” can create havoc even with the best laid plans for systems maintenance. The ways in which your firm interacts with clients, partners, suppliers, and others will undoubtedly change with the heavy reliance on remote access capabilities. Those who grasp this concept now will be ahead of the game.

Remote access prowess is now an entry ticket to conducting business post-COVID-19 and absolutely can be viewed now as a true competitive differentiator. When organizations run with elephants there are only two types: 1/ the quick and 2/ the dead. Let’s encourage each other to be in the former category, rather than the latter.


© 2020 Plan B Technologies, Inc.. All Rights Reserved.

For more on remote work considerations during the COVID-19 Pandemic, see the National Law Review Coronavirus News section.

Work-from-Home Lessons from a Veteran Virtual Worker

To all of my law firm marketing and PR colleagues, lawyers, and other law firm professionals who are working from home (or “WFH” — the new trending acronym — or so I’m told) amid the COVID-19 pandemic, I say, with mixed emotions, welcome to the club. I just wish the acknowledgment came under better circumstances — more because you want, can and/or should work from home, rather than you must do it in the interest of public health.

I’ve been working from home for nearly 10 years. Jaffe has been an exclusively virtual environment for most of its 42-year existence, so it’s a working and lifestyle model with which I am very familiar. It takes some adjustments and there are challenges aplenty for newcomers to the home office, particularly for those thrown into the fire without proper equipment or conducive working environments, not to mention psychological preparation for what can be a jarring transition.

Consequences of the WFH Lifestyle

First, there are obvious logistical issues for professionals working from home, including obtaining and maintaining laptops and other equipment, as well as other IT issues, not the least of which involves data security. The threat of breaching a client’s security is a major concern for law firms. In fact, the U.S. government’s Cybersecurity and Infrastructure Security Agency has been highlighting the elevated risk of malware, phishing attacks and other ransomware demands during the current pandemic. There also are challenges to dealing with the loss of human interaction that professionals are accustomed to having from being in close physical proximity to each other in an office. Technology allows us to get our jobs done just fine, but interacting with others only virtually is doubly stressful when we don’t have in-person interactions to compensate.

A couple of years ago, I wrote a National Law Journal article about the emergence of the competitive cloud-based law firm and what that looked like compared to the traditional firm model. Since that time, the number of virtual, or cloud-based, law firms has increased slightly, but the traditionally conservative legal industry overall still has barely dipped a toe into that water.

One positive outcome of the currently mandated WFH exercise is likely to be nearly wholesale preparedness for the next crisis that closes physical firm offices. Through this crash course, decision-makers at law firms are likely to realize there are some legitimate efficiencies and benefits to be gained from lawyers based at their homes, principally involving reduction in physical real estate and overhead, and the value proposition for offering a true work-life balance for attorneys and other support staff. The workers themselves also will see benefits from remote working that they probably had not considered or truly appreciated before they were in the trenches. An overarching conclusion of the 2020 State of Remote Work survey (by social media software company Buffer) of thousands of remote workers from around the world is that remote workers almost unanimously want to continue to work remotely (at least partially) for the rest of their careers.

Ultimately — according to many legal industry observers — this forced experiment could expand the virtual model for some firms permanently, at least on a partial or as-needed basis. Traditionalists may be beside themselves and clutching their pearls (so to speak), but this change to the core firm business model is inevitable.

How to Work from Home

Recognizing that a vast majority of legal professionals are now working from home for the foreseeable future, let me offer just a few pearls of wisdom based on having about a decade of applicable experience under my belt (or relaxed-waist sweatpants, I should say, since there are no dress codes at my house). If you haven’t already bought into these, consider what I feel are the most-important best practices and takeaways for working from home.

Dedicate a space for office work.

It also should be devoid of distractions like TV or music (unless you can handle that — I usually can’t). While some people can acclimate to different situations and environments quite easily, for me, a dedicated office helps me replicate an office-like routine and maintain a certain work ethic and discipline. Sure, sometimes, I’ll drag the laptop over to the sofa or to a restaurant (in simpler times, that is), but I’m never as productive as when I’m sitting at my desk in my home office. There’s some humor — much appreciated these days — to be had at the good-natured expense of many of you doing your best to make it work with innovative work-at-home set-ups.

