Like all businesses, law firms must be vigilant when it comes to cybersecurity, particularly when protecting client data…
Like all businesses, law firms must be vigilant when it comes to cybersecurity, particularly when protecting client data. Suffering a data breach may not only compromise sensitive business and client information, but can also be an ethics and public relations nightmare.
While law firms are increasingly in the crosshairs of cybercriminals, many are not prepared for an attack. According to the American Bar Association’s 2017 ABA Legal Technology Survey, 22 percent of over 4,000 respondents reported their firms had experienced a data breach in 2017, compared to 14 percent in 2016. Of all survey respondents, 25 percent reported having no cyber policies, while 7 percent of all respondents stated that they didn’t know about their firm’s security policies.
While the legal industry has made strides to address data security in recent years, many firms have been slow to make it a priority. Below are five key mistakes that could make your firm vulnerable to a cyberattack:
(1) Underestimating Your Value to Hackers: Cybercriminals are increasingly targeting law firms because they have access to a wealth of confidential information, such as trade secrets, strategic plans, patents, and financial transactions. A few years ago, hackers infiltrated the computer networks at some of the nation’s largest law firms in an attempt to gain access to confidential information and exploit it using insider trading schemes. Hackers also tend to target the low-hanging fruit. They know that many small firms likely don’t have robust safeguards in place and can easily target those vulnerabilities.
(2) Thinking Employees Won’t Fall for Scams: Cyber attacks are becoming increasingly sophisticated, which makes them harder to detect. For instance, email phishing scams no longer feature bad grammar and fictitious entities, which easily tip off recipients. Instead, perpetrators often monitor and gather information about their victims for several months prior to launching an attack. Accordingly, the emails are well written and specific to the business being victimized. They may even purport to come from a trusted contact. In schemes involving fraudulent requests for funds, the dollar amounts requested are similar to normal business transaction amounts in an effort to avoid suspicion. Given that your staff and lawyers are the first line of defense to a cyberattack, regular training regarding the firm’s policies and procedures on preventing cyberattacks is critical.
(3) Failing to Regularly Evaluate Procedures and Risks: Cybersecurity is a never-ending battle. Cyber threats, legal requirements, and technology are continually evolving, and it is imperative for law firms to keep pace. For instance, before storing data in the cloud, law firms should be sure that they fully understand both the risks and benefits. Just like firms advise their clients to conduct audits in other areas, regular reviews of your cybersecurity protocols and incident response plan are essential to ensuring they will hold up when you need them. Law firms should also regularly scrutinize third-party vendors to ensure that they are also taking the proper steps to safeguard client data.
(4) Not Devoting Sufficient Resources: Adequately protecting your firm from cyber attacks can be costly, particularly for small and mid-sized firms. However, retaining experienced security consultants and/or vendors can pay for itself, as the expense of having strong security protocols in place will almost always be less than the monetary and reputational costs of a breach. Law firms should also consider evaluating their existing insurance coverage to determine whether a cyber insurance policy is warranted.
(5) Assuming Clients Won’t Ask: Given that attorneys can provide an alternative means for cybercriminals to gain valuable data of corporate clients, businesses are increasingly asking tough questions when retaining outside counsel. Potential clients will want to know how the firm safeguards its clients’ proprietary information, including the cybersecurity measures it employs and how regularly they are evaluated.
If you have questions, please contact us
If you have any questions or if you would like to discuss the matter further, please contact the Scarinci Hollenbeck attorney with whom you work, at 201-806-3364.
Does Your Homeowners Insurance Provide Adequate Coverage?
