Cybersecurity for Law Firms

Here are some sobering statistics that law firms of all sizes should consider (source Bloomberg):

  • More than 80% of the 100 largest U.S. firms have been hacked and majority of them have increased their IT spends significantly.
  • One notable landmark breach was the 2015 exposure of 11.5 million documents belonging to the Panamanian law firm Mossack Fonseca. This explosive leak led to the disclosure of some of the world’s wealthiest asset stashes, causing at least 150 inquiries or investigations in 79 countries. Two years later, the law firm shut down due to the economic and reputational damage it suffered.
  • A small firm in Redlands, CA was the victim of a single cyber-attack, by a Cryptolocker-type virus. Cryptolocker is a kind of ransomware used to encrypt files so they’re unreadable; hackers then demand money to restore the data.
  • The large Washington firm Wiley Rein was targeted by hackers linked to China’s military in connection with a trade dispute it was handling for a maker of solar panels.
  • The FBI, the U.S. Secret Service, and other law enforcement agencies have warned the managing partners of big U.S. firms that their computer files are targets for cyberspies and thieves in China, Russia, and other countries, including the U.S., looking for valuable information about potential corporate mergers, patent and trade secrets, litigation plans, and more.

Client pressure and scrutiny are forcing law firms to beef up their cyber defenses.

The American Bar Association (ABA) provides specific rules of professional conduct for lawyers to use when navigating various scenarios and interactions with clients.

Rule 1.6, regarding the confidentiality of client information, states that, “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”

Basically, this means lawyers must make efforts to protect their clients’ data.

In 2018, the ABA issued Formal Opinion 483, which discusses the importance of data protection and how to handle the inevitable security breach. The opinion states matter-of-factly that the risk of law firms experiencing a data breach is not if, but when. The opinion outlines requirements for before, during, and after a cyberattack targeting law firms

The Valander Group can help.

Vulnerability Assessment

A Vulnerability Assessment is the “first phase” of a Penetration Test in many ways but has a few key differences. Its intended purpose is to identify vulnerabilities and weaknesses in the security perimeter of your organization and its assets.

Using a multi-tiered approach, our consultants identify vulnerabilities by combining hardware and software-based tools, applications, and manual investigations.

Penetration Testing

To ensure confidentiality, integrity, and availability of your resources, vulnerability, and penetration testing is a must. If you do not know your systems’ weaknesses, bad actors can and will find them, and your world will change in the blink of an eye.

A Penetration Test determines the efficacy of an organization’s security controls.

Our experts simulate a comprehensive “real world” scenario, emulating the methods and attacks a malicious party would attempt against an organization.

Data Management (ETL)

Decisions without proper information can lead to catastrophe in the blink of an eye.

Data Extract

Data is the lifeblood of your institution. Having the ability to work with data quickly, efficiently, and securely can mean the difference between success and failure.

Data Transform

SQL Server, Access, MySQL, JSON, XML, CSV, or any other form of data is in our wheelhouse.

Data Load

Having data is not enough; analyzing the data is essential. Knowing what massive amounts of data is telling you will help your bottom line and ensure well-informed decisions are made.

Cloud Infrastructure

We are AWS experts.

  • Cloud computing is faster, less expensive, and more secure. Deploy resources in minutes rather than weeks. Take advantage of servers across the globe to ensure uptime and minimize opportunity loss.
  • Allow your employees to work from home easily and effectively.
  • Easily set up a disaster recovery plan that includes worldwide resources.
  • Allow Valander to monitor your AWS network to ensure confidentiality, availability, and integrity.
  • Cloud computing is easier, cheaper, more secure, and faster than onsite or local data centers. Allow us to show you how.

Cybersecurity and Your Clients

If you are advising clients in Mergers & Acquisition activities, consider this: Verizon reduced their offer to buy Yahoo by $350 million at the eleventh hour after two massive data breaches where uncovered.

Vulnerability scanning, penetration testing and KYC (Know Your Customer) procedures are essential to any merger, acquisition, or partnership due diligence exercise. The risks involved in a business relationship or an acquisition must include cybersecurity investigation.  When acquiring or partnering, every security hole the other party has becomes yours.  APT (Advanced Persistent Threats), poor ransomware preparation, substandard compliance, poorly trained employees, and insecure infrastructure can derail a successful integration or partnership and cost millions.  Having an accurate assessment of the security posture of the other party must be part of the decision-making process.  The Valander Group will make these integrations successful and eliminate surprises.


To learn more, please fill out the form below. (Note: we never share or rent our lists. You can easily unsubscribe at any time.)

Please fill out the information below
Email Address*
First Name
Last Name