Focus on Ethics & Civility, 0219 UTBJ, Vol. 32, No. 1. 44

Author:by Keith A. Call.
Position::Vol. 32 1 Pg. 44

Focus on Ethics & Civility

Vol. 32, No. 1 Pg. 44

Utah Bar Journal

February, 2019




Had a Data Breach. Now What?


Keith A. Call.


2017, a law firm cybersecurity consulting firm released an

astonishing report about law firm cybersecurity. See

LogicForce, Law Firm Cybersecurity Scorecard, 2017


After conducting surveys and assessments of more than 200 law

firms ranging in size from one attorney to more than 400,

LogicForce reported:

• “Every law firm assessed was unwantedly targeted

for confidential client data in 2016–2017.”

• Approximately 40% of those law firms did not even know

they were breached.

• Across the law firms surveyed and tested, there were

on average 10,000 intrusion attempts per day, per server.

• 4.2 billion records were compromised across 4,169

publicly confirmed breaches in 2016.

• Cyberattacks on law firms are non-discriminatory. Size

and revenues do not mater.


years ago, I had a run of about three consecutive years of

free credit reporting. Apparently, my personal credit card

information had been compromised after using it at some of

the nation’s largest and most sophisticated retail

companies. I have not had any similar problems for the past

few years (knock on wood!). I wonder if internet security

protocols at major retailers have improved.


personal suspicion is that hackers are turning their

attention to easier targets – like law firms. Law firms

often possess a host of incredibly valuable information as

part of their electronic databases, including clients’

intellectual property, tax returns, bank and other financial

information, business plans, medical records, and other

personal client information. Large and sophisticated

businesses and financial institutions have made great strides

to improve internet security, but law firms may not be

keeping up. One industry consultant writes, “Law firms

are notorious for having low levels of data security in

place…even worse than the clients they are

serving.” See Erika Winston, Why Hackers

Target Law Firms (May 25, 2017),


no matter how large or small your law firm is, it is no

longer a question of whether you will be attacked, but when.

See Jim Calloway, Manage Cyber-Attacks: Is It

Really Not If You Will be...

To continue reading