How Law Firms Can Learn From 2017’s Data Breaches

BY Hannah Felfe

Law Firms Need to Learn From 2017’s Data Breaches
Cybersecurity and information technology security services concept. Login or sign in internet concepts.


Cybersecurity was a main focus for many businesses in 2017, after the massive data breach at Equifax. Preparation for cyber attacks in 2018 is now becoming a focal point to many business, including law firms. Law firms are especially vulnerable to data breaches because of the sensitive data they handle.

Possessing a heavy amount of delicate information, law firms can be targets for hackers looking to get a hold of both client and corporate intelligence.

According to a LogicForce survey of over 200 law firms of various sizes, it was discovered that every firm that was assessed had been targeted for sensitive client data through 2016-2017. Forty percent of these firms had no idea that they were breached.

LogicForce President John Sweeney says, “Law firms are the subject of targeted attacks for one simple reason. Their servers hold incredibly valuable information. That includes businesses’ IP, medical records, bank information, even government secrets. For hackers looking for information they can monetize, there is no better place to start.”

Law firms need to face these challenges directly and prepare themselves for their future reputation and security. Preventative action is more critical than ever in the new year. Important steps can be taken to safeguard your law firm form a cyber breach.

Jake Bernstein, an attorney with Seattle-based Newman Du Wors LLP, believes “the most important thing for law firms to learn is that they cannot keep their heads in the sand any longer. Data security issues affect everyone, but only attorneys have an ethical duty to keep their clients’ confidential data free from unwanted access and disclosure.”

Not all law firms are ignorant about cybersecurity, but to many this is an enormous financial obstacle. For many smaller law firms, cybersecurity has a competitive price, especially when firms start looking into investing in an in-house protection team. If they are unable to afford this, firms turn to consumer-grade technology that is not powerful enough to protect against online threats.

However, there are lessons to be learned from the data breaches of 2017. Setting up defense mechanisms and educating employees appear to be positive starting points. Facing a data breach can happen to any firm, but preparation for a breach decreases the likelihood of a cyber attack. Looking forward into 2018, lessons to learn from the past year’s breaches include:

  • Stay transparent. After a data breach, it is important to stay transparent about what occurred. This will maintain client respect and firm reputation. Public trust of a firm is everything, including financial stability.

  • Do not hide previous actions. Uber Technologies Inc. unsuccessfully attempted to sidestep its 2016 breach that spilled information about clients and drivers, a tactic that generated further public mistrust. Paige Boshell, the leader of Bradley Arant Boult Cummings partner and cybersecurity and privacy, explained that “the likelihood of a congressional hearing is much higher due to the subsequent actions than it is for the breach.”

  • Invest in cybersecurity. Responsibility surrounding cybersecurity is crucial; even if a breach occurs, scrutiny is less likely if the firm has done its best to protect sensitive information. Knowing that a firm did as much as it could to prevent a breach secures its reputation more than if the firm was uneducated and ignorant about cybersecurity.

  • Develop a plan. In the case of a data breach, a law firm should be completely prepared. A response plan that is inclusive for the entire company can keep everyone on the same page. Weekly testing for patches and computer security software updates can reveal weaknesses in the system, allowing firms to catch a potential soft spot where a breach could occur.

William Roberts, the privacy officer for Shipman & Goodwin LLP, explains that, “Clients need to trust their law firms, and part of that trust is knowing that firms will use, disclose and safeguard client information in a thoughtful and legally-compliant manner.”

It is obvious that law firms and big corporations alike need to examine the past and take this new knowledge forward to adapt to rapidly changing technology. By learning from others’ mistakes, it can be easier to escape cyber threats and potential attacks. However, a cyber breach can happen to any law firm, so it is crucial to understand what one is up against.

Hannah Felfe

Hannah Felfe is a staff contributor for Bigger Law Firm Magazine.


Google Knowledge Graph May Be Valuable for Law Firms

The Knowledge Graph uses the information on the web to understand real-world connections between the data it collects.

How to Create a Successful Content Marketing Plan for Law Firms

How to Create a Successful Content Marketing Plan for Law Firms

Content guidelines with stated direction let writers, designers, and contributors know what they need to focus on.

Law Firm and Attorney Reputation Management

Law Firm and Attorney Reputation Management

Managing your way out of a crisis is difficult but not impossible.