Cybersecurity Measures Every Law Firm Should Implement

Can’t Happen Here?

The irony wasn’t lost on anyone when law firm Orrick, Herrington & Sutcliffe—with its powerhouse cybercrime counsel division—transformed from defender into defendant after a March 2023 cyberattack. The firm’s client data was the target of this exploit which netted the thieves a trove of personally identifiable information:

  • Social Security numbers
  • Dates of birth
  • Names
  • Addresses
  • Medical information
  • Insurance claims
  • Healthcare insurance numbers
  • Provider details

The loss of this information led 460,000 individuals to file a very expensive civil suit against the firm.

Orrick’s misfortune is a wakeup call for every law firm that thinks cyberattacks are what happens to someone else.

To keep your law firm safe from cyberattacks, it’s time to build your cybersecurity savvy. Let’s begin by looking at the popular methods cybercriminals are now using to access sensitive data and some of the cybersecurity measures law firms can take to prevent them.

Every Breath You Take

Every Breath You Take

Every login you make, every fee you stake—they’ll be watching you.

That’s the modus operandi for hackers who try to fool you into entering login information into a bogus website when using a web portal.

Think about it: each time you click in a login box and enter your credentials, you potentially open yourself, and your firm, to a cyberattack.

Here are two ways that can happen.




Lookalike Web Addresses

Once you log into a portal, you are routed to a URL that looks correct but has a tiny variation; something like adding an extra “m” in instead of Unless you’re paying close attention, it’s easy to miss.

If you do miss it, you may land on a fake URL where hackers own every keystroke you make. Even worse, they can follow you back to your law firm’s portal.

Hacked WiFi

Public WiFi is not your friend. The signal from your smartphone to the WiFi hardware at a coffee shop, hotel, or restaurant is—for the most part—unprotected. Once you’re on public WiFi, whatever you transmit becomes free range data, just waiting for someone to rustle and sell.

To avoid being hacked on WiFi, use your own device’s cellular data.


Plenty of Phish in the Sea

Who passes up $300,000 of free money from a Nigerian prince?

Phishing is one of the original cybercrimes that now seems almost quaint. But make no mistake, currently more than 90% of cyberattacks begin with phishing.

And they’ve come a long way since the 1990s when AOL accounts were hammered by the Nigerian prince scam.

Cybercriminals have updated the look and feel of phishing emails, which is one reason they continue to be effective. Instead of the clunky language and absurd offers that festooned earlier iterations, today’s generative AI-based phishing may look more like a casual message from someone you know.

That’s because today’s cybercriminals can scrape your personal information from social media, allowing them to hit you with messaging that seems far more authentic.

The result is an email that looks like a harmless note from a friend. Perhaps something like this:

Hey Christine“Hey Christine, it was great seeing you at our kids’ soccer game last week. I got some great photos. Click here to download them.”


The examples we’ve just looked at—bogus websites, hijacked WiFi, and phishing emails fall under the technology-based attack category.

But hackers have also developed attacks that are human behavior-based. You may hear about these less, but they are just as devastating.

Law offices are vulnerable to either method, so let’s examine the countermoves designed to protect against them.

Technology-Based Cybersecurity

Technology-Based Cybersecurity

Today’s hackers have a diversified portfolio of attack. They use everything from video game controllers to “Internet of Things” devices to access information. In the business world these cyberattacks are known to frequently occur.

  • Ransomware encrypts files for payment.
  • Malware infiltrates systems.
  • Distributed Denial of Service (DDoS) attacks flood networks.
  • Credential stuffing uses stolen credentials for unauthorized access.
  • Phishing deceives users via emails.

Vigilance should be combined with cybersecurity measures to reduce the likelihood that one of these attacks will be successful.

The table below spotlights several highly effective measures.

Firewall and Antivirus Software

Firewall and Antivirus Software

A firewall acts as a digital barrier between your internal network and external threats. Antivirus software complements firewalls by detecting, blocking, and removing malicious software such as viruses, malware, and ransomware.

Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA)

Protection beyond passwords that requires two or more authentication factors, such as:

  • Something the user knows (a password).
  • Something the user has (a mobile device).
  • Something the user is (a fingerprint).
Regular Software Updates and Patches

Regular Software Updates and Patches

Applying regular software updates and patches addresses known vulnerabilities in the software and closes potential entry points for cyberattacks.

Intrusion Detection and Prevention Systems (IDPS)

Intrusion Detection and Prevention Systems (IDPS)

These systems continuously monitor network traffic and detect suspicious activities or potential security breaches in real time.



Encoding sensitive data makes it unreadable in transit and at rest to anyone who doesn’t have the encryption key. If attackers gain access to the data, encryption assures they can’t decipher it.

Who’s to blame?

Cybercrime is pervasive across platforms. It’s difficult to place culpability on any one contributor but statistics illustrate how human behavior, technology, and financial incentive all give oxygen to cyberattacks:


Percentage of web application developers who do not view
application security as a top priority when writing code.


