Had a Data Breach. Now What?
Keith A. Call.
2017, a law firm cybersecurity consulting firm released an
astonishing report about law firm cybersecurity. See
LogicForce, Law Firm Cybersecurity Scorecard, 2017
After conducting surveys and assessments of more than 200 law
firms ranging in size from one attorney to more than 400,
• “Every law firm assessed was unwantedly targeted
for confidential client data in 2016–2017.”
• Approximately 40% of those law firms did not even know
they were breached.
• Across the law firms surveyed and tested, there were
on average 10,000 intrusion attempts per day, per server.
• 4.2 billion records were compromised across 4,169
publicly confirmed breaches in 2016.
• Cyberattacks on law firms are non-discriminatory. Size
and revenues do not mater.
years ago, I had a run of about three consecutive years of
free credit reporting. Apparently, my personal credit card
information had been compromised after using it at some of
the nation’s largest and most sophisticated retail
companies. I have not had any similar problems for the past
few years (knock on wood!). I wonder if internet security
protocols at major retailers have improved.
personal suspicion is that hackers are turning their
attention to easier targets – like law firms. Law firms
often possess a host of incredibly valuable information as
part of their electronic databases, including clients’
intellectual property, tax returns, bank and other financial
information, business plans, medical records, and other
personal client information. Large and sophisticated
businesses and financial institutions have made great strides
to improve internet security, but law firms may not be
keeping up. One industry consultant writes, “Law firms
are notorious for having low levels of data security in
place…even worse than the clients they are
serving.” See Erika Winston, Why Hackers
Target Law Firms (May 25, 2017),
no matter how large or small your law firm is, it is no
longer a question of whether you will be attacked, but when.
See Jim Calloway, Manage Cyber-Attacks: Is It
Really Not If You Will be...