Client Alert: Law Firm Cybersecurity Threats and How to Prepare

Recently, multiple data breaches were reported at a number of U.S. law firms. These incidents highlight a real and growing concern for data security at law firms. Significant threats are posed not only from external hacker intrusions but also from internal sources.

Cybercriminals are known to take notice when a particular industry seems vulnerable to attack and will identify and attack those targets within that industry. This has been the case in recent attacks against the retail, financial services and healthcare industries.

It is becoming imperative that law firms improve their data security and take necessary steps to avoid getting breached. Opportunities for law firms to advance their security may include:

• Assessing the maturity of their cybersecurity practice using a proven assessment framework
• Testing incident response plans
• Reviewing internal security controls with regards to user rights management

Duff & Phelps has deep experience helping law firms before, during, and after a data breach occurs. Our cybersecurity assessment and incident response teams help clients plan for and execute coordinated, managed and successful responses to external and internal threats.