It’s not so much about the number of hours you work, but the productivity that matters.

You will probably find that you can get more done in four or five hours working during the day at home than you did in the office. You have fewer distractions (if you can block out or put restrictions on others living with you). My workday can sometimes stop mid-afternoon and pick up again in the evening, as well as extend into the weekend. Oftentimes, the amount and type of work dictates when I work. That 24/7 mindset also allows for more responsiveness to clients’ needs, which those accustomed to more-traditional work hours cannot or will not necessarily deliver. However, if you find yourself grinding non-stop at the computer for five or six hours, that also can be detrimental to your work proficiency and mental well-being, so…

Take breaks.

It’s easy to get into a groove and churn out work product at home without the distractions typical of an office environment. Of course, if you have family, especially children, at home, chances are the distractions will find you anyway. Mentally, it’s just good to turn away from the work occasionally to catch up on the news, move around a bit, view a quick video or do whatever eases your mood.

Get exercise.

It’s easy to get lazy when you don’t have to commute back and forth to the office plus run errands or perform other tasks that usually offer daily exercise. No good can come from a sedentary work style over the long haul. Actually, while we’re social distancing, the majority of us don’t even have nighttime or weekend social excursions to get in our daily steps. Try to take a long walk, quick run or whatever other cardio activity works for your lifestyle. You may now have the luxury of building that into your daytime routine rather than relegating it to before or after work.

Also, just take a few moments to marvel at the fact that we can get so much done while never even being in the same room, building, ZIP code or even country as our colleagues. And be kind to your co-workers, clients and stakeholders. Everyone is in the same boat. Cut some slack the next time your boss joins your virtual meeting after turning herself into a potato.


© Copyright 2008-2020, Jaffe Associates

ARTICLE BY Randy Labuzinski of Jaffe.
For more on work from home and other COVID-19 considerations, see the National Law Review Coronavirus News section.

COVID-19 and Cybersecurity: Combating “Zoombombing” and Securing Your Remote Working Videoconferences

As COVID-19 has prompted a massive shift by organizations to the implementation and use of remote working solutions for their employees, there has been an unfortunate, but not surprising, corresponding rise in malicious actors seeking to exploit remote working solutions.

Over the past few weeks, the most notable and prevalent “digital hijacking” has occurred on the Zoom teleconferencing application. Since the start of the COVID-19 pandemic, there has been an explosion in the number of individuals using the Zoom application. Prior to the pandemic, Zoom averaged approximately 10 million users per day. However, Zoom now estimates that approximately 200 million users per day utilize its videoconferencing application. These users not only include remote workers, but also many school children and teachers who utilize the Zoom application for remote learning.

The phenomenon commonly known as “Zoombombing” involves the infiltration of Zoom videoconferences by hackers. Once they have infiltrated a videoconference, hackers have undertaken a variety of malicious acts including, among other things, posting hate speech, stealing personal identifying information, and posting pornography or other offensive or inappropriate content to the other participants in the videoconference. Typically, hackers look to exploit Zoom conference links that are posted publicly and/or open to the public without the need for a password or access key. In response to the increase in Zoombombing attacks, some governments and organizations have restricted or prohibited the use of the Zoom application by their employees. Recognizing the threat that hackers pose to their platform, Zoom recently added new default security features and recommended that users employ additional security safeguards.

Of course, it is not only Zoom that has been targeted by malicious cyber actors. Similar attacks have occurred on numerous other commonly use videoconferencing platforms. Attacks on these other platforms exploit similar flaws or security vulnerabilities that are seen in Zoombombing attacks.

