Doomsday movies and TV shows have continuously been a staple in American entertainment. These fictionalized end-of-the-world scenarios range from the spread of mysterious diseases to catastrophic weather events and even aliens and zombies taking over. But in recent years, a new threat has arisen in apocalyptic content: cyber-attacks.
In 2023, the Netflix film "Leave the World Behind," based on the novel of the same name, shares the story of two families stuck in a Long Island home trying to navigate a technology blackout caused by a hacker. Earlier this year, Netflix also released its newest series, "Zero Day," starring Robert De Niro as the former president of the United States tasked with handling a cyberterrorist attack. You know an issue has gotten big when it joins the ranks of doomsday entertainment.[1]
Back in the real world, data breaches are not going away any time soon. News stories about cyber attacks against major entities appear almost daily, making cybersecurity one of the most pressing concerns for businesses today.
What Are the Cybersecurity Risks for Law Firms? Law firms are far from immune from the data breach onslaught, with some of the largest firms falling victim to cyber-attacks in recent years. In fact, the ABA’s 2023 Cybersecurity TechReport showed that 29% of survey respondents said their firm had experienced a security breach, with those numbers rising year over year since the survey began.
The significant financial and reputational damage to firms that experience a breach cannot be understated. According to IBM’s 2024 Cost of a Data Breach Report, the global average cost of a data breach last year was $4.88 million, with an average cost of $5.08 million per incident for professional services organizations like law firms.
Since law firms have access to large amounts of sensitive and confidential data, they are increasingly becoming targets for attacks. Therefore, having the best security measures in place to thwart or minimize such breaches should be of utmost concern.
How Can My Firm Protect Itself From a Breach? As the saying goes, it’s better to be safe than sorry. The first step in protecting your firm’s sensitive information is implementing robust safeguards such as encryption and access controls. Encryption transforms your firm’s and your client’s data into an unreadable format that can only be viewed with the correct decryption key, ensuring that even if data falls into the wrong hands, it remains inaccessible. Access control methods such as multi-factor authentication and access logs also safeguard the data from those who shouldn’t be accessing it while tracking who has accessed the information or attempted access.
Michael Nelson, managing partner at Cybir, a cyber security solutions company, cautions, “Multi-factor authentication (MFA) needs to be standard on not only email but also VPN access. Many recent vulnerabilities have been made public in VPN products, and without MFA enabled, attackers have a much easier time accessing a network. Also, if the attacker is using their own computer for malicious activity and sending traffic across a VPN, then much of the evidence a forensic team would want to investigate does not exist because it did not happen on the network.”
Companies should also establish documented policies and procedures for IT systems and their related security measures. For example, develop a patch policy that outlines the steps to identify and fix vulnerabilities in existing software and systems on an ongoing basis. A data breach response plan should also be created, covering items like incident response policies, forensic analysis tools, and cyber insurance. A comprehensive security program ideally involves a combination of both proactive and reactive solutions. Sabrina Walout, a senior consultant at Zaviant, a data security and privacy consulting firm, says, “An ounce of prevention is worth a pound of the cure—and strong proactive policies will greatly reduce the need for relying on reactive solutions.”
As we know, policies are only useful if they are enforced and implemented. Conduct firmwide training on security measures with attorneys and staff to educate them on policies and expectations to prevent a breach and how to handle one should it occur. Walhout advises, “All the latest and greatest technology in the world will not save you if you do not train your people on security awareness.” She adds, “Some of the most brutal hacks are the result of social engineering or phishing. Training your people is crucial to a solid cybersecurity program.” Furthermore, Nelson notes that these expectations should extend beyond your team as well. “Third-party vendors with access to your network and/or data must adhere to the same level of security as you do.”
In addition to implementing policies and leading training, firms should conduct routine vulnerability assessments and penetration testing. Vulnerability assessments are automated, surface-level scans that may be less effective at identifying complex issues. Therefore, it is also recommended that firms implement external penetration testing, which involves having an assessor take the perspective of a malicious attacker trying to break into your environment to detect weaknesses. Performing both types of testing is key to maintaining a secure and healthy infrastructure.
What Does My Firm Do if a Breach Occurs? A data breach requires swift and thoughtful action, so try to keep the panic at bay. The steps to take may vary based on the specifics of the breach and the firm, but generally, you can follow these guidelines for addressing a cyber breach:
Containment - Immediately enlist IT and cybersecurity experts to assess the breach's scope and secure any vulnerabilities. This may involve identifying and isolating the affected systems, closing compromised accounts, revoking access, and changing access codes. Any affected equipment should also be taken offline and replaced with non-compromised machines.
Damage Assessment - Next, firms must determine what data was compromised, from sensitive personal information (PI), like financial information, to protected health information (PHI). Utilizing AI-backed technology, like iCONECT’s cyber data mining platform, expedites data mining by identifying documents and emails containing personal information and then extracting and verifying that data. iCONECT software also normalizes the data using de-duplication and threading capabilities to reduce errors and ensure accuracy. Forensic investigators can also be brought on to interview those who discovered the breach and try to trace the source; however, in some cases, the origin cannot be found.
Notification - Once the compromised data is captured, a notification list of those impacted must be created. The affected parties should be notified promptly, informing them of what happened, the remediation strategy, and any actions needed to further protect themselves, such as updating login credentials or placing fraud alerts with credit bureaus. Firms should also consult a cybersecurity attorney to advise on compliance with applicable data privacy laws and ethical obligations and notify law enforcement of the breach.
Damage Control & Prevention - If your firm does not have an incident response plan, it’s time to establish one. For firms that do, this is an opportunity to update the plan based on the lessons learned from the breach. Conduct full security audits and follow the components of a proactive cyber security plan, including upgrading firewalls, ensuring encryption and two-factor authentication, and conducting training on cybersecurity best practices. Taking these actions will help minimize your firm's legal and reputational risk.
What is ISO 27001 Certification, and How Can It Benefit My Firm? The International Organization for Standardization (ISO) sets global security standards for businesses across sectors and offers a security certification for those who meet those standards. Pursuing ISO 27001 certification is one of the most powerful ways to protect your firm from cyber attacks, as it demonstrates the highest commitment to security.
It’s worth noting that getting certified is a time-intensive process but one that is well worth it. Prepping for certification involves assessing your current system and identifying issues, followed by implementing fixes and rigorous testing to adhere to ISO standards before being formally audited for ISO certification. Not only is ISO certification a critical way to ensure your firm’s security, but it also allows firms to maintain a competitive edge in today’s legal market. According to Walhout, “The ISO process helps you to identify gaps in your current security program that you can take the opportunity to mitigate. Plus, ISO certifications carry weight. Other companies are more inclined to work with a company that has quantifiable evidence that they have mature information security practices in place.”
Firms who have invested in getting their ISO certification mirror these benefits. “The value of ISO 27001 certification for a law firm cannot be overstated,” explains John C. Brooks, chief information officer at Potter Anderson & Corroon. “The policies, processes, and procedures help the firm and our clients to ensure the security of the data managed. ISO provides numerous benefits in terms of the ability to respond to security questionnaires from our clients, and it inspires confidence in the firm’s commitment to information security, which is a competitive advantage.”
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.law.com/thelegalintelligencer/2025/03/25/getting-ahead-of-it-how-law-firms-can-prevent-and-mitigate-cyber-attacks/
Comments