Your home is likely your greatest asset, which is why it is so important to adequately protect it. Homeowners insurance protects you from the financial costs of unforeseen losses, such as theft, fire, and natural disasters, by helping you rebuild and replace possessions that were lost While the definition of “adequate” coverage depends upon a […]
Understanding the Importance of a Non-Contingent Offer
Making a non-contingent offer can dramatically increase your chances of securing a real estate transaction, particularly in competitive markets like New York City. However, buyers should understand that waiving contingencies, including those related to financing, or appraisals, also comes with significant risks. Determining your best strategy requires careful analysis of the property, the market, and […]
Fred D. Zemel Appointed Chair of Strategic Planning at Scarinci & Hollenbeck, LLC
Business Transactional Attorney Zemel to Spearhead Strategic Initiatives for Continued Growth and Innovation Little Falls, NJ – February 21, 2025 – Scarinci & Hollenbeck, LLC is pleased to announce that Partner Fred D. Zemel has been named Chair of the firm’s Strategic Planning Committee. In this role, Mr. Zemel will lead the committee in identifying, […]
Novation Agreement Process: Step-by-Step Guide for Businesses
Big changes sometimes occur during the life cycle of a contract. Cancelling a contract outright can be bad for your reputation and your bottom line. Businesses need to know how to best address a change in circumstances, while also protecting their legal rights. One option is to transfer the “benefits and the burdens” of a […]
What Is a Trade Secret? Key Elements and Legal Protections Explained
What is a trade secret and why you you protect them? Technology has made trade secret theft even easier and more prevalent. In fact, businesses lose billions of dollars every year due to trade secret theft committed by employees, competitors, and even foreign governments. But what is a trade secret? And how do you protect […]
What Is Title Insurance? Safeguarding Against Title Defects
If you are considering the purchase of a property, you may wonder — what is title insurance, do I need it, and why do I need it? Even seasoned property owners may question if the added expense and extra paperwork is really necessary, especially considering that people and entities insured by title insurance make fewer […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Five Cybersecurity Mistakes Law Firms Make
Author: Scarinci Hollenbeck, LLC
Like all businesses, law firms must be vigilant when it comes to cybersecurity, particularly when protecting client data…
Like all businesses, law firms must be vigilant when it comes to cybersecurity, particularly when protecting client data. Suffering a data breach may not only compromise sensitive business and client information, but can also be an ethics and public relations nightmare.
While law firms are increasingly in the crosshairs of cybercriminals, many are not prepared for an attack. According to the American Bar Association’s 2017 ABA Legal Technology Survey, 22 percent of over 4,000 respondents reported their firms had experienced a data breach in 2017, compared to 14 percent in 2016. Of all survey respondents, 25 percent reported having no cyber policies, while 7 percent of all respondents stated that they didn’t know about their firm’s security policies.
While the legal industry has made strides to address data security in recent years, many firms have been slow to make it a priority. Below are five key mistakes that could make your firm vulnerable to a cyberattack:
(1) Underestimating Your Value to Hackers: Cybercriminals are increasingly targeting law firms because they have access to a wealth of confidential information, such as trade secrets, strategic plans, patents, and financial transactions. A few years ago, hackers infiltrated the computer networks at some of the nation’s largest law firms in an attempt to gain access to confidential information and exploit it using insider trading schemes. Hackers also tend to target the low-hanging fruit. They know that many small firms likely don’t have robust safeguards in place and can easily target those vulnerabilities.
(2) Thinking Employees Won’t Fall for Scams: Cyber attacks are becoming increasingly sophisticated, which makes them harder to detect. For instance, email phishing scams no longer feature bad grammar and fictitious entities, which easily tip off recipients. Instead, perpetrators often monitor and gather information about their victims for several months prior to launching an attack. Accordingly, the emails are well written and specific to the business being victimized. They may even purport to come from a trusted contact. In schemes involving fraudulent requests for funds, the dollar amounts requested are similar to normal business transaction amounts in an effort to avoid suspicion. Given that your staff and lawyers are the first line of defense to a cyberattack, regular training regarding the firm’s policies and procedures on preventing cyberattacks is critical.
(3) Failing to Regularly Evaluate Procedures and Risks: Cybersecurity is a never-ending battle. Cyber threats, legal requirements, and technology are continually evolving, and it is imperative for law firms to keep pace. For instance, before storing data in the cloud, law firms should be sure that they fully understand both the risks and benefits. Just like firms advise their clients to conduct audits in other areas, regular reviews of your cybersecurity protocols and incident response plan are essential to ensuring they will hold up when you need them. Law firms should also regularly scrutinize third-party vendors to ensure that they are also taking the proper steps to safeguard client data.
(4) Not Devoting Sufficient Resources: Adequately protecting your firm from cyber attacks can be costly, particularly for small and mid-sized firms. However, retaining experienced security consultants and/or vendors can pay for itself, as the expense of having strong security protocols in place will almost always be less than the monetary and reputational costs of a breach. Law firms should also consider evaluating their existing insurance coverage to determine whether a cyber insurance policy is warranted.
(5) Assuming Clients Won’t Ask: Given that attorneys can provide an alternative means for cybercriminals to gain valuable data of corporate clients, businesses are increasingly asking tough questions when retaining outside counsel. Potential clients will want to know how the firm safeguards its clients’ proprietary information, including the cybersecurity measures it employs and how regularly they are evaluated.
If you have questions, please contact us
If you have any questions or if you would like to discuss the matter further, please contact the Scarinci Hollenbeck attorney with whom you work, at 201-806-3364.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