Given the rise of attacks on videoconference applications during the COVID-19 pandemic, the FBI recently issued a warning discussing Zoombombing and other similar attacks aimed at remote working employees and students. The FBI advised that videoconference application users take the following steps:

  • Do not make meetings public and, if the option is available, utilize passwords for access to meetings;
  • Do not share links for meetings publicly;
  • Only allow meeting hosts to have the option to share their screens with other participants;
  • Ensure that you are using the most recent version of the application; and
  • Ensure that your organization’s remote working policies address requirements for videoconferencing security.

Other important security tips include:

  • Ensure that your teleconferencing sessions have active password protections in place;
  • Keep password protection on by default to prevent unauthorized users from joining or hijacking your sessions; and
  • Use a unique, one-time ID number for large or public teleconferencing calls.

The COVID-19 pandemic has made remote working a reality for many in a world handcuffed by social distancing. It is more important now than ever to understand the power, and the corresponding dangers, these new remote connection technologies hold in order to ensure that you maintain the safety and security of your organization’s data and information.


© 2020 Faegre Drinker Biddle & Reath LLP. All Rights Reserved.

For more work from home considerations among the COVID-19 pandemic, see the National Law Review Coronavirus News page.

The Coronavirus: Best Practices to Mitigate Risks in the Workplace

As impact of the Coronavirus Disease 2019 (COVID-19) continues to develop, employers and employees are increasingly concerned about the risk of contamination. Employers should consider practical steps to protect their employees, address employee concerns and maintain productivity during potential business disruptions that may result from the spread of this virus.

  • Education and communication are critical:  Employers should circulate the most recent Center for Disease Control and Prevention (“CDC”) guidance for employers, as well as state and local guidance, such as those provided by New Jersey and New York City. Review for updates from federal, state and local levels as there will be daily developments and updates. Provide significant updates to employees on a regular basis.   We recommend providing these materials via several methods, such as email, postings in breakrooms, on the company intranet, and hard copies inserted with weekly payroll. Ongoing regular communication with employees will create confidence that the business is taking their continued health seriously and help to avoid panic.

  • Encourage sick employees to stay home: When an employee calls in sick, particularly where the symptoms are associated with COVID-19, employers should err on the side of caution and encourage those employees to stay home. New York City and New Jersey both require employers to provide paid sick leave, which includes time off for employees to care for themselves, care for family members, for time off related to school closures and the like, which eligible employees may need to utilize. Employers should consult leave laws and policies that apply to the company. Moreover, employers should not require a healthcare provider’s note for employees who are sick with respiratory illnesses to validate their illness or to return to work. Relaxing such requirements is important given concerns about containing further spread of the virus and the potential inundation of healthcare providers who may have increasing limited resources.

  • Allow for telecommuting/teleconferencing: Employers should not place emphasis on in-person attendance, and should evaluate telecommuting options. This may require employers to temporarily relax current telecommuting policies, or to take steps to set up a method for telecommuting.

  • Review polices regarding travel and off-site events: Employers should review travel and off-site meeting needs and consider making in-person attendance voluntary.  If an employee voluntarily decides to attend off-site events, we recommend that employers require the employee to sign a short assumption of risk and waiver of liability.  If an employee declines to attend given concerns of the virus, employers should not treat such conduct as insubordination and should consider work around arrangements.  Teleconferencing may provide another means for employees to attend off-site functions.  The CDC guidance recommends travelers stay home for 14 days from the time the person leaves an area with widespread, ongoing community spread.  We recommend employers adopt similar policies as applied to employees returning from business or personal travel.

  • Encourage healthy practices:  Encourage employees to engage in healthy practices, such as regularly washing and/or disinfecting their hands. To the extent an employer is able to secure these items, they should  make disinfectants and hand sanitizers available to employees, especially upon entry to the work place.  Employers also should arrange for periodic industrial cleaning and notify employees of those efforts.

  • Identify areas of risk: Identify health risks specific to each work site, and a plan to address concerns.  Review CDC and the Occupational Safety and Health Administration’s guidance providing safety tips and highlighting potential areas of risk.

  • Avoid stereotyping: Employers should not make determinations of risk or treat employees differently based on race or country of origin.

