Law Firms Need To Protect Themselves Against Security Breaches

Cybersecurity is evolving. This is more than just a technology issue or an added clause in the retainer agreement—it’s the biggest risk that law firms face in 2017. Cravath, Swaine & Moore and Weil Gotshal & Manges, two of the largest firms in the United States, got caught in a major cybersecurity breach later linked to a $4 million-plus insider-trading scheme. Other law firms that were hacked in the past five years include Panama-based law firm Mossack Fonseca, NYC law firm Cravath, Swaine & Moore and Weil Gotshal & Manges and Wiley Rein, one of the largest law firms in Washington, D.C. Today, cyber risk is just a part of doing business for law firms – big ones and large ones.

law firm managed IT

What Cyber Hackers Are Doing To Law Firms

Law firms are an easy target for hackers, and hackers seek ways to monetize their break-ins. They use ransomware to steal data and use blackmail blocking access to the firm’s computer system until the ransom is paid. Another strategy is to threaten the publication of embarrassing information. And if law firms don’t comply with the demand, they risk losing confidential data permanently. Here are three top reasons why cybercriminals target law firms.

  • Hackers seek to take advantage of large amounts of quality and valuable documents. By focusing on law firms, they can gain quick access to confidential information like financial data for clients, technical secrets and business strategies.
  • It’s a quick detour for information. Instead of targeting large corporations, they can quickly garner and select more valuable information from the company’s outside counsel.
  • It’s well-known that law firms have low levels of security. Some large companies even have just a few techs in their IT department. Plus, a busy law office doesn’t have the time to upgrade security measures, and hackers know that.

The threat to law firms is real. “In the spring of 2016, more than 40 of America’s top law firms were targeted for information on global mergers and acquisitions in one single hacking event. As reported by DataBreaches.net, the American Bar Association confirmed that approximately 25% of all U.S. law firms with 100 or more lawyers had experienced a data breach in 2015. These incidents occurred in the form of website attacks and break-ins. Lost or stolen items, like computers or cell phones, also contributed to these statistics. During the same year, 15% of all law firms reported an unauthorized intrusion into the computer files of their practices. “

Ways Law Firms Can Fight Back

Law firms can make it difficult for hackers. All the technology in the world cannot protect a law firm. People are the weakest link in the cybersecurity chain, and employees need to be better trained at spotting things like a phishing email. Law firms can fight back by keeping backups disconnected from the internet and network. This way, they can’t be hit by malware. Patches need to be installed to fix holes in security and updates to the software should be done on a regular basis. This will prevent leaving the door open and letting cybercriminals in. Archives, unidentifiable users, and executable files should be blocked. And if using cloud storage, the law firm should control the encryption key itself. The cybersecurity program should always meet the needs of all clients. There should be effective restrictions on all mobile devices. If a breach should occur, systems need to be set to capture log data. Law firms should also share threat information about vulnerabilities with others. Awareness is key.

The Most Common Attacks Law Firms Face

Law firms face the same most common attacks as other types of companies and organizations. Here’s a list of the most common five:

  • Socially engineered malware
  • Password phishing attacks
  • Unpatched software
  • Social media threats
  • Advanced persistent threats

Both strong end-user education and updated anti-malware are very effective to fight socially engineered malware. Anti-spam vendors should be used to have clean inboxes. Up to 70 percent of email is spam. Unpatched programs like Adobe Reader should be perfectly patched to decrease the risk of an attack. Rogue friends and bad applications are often seen on social media sites like Twitter, Facebook, and LinkedIn. Many of the worst hacks actually start on social media. Law firms need to make sure that employees do not share corporate passwords and use sophisticated logins to ward off hackers who disguise themselves as friends. The most common method for an advanced persistent thread is to send a specific phishing campaign. It’s easy to trick employees with this strategy. Preventing this type of attack is tough, but law firms need to understand their own network traffic patterns to catch it.

It’s important that law firms ensure its defenses are aligned with the most common attacks. If you’d like to learn more about how to protect your law firms against cyber attack, contact Dynamic Quest today to talk more about managed IT services for law firms!


Managed Services
Managed IT Managed Service Desk Managed Cloud Services Managed Security Services Managed Backup and Disaster Recovery VOIP Phone Systems
Professional Services Page
IT Projects Migration Services Office 365 Development Business Systems Support Azure Cloud Solutions Anything as a Service (XAAS) Carrier Services
Archives by Subject

The internal team was energized. With the Level 1 work off its plate, the team turned its attention to the work that fueled company growth and gave them job satisfaction.

Large Healthcare Company

Forty-three percent of attacks are aimed at SMBs, but only 14% are prepared to defend themselves (Accenture).

40% of businesses will incorporate the anywhere operations model to accommodate the physical and digital experiences of both customers and employees (Techvera).

The three sectors with the biggest spending on cybersecurity are banking, manufacturing, and the central/federal government, accounting for 30% of overall spending (IDC).

The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures “2022 Cybersecurity Almanac.”.

More than 33 billion records will be stolen by cybercriminals by 2023, an increase of 175% from 2018.

The average cost of a data breach in the United States is $8.64 million, which is the highest in the world, while the most expensive sector for data breach costs is the healthcare industry, with an average of $7.13 million (IBM).

It takes an average of 287 days for security teams to identify and contain a data breach, according to the “Cost of a Data Breach 2021” report released by IBM and Ponemon Institute.

We did a proof of concept that met every requirement that our customer might have. In fact, we saw a substantial improvement.

Steve Fout, VP Sales, Godlan, Inc

We did everything that we needed to do, financially speaking. We got our invoices out to customers, we deposited checks, all the things we needed to do to keep our business running, and our customers had no idea about the tragedy. It didn’t impact them at all.

Denise Koontz, CFO, Got You Floored

“We believe our success is due to the strength of our team, the breadth of our services, our flexibility in responding to clients, and our focus on strategic support.”

Dynamic Quest

Our Vendors