How Law Firms Can Learn From 2017’s Data Breaches

BY Hannah Felfe

Law Firms Need to Learn From 2017’s Data Breaches
Cybersecurity and information technology security services concept. Login or sign in internet concepts.


Cybersecurity was a main focus for many businesses in 2017, after the massive data breach at Equifax. Preparation for cyber attacks in 2018 is now becoming a focal point to many business, including law firms. Law firms are especially vulnerable to data breaches because of the sensitive data they handle.

Possessing a heavy amount of delicate information, law firms can be targets for hackers looking to get a hold of both client and corporate intelligence.

According to a LogicForce survey of over 200 law firms of various sizes, it was discovered that every firm that was assessed had been targeted for sensitive client data through 2016-2017. Forty percent of these firms had no idea that they were breached.

LogicForce President John Sweeney says, “Law firms are the subject of targeted attacks for one simple reason. Their servers hold incredibly valuable information. That includes businesses’ IP, medical records, bank information, even government secrets. For hackers looking for information they can monetize, there is no better place to start.”

Law firms need to face these challenges directly and prepare themselves for their future reputation and security. Preventative action is more critical than ever in the new year. Important steps can be taken to safeguard your law firm form a cyber breach.

Jake Bernstein, an attorney with Seattle-based Newman Du Wors LLP, believes “the most important thing for law firms to learn is that they cannot keep their heads in the sand any longer. Data security issues affect everyone, but only attorneys have an ethical duty to keep their clients’ confidential data free from unwanted access and disclosure.”

Not all law firms are ignorant about cybersecurity, but to many this is an enormous financial obstacle. For many smaller law firms, cybersecurity has a competitive price, especially when firms start looking into investing in an in-house protection team. If they are unable to afford this, firms turn to consumer-grade technology that is not powerful enough to protect against online threats.

However, there are lessons to be learned from the data breaches of 2017. Setting up defense mechanisms and educating employees appear to be positive starting points. Facing a data breach can happen to any firm, but preparation for a breach decreases the likelihood of a cyber attack. Looking forward into 2018, lessons to learn from the past year’s breaches include:

  • Stay transparent. After a data breach, it is important to stay transparent about what occurred. This will maintain client respect and firm reputation. Public trust of a firm is everything, including financial stability.

  • Do not hide previous actions. Uber Technologies Inc. unsuccessfully attempted to sidestep its 2016 breach that spilled information about clients and drivers, a tactic that generated further public mistrust. Paige Boshell, the leader of Bradley Arant Boult Cummings partner and cybersecurity and privacy, explained that “the likelihood of a congressional hearing is much higher due to the subsequent actions than it is for the breach.”

  • Invest in cybersecurity. Responsibility surrounding cybersecurity is crucial; even if a breach occurs, scrutiny is less likely if the firm has done its best to protect sensitive information. Knowing that a firm did as much as it could to prevent a breach secures its reputation more than if the firm was uneducated and ignorant about cybersecurity.

  • Develop a plan. In the case of a data breach, a law firm should be completely prepared. A response plan that is inclusive for the entire company can keep everyone on the same page. Weekly testing for patches and computer security software updates can reveal weaknesses in the system, allowing firms to catch a potential soft spot where a breach could occur.

William Roberts, the privacy officer for Shipman & Goodwin LLP, explains that, “Clients need to trust their law firms, and part of that trust is knowing that firms will use, disclose and safeguard client information in a thoughtful and legally-compliant manner.”

It is obvious that law firms and big corporations alike need to examine the past and take this new knowledge forward to adapt to rapidly changing technology. By learning from others’ mistakes, it can be easier to escape cyber threats and potential attacks. However, a cyber breach can happen to any law firm, so it is crucial to understand what one is up against.

Hannah Felfe

Hannah Felfe is a staff contributor for Bigger Law Firm Magazine.


Security vulnerability infected websites

WordPress Security Breach Used Vulnerabilities in Plugins in Themes

Over one million WordPress websites have been infected by a malware campaign called Balada Injector since 2017, according to cybersecurity firm GoDaddy’s Sucuri. The attackers behind the campaign use all known and recently discovered vulnerabilities in WordPress themes and plugins to breach sites. They typically play out their attacks in waves once every few weeks,…

Law firm partner learning about SEO

How to talk to the partners about SEO

As a law firm marketing director, you understand the importance of SEO in driving traffic to your website and generating leads for your firm. However, convincing the partners of your law firm to invest in SEO can be a daunting task, particularly if they do not understand its benefits. Here are some tips on how…

Law Firm UX

The Psychology of User Experience and Its Impact on Law Firm Marketing

User experience, commonly referred to as UX, is an essential aspect of any marketing strategy, including law firm marketing. It encompasses everything that the user experiences while interacting with a product or service, including ease of use, accessibility, visual appeal, and overall satisfaction. The psychology behind user experience is a fascinating subject, and understanding it…