Like all businesses, law firms must be vigilant when it comes to cybersecurity, particularly when protecting client data…
Like all businesses, law firms must be vigilant when it comes to cybersecurity, particularly when protecting client data. Suffering a data breach may not only compromise sensitive business and client information, but can also be an ethics and public relations nightmare.
While law firms are increasingly in the crosshairs of cybercriminals, many are not prepared for an attack. According to the American Bar Association’s 2017 ABA Legal Technology Survey, 22 percent of over 4,000 respondents reported their firms had experienced a data breach in 2017, compared to 14 percent in 2016. Of all survey respondents, 25 percent reported having no cyber policies, while 7 percent of all respondents stated that they didn’t know about their firm’s security policies.
While the legal industry has made strides to address data security in recent years, many firms have been slow to make it a priority. Below are five key mistakes that could make your firm vulnerable to a cyberattack:
(1) Underestimating Your Value to Hackers: Cybercriminals are increasingly targeting law firms because they have access to a wealth of confidential information, such as trade secrets, strategic plans, patents, and financial transactions. A few years ago, hackers infiltrated the computer networks at some of the nation’s largest law firms in an attempt to gain access to confidential information and exploit it using insider trading schemes. Hackers also tend to target the low-hanging fruit. They know that many small firms likely don’t have robust safeguards in place and can easily target those vulnerabilities.
(2) Thinking Employees Won’t Fall for Scams: Cyber attacks are becoming increasingly sophisticated, which makes them harder to detect. For instance, email phishing scams no longer feature bad grammar and fictitious entities, which easily tip off recipients. Instead, perpetrators often monitor and gather information about their victims for several months prior to launching an attack. Accordingly, the emails are well written and specific to the business being victimized. They may even purport to come from a trusted contact. In schemes involving fraudulent requests for funds, the dollar amounts requested are similar to normal business transaction amounts in an effort to avoid suspicion. Given that your staff and lawyers are the first line of defense to a cyberattack, regular training regarding the firm’s policies and procedures on preventing cyberattacks is critical.
(3) Failing to Regularly Evaluate Procedures and Risks: Cybersecurity is a never-ending battle. Cyber threats, legal requirements, and technology are continually evolving, and it is imperative for law firms to keep pace. For instance, before storing data in the cloud, law firms should be sure that they fully understand both the risks and benefits. Just like firms advise their clients to conduct audits in other areas, regular reviews of your cybersecurity protocols and incident response plan are essential to ensuring they will hold up when you need them. Law firms should also regularly scrutinize third-party vendors to ensure that they are also taking the proper steps to safeguard client data.
(4) Not Devoting Sufficient Resources: Adequately protecting your firm from cyber attacks can be costly, particularly for small and mid-sized firms. However, retaining experienced security consultants and/or vendors can pay for itself, as the expense of having strong security protocols in place will almost always be less than the monetary and reputational costs of a breach. Law firms should also consider evaluating their existing insurance coverage to determine whether a cyber insurance policy is warranted.
(5) Assuming Clients Won’t Ask: Given that attorneys can provide an alternative means for cybercriminals to gain valuable data of corporate clients, businesses are increasingly asking tough questions when retaining outside counsel. Potential clients will want to know how the firm safeguards its clients’ proprietary information, including the cybersecurity measures it employs and how regularly they are evaluated.
If you have questions, please contact us
If you have any questions or if you would like to discuss the matter further, please contact the Scarinci Hollenbeck attorney with whom you work, at 201-806-3364.
Tips for Commercial Landlords Impacted by Wave of Retailer Bankruptcies
The retail sector has experienced a wave of bankruptcy filings over the last year. Brick-and-mortar businesses in financial distress include big-name brands like Big Lots, Party City, The Container Store, and Vitamin Shoppe. When large retailers seek bankruptcy protection, they are not the only businesses impacted. Landlords can be particularly hard hit. While commercial landlords […]
How Understanding Bankruptcy Trends Can Benefit Your Business
The bankruptcy legal landscape presents both challenges and opportunities for businesses navigating financial distress. Understanding current bankruptcy trends can help businesses make more informed and strategic decisions. Corporate Bankruptcy Filings Trending Upwards Bankruptcy filings continued to trend upwards in 2024. According to statistics released by the Administrative Office of the U.S. Courts, personal and business […]
SEC Takes Actions Against Issuers for Failure to File Form D
In December, the U.S. Securities and Exchange Commission (SEC) announced charges against two privately held companies for failing to file a Form D notice, which is generally utilized for exempt securities offerings. Here, the SEC’s enforcement sends a strong message: compliance with regulatory requirements is not optional and failure to comply can have significant consequences. […]
Redefining Labor Relations: NLRB's Pivot from Abruzzo’s Memoranda
On February 14, 2025, the Office of General Counsel (OGC) of the National Labor Relations Board (NLRB) under Acting General Counsel William B. Cowen issued Memorandum 25-05, “New Process for More Efficient, Effective, Accessible and Transparent Case handling.” The Memorandum rescinds nearly all of the Memoranda issued by his direct predecessor, Jennifer Abruzzo, setting the […]
If you purchase real property from a foreign person or entity, you may be required to withhold taxes from your payment to the seller under the Foreign Investment in Real Property Tax Act (FIRPTA). The federal tax law is designed to ensure that foreign sellers pay any applicable capital gains tax on profits realized from […]
Does Your Homeowners Insurance Provide Adequate Coverage?
Your home is likely your greatest asset, which is why it is so important to adequately protect it. Homeowners insurance protects you from the financial costs of unforeseen losses, such as theft, fire, and natural disasters, by helping you rebuild and replace possessions that were lost While the definition of “adequate” coverage depends upon a […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
