Cyber Risk Management Solutions

Cybersecurity for Law Firms

The legal industry is being targeted by cyber criminals. Find out how Cybriant can help.
Best PracticesWork with Cybriant

Law firms are being targeted by cyber criminals. Cybersecurity for law firms should be a focus for the legal industry as well as their clients.  

Cybersecurity events are on the rise at law firms. According to, a major professional liability insurer estimates that as many as 80% of the largest law firms in the U.S. have experienced data breaches recently.

Cybersecurity for Law Firms: Risks and Threats

It is vital that law firms understand the importance of cybersecurity in their practice. Attorneys, in general, accumulate highly sensitive and personal information from each client – including corporations. That information, along with the mobility needed to carry data from the client to the courtroom, makes mobile security increasingly important.

Here are the top three reasons hackers target law firms:

  1. Large firms, especially those with over 100 lawyers, are targets because of the availability of large quantities of valuable and quality documents. By targeting law firms, they can quickly access such information as technical secrets, business strategies, and financial data for numerous clients.
  2. By handling the important information, Law firms provide a quick detour around information of little value. The information that attorneys have access to is the high-value information, which is more selective and valuable to hackers. By skipping the corporation and targeting their law firm, they more easily access the high-value data.
  3. Data security hasn’t traditionally been a priority at law firms. Larger law firms move at a fast pace and need access to information quickly. This means law firms may have sloppy or no data security practices in place.

Private and government organizations are required to alert clients and consumers about recent data breaches affecting their private personal data. Nearly every state in the US has enacted their own data breach statute which should make cybersecurity for law firms even more important.

Cybersecurity for law firms is a real and growing concern for everyone involved – especially potential clients. While it is not possible for any organization to be completely secure, you can be prepared.

Cybersecurity for Law Firms: Best Practices

At Cybriant, we typically recommend that you start with a solid security framework. For many law firms, you may already have that framework based on your compliance regulations. When it comes to cybersecurity for law firms, a framework is a standardized methodology for selecting, implementing, testing, and maintaining a set of security metrics, also called security controls.

If you need help selecting a cybersecurity framework, please contact us. We have helped many organizations determine what works best for them. Read more about cyber security frameworks in our article, “Is My Company Secure?

Here are a few best practices we recommend, taken from a recent article, “Legal industry still playing catch up in cybersecurity”:

Get the lawyers on board

Compliance is not security

    • While certain cybersecurity tools will help you check off the necessary compliance audit questions, it doesn’t necessarily mean that you are secure. On the other hand, having a strong security foundation will help you ensure and simplify compliance.

Find vulnerabilities…and patch them

Protect those endpoints

    • Antivirus isn’t enough, Endpoint Detection and Response (EDR) may not be enough. But with a service like Managed EDR, you can stop malware before it executes.

Monitor, monitor, monitor

    • By using a SIEM (Security Information and Event Management) tool, you pull all the networks and systems together to create a complete picture of your infrastructure. And by having a dedicated team of experts to monitor that SIEM, you will be protected around the clock.

Cybriant can help make cybersecurity for law firms a priority.

Cybersecurity for Law Firms: Working with Cybriant

We work closely with organizations of all sizes to offer the same cybersecurity services that the Fortune 500 receives. Here are the steps, we typically recommend:

1. START HERE: Risk Assessment

There are several different kinds of risk assessments including gap analysis and penetration tests. The point of a risk assessment is to find out where you are, so you know where to begin.

Our Director of Managed Services recently posted an article, “Why You Must Perform a Security Assessment.” Here he answers the question, what should be assessed?