The number of unencrypted USB drives needed to
negate a law firm’s total spend on cybersecurity.

59.4 million

Number of people in the U.S. who have fallen victim
to vishing (voice phishing) in one year.

$10 Trillion

2023 projected impact of cybercrime, exceeding the GDP
of every nation except the U.S. and China.

Human Hacking (Social Engineering Attacks)

Human Hacking (Social Engineering Attacks)

Hackers aren’t just tech geeks. They understand how emotions affect behavior. Strong emotions such as fear, anger, and greed will shut down your logic center and affect how you make decisions.

Cybercriminals count on this, so they use social engineering attacks to leverage your emotion to their advantage.

To protect yourself, be careful about the action you take in response to things such as a notification about winning a raffle, a delayed order, an urgent call from a “court employee”, or even a tech support call.

Tech support, really?

Yes, here’s an example of how a social engineering attack can be dressed up as a tech support call.

The Setup

A phisher masquerading as a tech support operator sends an email (remember, 75% of targeted cyberattacks begin with an email). The phisher sees that you responded to the email then (a.) calls you to advise that you’ve been “hacked” and (b.) says he will help you disarm the virus and clean your computer.

The Execution

Tech Support: This is Dave at [your company’s tech support]. I see that you’ve been hacked. I’m calling to make sure you shut down the intrusion and clean up your system. Are you ready?

You: Sure, yes, thank you for calling, Dave.

Tech Support: No Problem. This will be easy. Step 1: Go to this [bogus] website and download the .exe file.

You: OK, done. I see my user name and a box to enter my login credentials.

Tech Support: Good job! Go ahead and enter them.

You: The dialogue box is asking if I know the publisher?

Tech Support: It’s a confirmation prompt. Just click “Yes.”

You: OK, I just entered my credentials.

Tech Support: OK, now just click on the .exe file and it’ll take care of the rest.

You: Do I need to do anything else?

Tech Support: If the cleanup returns an error you’ll need to respond. If you don’t get a report at the end of the cleanup then everything’s fine and you’re good to go.

You: OK, great. Thank you so much, Dave!

Why this works:

Dopamine affects your decision making. When you feel trust or positive emotions toward someone your brain releases dopamine. Who better to trust than tech support?

Social engineering is the most successful means to a data breach. Now that you better understand how social engineering attacks work, here are effective cybersecurity measures you can use against them.

Employee TrainingEmployee Training
Educate staff about the latest social engineering tactics. Help them recognize and respond to potential security risks. Address password hygiene, email security, safe browsing, and data handling procedures.
Strong Password PoliciesStrong Password Policies
Enforce regular password changes and prohibit the reuse of previous passwords. Encourage use of password managers.
Phishing Awareness TrainingPhishing Awareness Training
Review tactics cybercriminals use to manipulate individuals into disclosing sensitive information or downloading malware. Share tips for identifying suspicious links and attachments.
Limiting Access to Sensitive InformationLimiting Access to Sensitive Information
This may involve assigning access privileges based on job roles, responsibilities, and the principle of least privilege.
Clear Protocols for Reporting and Responding to Security IncidentsClear Protocols for Reporting and Responding to Security Incidents
Outline steps for reporting suspicious activities or security breaches promptly, designate responsible personnel for incident response coordination, and provide guidelines for assessing and containing incidents. Conduct regular drills and simulations.
Rapid Legal delivers unrivaled process serving for law firms and legal departments
Rapid Legal delivers unrivaled process serving for law firms and legal departments

Rapid Legal Has Your Back

Think your law firm’s cybersecurity team is hard to please?

Show them the industry-leading protections Rapid Legal uses to keep user data safe. Even the most discerning IT professionals are sure to give them a thumbs up:

  • Run on a highly secure, SOCS-2 certified infrastructure that adheres to the rigorous AICPA Trust Services Security, Availability, Confidentiality, and Privacy Criteria.
  • Encrypt all web traffic with 2048-bit RSA TLS/SSL.
  • Encrypt sensitive data—such as passwords—when stored in databases.
  • Use advanced webpage code that prevents injecting malicious scripts by attacks such as Cross-Site Scripting (XSS).
  • Ensure that all payment-related information is passed directly to the payment processor and never stored on local servers or databases.
  • Use advanced anomaly detection on servers to notify of unusual activity that may be signs of hackers.
  • Employ layers of physical protection of servers and data using firewalls, private subnets, and server routing rules.

Get the Industry’s Best

Get the Industry’s Best

Law firms have a 27% probability of being hit by a cyberattack, which can place legal professionals on the front lines of data breach attempts.

To make sure hackers stay out of your firm’s files and enjoy peace of mind on every eFiling and litigation support service you order, contact a Rapid Legal account manager to schedule a call or book a demo today.

Find out how Rapid Legal industry-leading protections guard your law firm’s confidential data while delivering unrivaled value and performance.