Working in a world of confidentiality and discretion, attorneys deal with highly valuable and sought-after information. This year alone has already seen a number of law firms fall victim to high-profile cyber-attacks.
The American Lawyer reported on law firms in New York and Minnesota that were recently targeted by an email phishing scam called GozNym. The program infected users’ computers, allowing hackers access to banking login information. The criminals transferred over $117,000 before they were apprehended.
In January 2019, The American Lawyer also covered a story about a U.S. law firm being one of the victims in a string of advanced cyber-espionage attacks. The article cited a Recorded Futures cyber-threat analysis detailing an alleged attack by a Chinese government-sponsored group called APT10. The law firm, which specializes in intellectual property, was targeted by APT10. The group used remote access software to get into the firm’s networks, acquire user credentials, hack the law firm’s third-party software, and then leverage that information to gain access to the networks of hundreds of corporations around the world.
Nearly all law firms have one thing in common: they store valuable data, and cyber criminals know it. Smart firms are taking steps to minimize their risk.
A single legal office stores a wealth of potentially lucrative information such as confidential case files, trade secrets, corporate documents, and details about client finances. Sometimes lawyers or firms themselves are targets. Sometimes their clients are the targets. Either way, the data that is sought after by hackers, if released, could ruin a business and its reputation.
But the sensitive information itself isn’t the only reason law firms are common targets for cyber-attacks. The legal industry has other specific vulnerabilities:
Most attorneys find their work is based largely on reputation and on word of mouth, which leaves them in a vulnerable position if attacked. All U.S. states have some type of notification laws in the event of a data breach. Having to disclose the loss of client information or valuable trade secrets could destroy a firm’s reputation.
As an attorney, you are faced with an uphill battle when it comes to minimizing your risk against cybersecurity. The threats to your firm are constantly evolving, as are the best practices for keeping your data safe.
It can be overwhelming but there are immediate steps you can take to protect your firm. Start with:
It is imperative for all lawyers and other business owners alike to remember: hackers only need to find one way in. They spend a great deal of time finding that one way, so make sure to protect your business from every possible angle.
Cyber Liability Self-Assessment
Request a Cyber Liability Insurance Estimate
What a Business Should Do After a Data Breach
Daniels-Head Insurance Agency has been chosen by the attorney audience of the Texas Lawyer as a 1st Place winner of the “Best Of” reader's survey for 2025!
Cyber threats put every law firm at risk. A single attack can compromise client data and expose your firm to costly legal consequences. Cyber liability insurance offers financial protection, legal support, and compliance guidance—but is it a smart investment or just another expense?
If you own a business, you are a target. Cybercriminals are vicious and no one is immune. Protect your law firm and your clients with Cyber Liability Insurance.
Subscribe to our monthly newsletter to receive loss prevention tips & advice, CLE webinar invites, our latest blog articles & more.