To begin, most organizations only focus on IT data systems or penetration tests during Security Assessments, and this is where things go wrong very quickly.  Yes, it is important that the firewall blocks bad guys and workstations are kept secure, but what about phone systems or printers?  Will your users recognize and report a phishing email attempt?  What is the process for when an employee exits your organization? Did anyone remember to disable their key card to the building?  A thorough Security Assessment will go beyond the typical IT systems assessment.  Here is a list of security domains that should be considered during a Security Assessment:

  • Access control
  • Information Governance and Risk Management
  • Infrastructure Architecture and Design
  • Cryptography
  • Operations Security
  • Network and Telecommunications Security
  • Disaster Recovery and Business Continuity plans
  • Governmental Regulations
  • Incident Management Policies and Procedures
  • Physical Security
  • IT Security Training Programs
  • Network Boundaries


A SIEM is a piece of the security puzzle that every organization needs. Many organizations know they need a SIEM for log monitoring and management but have problems because it was implemented incorrectly or wasn’t fine-tuned to their business specifications.

What is a SIEM?

Security Information and Event Management (SIEM) – A SIEM platform centrally collects data from multiple devices on your network, including your existing security appliances. Through an advanced correlation engine, it is able to proactively identify security events not otherwise detected by standalone security technology.

A SIEM system centralizes logging capabilities on security events for enterprises and is principally used to analyze and/or report on the log entries received. The analysis capabilities of SIEM systems can detect attacks not discovered through other means and can direct the reconfiguration of other enterprise security controls to plug holes in enterprise security. Some of the top SIEM products — assuming an attack is still in progress — can even stop detected security breaches.

Why do people use a SIEM?

A SIEM is used differently based on the perceived outcomes and benefits of the tool. The top reasons organizations purchase a SIEM is as follows:

  • Compliance reporting obligations
  • Log management and retention
  • Continuous monitoring and incident response
  • Case management or ticketing systems
  • Policy enforcement validation and policy violations

Read more SIEM FAQS here.

3. Cybersecurity experts

The cybersecurity skills shortage is getting worse. It is more and more difficult to find someone with the qualifications you need at the salary budget you can afford. For this reason alone, many companies choose to outsource. We often warn people to be picky when you outsource! We have heard story after story of MSSPs that claim to monitor your SIEM but that means they will forward alerts from your SIEM. Find a true security organization that offers managed detection and response (MDR). Cybriant will help you detect those alerts but then provide a remediation path to resolve it.

Many organizations come to us after decided that it isn’t feasible to build an internal security operations center (SOC).

Security Operations CenterDownload our ebook, “Insource vs. Outsource: Cost Comparison for building a 24/7 Security Operations Center” to discover the true cost of building an internal SOC.

4. Endpoint Detection and Response

Traditional anti-virus isn’t enough to protect endpoints. This is where AI or artificial intelligence can absolutely help your organization. It’s possible to use AI to prevent cyber attacks. We all have employees that are click happy. With the right EDR technology, you can prevent 99% of malware attacks from becoming breaches.

Cybriant uses AI-based threat prevention, running locally on your endpoint, that has a field-proven record of preventing well over 99% of threats, both known and unknown, from executing on your endpoint, without signatures, cloud lookups, or significant impact on your endpoint.

Using AI, we can stop bad executables before they can hurt your business. Time is of the essence when it comes to a security incident. Our analysts can decisive action when a security incident is identified or a threat needs to be mitigated.

Find out more about our managed EDR service.

5. Vulnerability and Patch Management

Vulnerability scanning and patch management are two different services, but they work closely together. When you understand your vulnerabilities, you can patch more effectively.

“Gartner predicts that, through 2020, 99% of vulnerabilities exploited will continue to be the ones known by security and IT professionals for at least one year.”


The modern attack surface has created a massive gap in an organization’s ability to truly understand their cyber exposure.

The larger the gap, the greater the risk of a business-impacting cyber event occurring. Traditional Vulnerability Management is no longer sufficient. Managed Vulnerability Management extends vulnerability management by covering the breadth of the attack surface (IT, Cloud, IoT/OT) and provide a depth of insight into the data (including prioritization/analytics/decision support).

Download our ebook, “The Modern Approach to Vulnerability Scanning.”

Read more about Responsive Patch Management here.



Cybersecurity for Law Firms