Reading Time: 5 minutes
Cyber attacks don’t just happen to other businesses. 

The threat to law firms just like yours is  real!

It is imperative that you are prepared to protect your law firm from these rogue attacks. 

At one of our recent PILMMA Mastermind meetings, a member shared a true nightmare experience: His law firm had just been subjected  to a ransomware attack that threatened to cost him a million dollars! The culprits locked down all his firm’s data and demanded a $950,000.00 ransom to release the cyber hold.    

As you can imagine, this hacker’s attack was extremely disruptive to the entire law firm and threatened to bring the law firm to their knees. 

Fortunately, the law firm was prepared; They had previously secured cyber-attack insurance that protected them from an almost a million-dollar hit, but it still did not stop them from losing valuable time and money in the process. 

Cyber Security attacks have been on the rise in recent years as the Internet has become such an integral part of our lives. More law firm employees are working remotely, some via the cloud and others independently. Law firms, like other businesses, are conducting more and more business online. The opportunities for cyber hackers abound and continue to grow. In wake of the recent Russian invasion of Ukraine, cyber security concerns in the U.S. are at an all-time high.

According to the Consumer Sentinel Network’s annual data book, over 75,000 incidences of privacy, data security, and cyber threat-related scams were reported in  2020, while the Internet Crimes Complaint Center revealed that they received over 440,000 reports of internet-related crimes each year. This threat continues to grow.  

Is Your Law Firm SAFE From Cyber Attacks?

Law Firms are not immune from cyber attack. 

Just a few months ago, a federal lawsuit was filed in the Southern District of Florida by United Parcel Service, Inc, against a personal injury law firm, The Haggard Law Firm. (1:22-cv-21049) as a result of settlement money that had been cyber hacked. 

The Haggard law firm had gotten a successful settlement against UPS for their client’s personal injuries. UPS‘s counsel made payment to the plaintiff’s firm via electronic direct deposit. Unfortunately, they followed the wiring instructions they received from a hacked/falsified email. The email looked like it came from Plaintiff’s counsel at the Haggard firm. Payment was made pursuant to the instructions in the fake email.  

This scenario could have happened to any law firm.

In the Haggard firm case, UPS received a completed ACH form and payment instructions on bank letterhead from the Haggard lawyer’s email account and made payment as directed – only Haggard Law never received the funds. 

Apparently, cyber attackers had hacked the law firm’s email system and sent false instructions to UPS, directing the funds to a fraudulent bank account.  

Wells Fargo was able to recover most but not all of the funds and forwarded them to the plaintiff. But the plaintiff and the Haggard firm filed suit against UPS for the remaining settlement funds.

UPS argued that The Haggard Law Firm failed to maintain adequate cyber security, among other claims, and that they shouldn’t have to pay the settlement twice. 

UPS sought a Declaratory Judgment against the Plaintiff’s firm arguing breach of confidentiality and negligent failure to take proper security measures. While the case ultimately ended in a Voluntary Dismissal without prejudice last month, it should still serve as a huge wake-up call to us all:  

Law Firms are just as vulnerable as any other business to the risks of cyber-attack.  

Is Your Law Firm SAFE From Cyber Attacks

September 7-9, 2022 – Learn the latest Internet Marketing strategies and the ways to protect your firm from Cyber Attacks.

While there’s no foolproof way to completely protect yourself and your law firm from online attacks it’s important to

  1. Understand that the risk to your law firm is valid
  2. Identify where your law firm may be at risk
  3. Take reasonable proactive measures to minimize your firm’s risk from the most common areas of cyber-attacks. 

Cyber-attacks can take many forms and are constantly evolving, but the best defense is knowing the most common cyber attack forms like malware, viruses, ransomware, and phishing.


Malware is an umbrella term for malicious software that aims to damage your computer, server, or network.

Viruses and ransomware are also considered as types of malwares. Viruses can infect your computer, as well as other devices, leaving your system vulnerable. Ransomware works like a virus but is usually delivered through a phishing email and essentially holds your system hostage until a ransom is paid.

Phishing is a type of scam that tricks people into clicking links that appear legitimate but are actually infectious. Clicking a link infects your device with malware. Once your system is invaded, cybercriminals can attempt to steal sensitive information.  Phishing falls in a wider category of social engineering. meant to deceive individuals into disclosing sensitive information or clicking an infectious link.

Based on my research and interviews with top cyber security experts, there are six things you can do to avoid cyber-attacks on your law firm’s data.


1. Secure your wi-fi networks – Make sure your network is protected. Securing your wi-fi network will assure that both you and your employees will have a secure connection while working online. You can secure your wi-fi networks by using a VPN to encrypt internet traffic that passes through, using a firewall to block cyber criminals, and using a host intrusion prevention system (HIPS) to detect and block cyber attacks.

2. Initiate automated remote backup and data recovery – Use an automated remote backup and data recovery system which will allow you to save and store an extra copy of all your data all safely. Thus, in the event of a data breach, you’re prepared, and your data is safe.

3. Implement role-based access control – RBAC is the act of assigning limited access to your law firm’s information based on an individual’s specific role in the law firm. Limited access means that even if a single employee’s information and access becomes exploited by a scammer, not all of your law firm’s information can be stolen. It provides a layer of protection and built-in damage control. 

4. Multi-factor authentication (MFA) – Multi-factor authentication is an important way to secure all your data and accounts. In the event that an account’s password might be stolen somehow, the account cannot be accessed without the approval from a second source, usually by receiving a special code from the account owner’s phone. It’s an extra layer of protection, making it that much harder for scammers to steal information from accounts.

5. Get cyber security liability insurance – As one of our current Mastermind members knows all too well – purchasing cyber security insurance is critical. For them, it was $4,400.00 well spent – saving them from a $950,000 liability. You should check with your local liability insurance carrier to add on a cyber security insurance rider to your existing liability policy.  

6. Familiarize all employees with the best practices for cyber security – One of the most important ways to defend your law firm from cyber attacks is by making sure all your employees can spot red flags of scams when they see them. The best way to effectively educate your employees is by providing them with a clear cyber security policy that outlines the risks, the defenses in place, and the steps they can take to protect themselves and your law firm’s data.

Get the latest strategies for how to protect your firm from Cyber Attacks and the latest Internet Marketing Strategies to help you Dominate your market at The Biggest Law Firm Virtual Event of the Year: 

PILMMA”s Internet Domination Bootcamp

September 7-9, 2022 – Register here.