4 Tips For Law Firms To Avoid Cyber Threats

If you even casually keep up with the news, you’ve probably heard stories like these: “Hackers Steal 400,000 Consumer Records From Major Retailer” or “Ransomware Attack Threatens To Expose Data Company’s Most Sensitive Information.”

These types of threats have accelerated in recent months and years, as personal data has become valuable currency for bad actors seeking to do harm to others—often in return for compensation or the thrill of making headlines. Think for a moment about all the information your law firm holds on clients and matters. What would the results be if it were compromised? If the thought scares you, law firm information security should be a priority.

What Are The Biggest Cyber Threats To Law Firms?

There’s no single way scammers try to get hold of sensitive data — some will attempt multiple methods to find and exploit weaknesses. Your job, as the protector of your law firm’s client data, is to recognize what forms these attacks can take, as well as take measures to mitigate the risks.

Phishing Scams

Phishing scams are a confidence scheme where the attacker tries to trick someone within the firm into giving up sensitive information or installing malicious software. By gaining the trust of an employee on the inside, the attacker has turned that person into an unknowing/unwilling accomplice to help them achieve their goals. This is the most prominent cyber threat facing law firms, as the often busy, stressful environment can lead to less critical thinking about a message that may appear legitimate at first glance.

Lexicon Chief Information Officer Brad Paubel provides some tips that will help ensure law firms protect their data and their attorneys and legal staff avoid phishing scams:

  • Avoid emails insisting on urgent action: These emails are designed to fluster its target often by threating a negative consequence if direct action is not quickly taken. Recipients are often so taken aback by the potential negative ramifications of inaction that they fail to study the email for indications of a scam.
  • Avoid emails with spelling errors: Legitimate companies utilize spell-check, so their corporate communications appear professional. Spelling or grammatical errors should automatically be treated with suspicion.
  • Avoid emails containing unfamiliar greetings: Emails sent by friends or colleagues typically begin with an informal salutation. If a message starts with “Dear XXX” there is a decent chance the message originates from an attacker.
  • Avoid emails that have inconsistencies in the address: By checking the sender email address against previous emails received from the same person, it is possible to detect inconsistencies.
  • Avoid inconsistencies in links and domain names: Links to malicious sites can easily be disguised as legit links. It is wise for employees to hover a mouse cursor over a link in an email to see the actual link address.
  • Be suspicious of attachments: Interoffice file sharing mostly takes place via tools such as Dropbox, OneDrive, or SharePoint. Emails from coworkers with file attachments – especially ones with unfamiliar extensions or ones commonly used to deliver malware payloads (.zip, .exe, .scr, etc.) – should be treated with suspicion.
  • Avoid emails that seem too good to be true: Emails that promise hard-to-believe benefits incentivize targets to click a link or open an attachment. These emails should be immediately flagged.
  • Avoid emails requesting login credentials, payment information, or other sensitive information: Always treat these requests with extreme caution.

Email Hacking

In this scenario, a hacker has gained access to the email account of a trusted person (possibly a client or vendor) and monitors the incoming/outgoing email to gain access to personal information. They may also send email from the account in order to impersonate the account owner in order to gain even more information. The party giving out the information has no reason to believe there is anything amiss, as they have previously interacted with a known and trusted email.


Ransomware is a scam that has gained traction in recent years and involves an attacker convincing someone within an organization to click a link or install a piece of infected software. That software then has the power to lock down data and hold it hostage until a demanded payment is made. The attacker often threatens to release or post the data if payment is not made.

Data Breach

One of the earliest and most basic ways to steal private data, but it still happens as hackers outsmart security protocols. The attacker explores all facets of a secure data system in order to exploit any weaknesses in software or security. This has been a long-running cat-and-mouse game — as soon as ways are found to plug security flaws, hackers go to work to figure out a new way in.

How To Avoid A Law Firm Cyber Attack

No one can guarantee that cyber criminals will never be able to gain access to your confidential information. You can, however, take measures to minimize your risks and recognize when attempts are being made.

  • Train Employees — People can be a big weakness in the cyber security chain, most often because they are not trained to know what an attack looks like — as in the case of phishing. They should know not to click on random links, verify the email sender and never send personal information through unencrypted email.
  • Utilize Software — As stated earlier, cyber criminals are constantly evolving their tools for system intrusion. Installing a strong security suite on your data system and user workstations—and one that automatically updates with the latest security measures—is key to preventing common data breaches.
  • Share Securely — There may be times when you must share sensitive client/case information with others—including clients, law clerks, attorneys and opposing counsel. This information should never be emailed through regular means. Any confidential content should only be shared through an encrypted file sharing and messaging platform.
  • Maintain Backups — Even if you never have a cyber security incident, having a regular data backup strategy is smart. You never know when a file storage system can fail, taking all your sensitive data with it. Should you fall victim to a ransomware attack and your files are locked, you will have a backup to install on a new system (and stay in business) while you deal with the threat itself.

What To Do If Your Law Firm Is Victim Of Cyber Attack

We hope it does not happen, or you have least made a contingency plan, but in the event you find your law firm the victim of a cyber attack, follow these steps immediately so you can better manage the cyber security crisis:

  • Detect — Identify the event, either through software or employee reporting.
  • Contain — Identify where the breach/incident happened and isolate any component.
  • Investigate — Once the source of the attack is identified, discover the damage scope.
  • Mitigate — Notify any affected parties, scan/update affected systems and contact law enforcement (if needed).
  • Improve — Learn from what happened and build a plan to keep it from happening again.

Unfortunately, some cyber attacks are unavoidable, but experts in the field have worked diligently to come up with cyber security best practices for law firms to help avoid a worst-case scenario.

Lexicon can help you make a plan to keep your data secure so your firm is at less risk from cyber threats. Get in touch with us and let us show you how.