Cyberattacks across all industries are on the rise, but the numbers are particularly troubling for the legal industry. According to American Bar Association’s 2022 Legal Technology Survey Report, 27% of respondents claimed to have experienced a security breach – up from 25% the year before. An additional 25% reported not knowing if their firm had experienced a security breach. A 2021 report released by security firm BlueVoyant found that while 15% of thousands of law firms showed signs of compromised networks, all were subject to targeted threat activity. Finally, earlier this year The American Lawyer reviewed national data sets posted by four state governments. Between 2014 and 2019, fewer than 20,000 Americans had personally identifiable information compromised in a law firm breach. But between 2020 and 2022, that number grew to 779,000!
Over the last five to six years, there have been a number of notable attacks on law firms, starting with the 2017 ransomware attack on DLA Piper law firm. That led to several high-profile attacks in 2020, including the MAZE ransomware attack, the Seyfarth Shaw ransomware attack, and the Grubman Shire Meiselas & Sacks attack, in which hackers demanded $21 million – that they later doubled to $42 million after finding files and information related to Donald Trump and Lady Gaga. Cut to early 2023, and eSentire’s Threat Response Unit (TRU) detected 10 cyberattacks that hit six law firms in January and February alone.
Why law firms are an attractive target
So why the increase of cyberattacks in the legal industry? Law firms store a significant amount of sensitive data and client information that they — and their clients — don’t want released. This makes law firms especially vulnerable to ransomware attacks. There are three buckets of data that law firms store, each of which might make them a target.
- Personal data: Law firms store a significant amount of data related to their clients, including financial information, tax information, details related to their physical and mental health, personal and professional contracts — which are especially enticing if the client is a high-profile individual — and, of course, any strategy documents related to active cases.
- Business records: More aggressive players may target law firms that practice business law because, in addition to tax and financial information, these firms also house details on mergers and acquisitions, confidential corporate information, and copyright and patent data.
- Government information: A select number of law firms are also on retainer with the U.S. government and have access to secrets that could threaten national security if stolen or released. This is particularly troubling given that nation-state attacks are on the rise.
Why solo practices and small law firms are particularly vulnerable
You may assume that hackers only target the 100+ firms that handle high-profile clientele, but adversaries don’t discriminate, and small or solo practices are just as vulnerable as larger firms. This is mainly because small firms lack the security budgets of the big players, and hackers know their defenses are probably weaker.
In addition to smaller budgets, smaller firms, solo practices, and even mid-sized practices are also unlikely to have a security or IT team that can help set up appropriate defenses and take care of ongoing security monitoring. Hackers are aware of this and see these smaller firms as low-hanging fruit.
Why law firms should be wary of a data breach
Not only can a cyberattack have devastating reputational and financial costs, but law firms might find themselves in need of legal services. There are a number of compliance mandates and confidentiality laws that law firms must adhere to depending on their location and the type of information they house.
For instance, law firms dealing with malpractice cases must adhere to HIPAA laws and New York law firms must meet the SHIELD law, which stipulates that law firms must implement “reasonable” security safeguards to protect their clients’ information. The American Bar Association’s Rule 1.6: Confidentiality of Information states that lawyers should “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client”.
How solo practices and small law firms can become cyber resilient
Step one is acknowledging that your firm is a target. It’s not a matter of if an attack happens, but when. To ensure you’re prepared when the attack comes, it’s advised to conduct a risk assessment at least once a year to ensure you have the appropriate defenses in place and are compliant with federal, state, and local laws and guidelines. Annual risk assessments are often also a requirement for cyber insurance, which is step number two.
Law firms of all sizes need to invest in the cybersecurity basics, including email protection, endpoint protection, endpoint detection and response, privilege account abuse detection, and cyber insurance. Despite rising premiums, cyber insurance is a vital component of a cybersecurity plan. Firms also need to assemble an incident response plan that lays out what needs to be done in the event of a breach and who is responsible for each task.
Most security breaches are a result of human error, so even the best technology won’t completely protect your firm. You need to conduct cybersecurity training and establish policies around email best practices, internet and social media usage, remote access, password protection, and more.
Given that most firms lack a robust in-house cybersecurity team, an outside vendor is typically necessary to ensure a strong security posture. Your firm needs a partner who can provide 24/7 monitoring and response services, review your cybersecurity plan to make sure it’s airtight; and, ideally, provide the necessary tools and technology to secure your firm.
While it’s rare to find such a partner, SolCyber is up to the challenge. Our Foundational Coverage ensures solo practices and small to mid-sized firms have everything they need and nothing they don’t. And we can get you up and running in days!
Ready to become cyber resilient? Reach out to the experts in cybersecurity to see how we can help.
Follow us on the following social platforms!