The biggest cybersecurity risks facing law firms today

by Brad Garland

The American Bar Association has been calling attention to cybersecurity for its members for quite some time now. They’ve gone so far as to state, “It’s when not if, a law firm or other entity will suffer a breach.”

It’s their job to keep members informed and help them, and we applaud them for raising awareness of cybersecurity for their members. But, as knowledgeable guides who take responsibility for helping our clients sail the murky seas of cybersecurity, we’re also here to tell you one important thing:

Don’t panic!

This step should not be underestimated. Panicking is never a good idea! That being said, the ABA is onto something. Whether you’re an IT team member, lawyer, or executive, you know that cybersecurity risks are very real. Identifying and mitigating those risks; however, is something that is extremely attainable for every law firm. 

What are the biggest cybersecurity risks facing law firms today? 

Underinvesting in the right tools and controls.

Law firms of different ages, shapes, and sizes each have unique cybersecurity needs. You could hold hundreds of pieces of client information, or millions. A one-size-fits-all approach is most definitely not the way to keep that information (and your legal practice) safe. 

Human error.

It’s ironic, isn’t it? Some of the biggest security breaches you hear about on the news actually began with human error. Phishing emails have been used for around 20 years to gather login information and hack into networks. They’re still used because they still work! We’re busier than ever, and it’s extremely easy to open a normal-looking email and click on a link before realizing the email is fraudulent. 


Despite having built-in software on many devices that will create “smart” passwords for you, many people still use basic passwords. Hackers know this, and they absolutely take advantage. 

We recently heard from a law firm that had a huge scare when a junior member of the team lost a smartphone on public transportation. The phone contained highly confidential information about a case, and was thankfully found by a good samaritan. That individual called a number in the phone and returned it, uncompromised. Thankfully, the right person found the phone and this story had a happy ending!

Regulatory overload.

Law firms face numerous regulations from their legal industry and a range of client industries. For larger practices, the number of regulations requiring compliance can be especially dizzying. With so many details to keep track of, overload can sometimes result. In many instances, there isn’t a specific person designated to handle cybersecurity and regulatory compliance, causing further stress (and potentially, risk). 

How can my law firm mitigate cybersecurity risks? 

Taking ownership of cybersecurity is the first step toward protecting your law firm. Here at Vala Secure, we recommend our legal clients create a cross-practice team of IT employees and lawyers to devise a security strategy for your firm. Consider hosting town hall meetings for associates and partners to keep them informed about cybersecurity risks, and help prevent costly human errors. 

For extra peace of mind and guidance as you take charge of cybersecurity at your law firm, a trusted cybersecurity partner can help you identify and address any risks to your clients, your employees, and your practice. We can help you become the hero of your law firm, take charge of cybersecurity and put everyone’s minds at ease so you can focus on providing the best possible results for your clients. 

To learn more about our cybersecurity services for the legal industry, contact us to schedule a call. We’re here to help.