  • Maintain confidentiality: If/when an employee is suspected or has been confirmed to have contracted the virus, employers should act to maintain confidentiality around the employee’s diagnosis. In addition, employers should refrain from asking employees questions about their symptoms and medical conditions or suspected conditions.

  • Train managers: Train managers on how to handle concerns and preventative steps that the company is taking to manage the potential spread of the virus.  Remind them of current policies and any changes that the business has decided to make to accommodate employees and business needs during this time. Encourage managers to promptly address all leave requests and meet with team members regarding concerns to engage in a dialogue to move forward in a way that benefits both the employee and the company. It may be prudent to appoint a single department or point of contact for COVID-19 questions or concerns that managers need to further discuss.

  • Consider other long term considerations such as:
    –  Consider creating a plan that involves how to prepare for a pandemic, including how to deal with office closures to avoid business disruption.  The CDC encourages employers to plan for a possible coronavirus outbreak and advises employers to ensure that their plan is flexible and well communicated to employees.  A formal plan may help the employer to focus on necessary steps to prepare and ensure a single message regarding preparedness is communicated to employees.

    –  Recognize that there may be legal rights associated with an employee who has the virus or who is perceived to have the virus under federal, state and local disability and leave laws.

    –  If employees are represented by a union, consider whether there are any issues that need to be addressed with the employees’ bargaining representative and whether there are any provisions in the company’s collective bargaining agreements that may be affected.

Importantly, employers should keep in mind that the U.S. is early in the process of understanding and combating COVID-19. The situation is rapidly evolving and employers will need to pay close attention to daily developments.  When in doubt, reliance on the guidance provided by health experts, government agencies, and counsel will best insulate employers from exposure to liability for discrimination, privacy or other legal claims from employees.


© Copyright 2020 Sills Cummis & Gross P.C.

For more on the COVID-19 pandemic, please see the National Law Review Coronavirus News page.

Options for Employers When Employees Cannot Work From Home

Despite many politicians and employers discussing the option for employees to work at home, there are millions of employees who simply cannot do that. Bartenders, restaurant servers, cashiers, and many others have no one to serve and nothing to ring up when they work at home.

Employers of such employees accordingly have a difficult decision to make when business is at an all-time low or they have been shut down. Most cannot afford to pay employees during this time period and hope employees will qualify for unemployment benefits. The question for these employers thus becomes–to fire, or not to fire.

This is where a work furlough comes into play. A work furlough is essentially a temporary layoff that qualifies for unemployment benefits.

Furloughs rose in popularity some years ago when businesses had to cut costs. Most employers knew employees who worked from paycheck to paycheck would suffer a financial hardship if the employees lost their jobs. Employers did not want to terminate employment. These employers wanted to minimize the negative impact, psychologically and monetarily, a termination brings, and the hard feelings an employee may carry following termination. Employers wanted employees who were already-trained to return to work at the end of a furlough, rather than having to start the hiring process from scratch.

Work furloughs generally have a set beginning and end date, similar to the 15-day shut-down ordered in many cities. The employer does not pay the employee during the furlough. Employees, however, generally qualify for unemployment compensation benefits.

Employers who want to maintain better relations should tell their employees to apply for unemployment benefits on the first day of the furlough. This ensures the employees will receive the maximum compensation possible. Even an employee who uses vacation time or personal time may qualify for unemployment benefits.

Usually there is a one week waiting period before an employee is eligible to receive any unemployment benefits. Many states have benevolently waived this one week waiting period for job losses suffered due to the pandemic. In these states, employees will receive benefits beginning “day 1.” The employee will receive compensation during the second week and any later weeks during which the employee is not working.

Any employee who files after the first week of the furlough must use the second furlough week as the waiting period. The employee, therefore, loses a week of unemployment compensation.

Even if the furlough period is only one week in length, employees should file for benefits. This helps the employee if the employer is forced to extend a furlough or put employees on furlough again later that same year. The one-week waiting period only applies to the first week when the employee did not work during the first furlough. The employee does not have to wait yet another week to receive benefits (compensation) during any furloughs that take place within 12 months of the first furlough.

While furloughs are an excellent option for employers to consider, any employer considering termination or a furlough must carefully consider all state and local laws; the state emergency declarations and laws issued, given the pandemic; and federal law, including any relief package or whether the number of employees furloughed triggers obligations under WARN.


© Polsinelli PC, Polsinelli LLP in California

For more on the COVID-19 outbreak, see the National Law Review dedicated Coronavirus News section.

COVID-19: Navigating the Issues Faced by Employers

The ongoing COVID-19 outbreak has brought about a whole range of novel legal considerations for employers in Singapore.

Stay-home orders

There are mainly two types of “stay-home orders” which are currently being implemented in Singapore. They are the:

  • Quarantine Order (“QO”); and
  • Stay-Home Notice (“SHN”).

A QO is a directive issued to quarantine or isolate an individual who is, or is suspected to be, a carrier or contact of an infectious disease.

A SHN is a new measure that took effect on 18 February 2020, effectively replacing the then prevailing leave of absence (“LOA”) measure, which was less stringent. The SHN would be issued to individuals returning to Singapore from certain designated regions within the last 14 days from their date of return.

Obligation to pay employee salaries

QOs are served on individuals by the Ministry of Health (“MOH”). The period of absence from work necessitated by the QOs should be treated as paid hospitalization leave, as part of the employer’s hospitalization leave eligibility under their employment contracts, collective agreements, or under the Employment Act. For employees who have used up their paid hospitalization leave, employers are urged (but not statutorily mandated) to exercise compassion and flexibility by granting additional paid hospitalization leave.

During the SHN period, if remote working is not possible, employers are encouraged to provide additional paid leave on top of the employees’ annual leave entitlements for the SHN, especially if the reason for the employee being on SHN is that he had to undertake work-related travel. If that is not feasible, employers can consider the following options, or a combination of the options, for the employees on SHN:

  • Treat employees’ SHN as paid hospitalisation leave or paid outpatient sick leave;
  • Allow employees to apply for annual leave;
  • Allow employees to use advanced paid leave or apply for no pay leave, for employees who have used up their leave entitlements; or
  • Other mutually agreed arrangements between the employers and employees/unions.

The Ministry of Manpower (“MOM”) is providing support to help businesses who are affected by the SHNs in the form of a SHN Support Programme. The MOH has similarly put in place a Quarantine Order Allowance Scheme. Both of these are in place to mitigate the financial impact for employers of those who have been served QOs/SHNs, subject to the fulfilment of eligibility criteria.

Obligation to provide a safe work environment

Under the Workplace Safety and Health Act, employers in Singapore have a duty to take, as far as is reasonably practicable, such measures as are necessary to ensure the safety and health of its employees at work. Employers also have similar obligations under common law.

Data privacy issues arising from contact tracing

The Personal Data Protection Commission advisory provides that organisations may collect personal data of visitors to premises for purposes of contact tracing and other response measures in the event of an emergency, such as during the outbreak of COVID-19.

In the event of a COVID-19 case, relevant personal data can be collected, used, and disclosed without consent during this period to carry out contact tracing and other response measures, as this is necessary to respond to an emergency that threatens the life, health, or safety of other individuals.

Organisations that collect such personal data must comply with the data protection provisions of the Personal Data Protection Act 2012.

Temperature taking

Employers are encouraged to take the temperatures of employees and visitors, and record their names, NRIC/FIN/Passport numbers (for visitors), and temperatures during this period of time. It is also permitted and advisable to monitor employees and visitors for other respiratory symptoms such as coughing, runny nose, shortness of breath, and breathing difficulties.

Regulatory enforcement

The local regulators take contraventions of the COVID-19 measures very seriously, and have been actively enforcing these measures against employers and work-pass holders.

As of 24 February 2020, the MOM has punished a total of 10 work-pass holders and nine employers for flouting MOM’s LOA requirements.


Copyright 2020 K & L Gates

For more on working from home, see the National Law Review Labor & Employment law page.