Saved client data can make firms a target
The sensitive and often personal data that law firms typically retain make them juicy targets for cybercriminals. In 2021, according to an ABA report, 25 percent of respondents reported their firms had experienced a data breach at some point. The fallout can mean more than costly fines or lawsuits; breaches can reduce the trust clients place in a firm. There are numerous defenses that firms can mount against this evolving threat, but unfortunately, one of the simplest and most often neglected defenses is staying current on software and other patches.
Patches — or updates that software or operating system vendors issue to fix performance bugs or to provide enhanced security features — are usually available without added charge and the installation and updates typically do not interfere with ongoing operations. But despite the ease of installation, many law firms and other enterprises do not bother to stay current. The results can be dramatic, as demonstrated by one of many attacks — the global WannaCry ransomware “crypto worm” that penetrated more than 200,000 computers running Windows across 150 countries in a matter of hours in 2017.
After infecting a device, WannaCry encrypted data and demanded ransom payments estimated to total billions of dollars. The kicker was that Microsoft had already identified the vulnerability and issued a security patch months before the attack, but many Windows users simply had not bothered to download and install the updates.
There is no question that law firms, particularly solos and other smaller practices, are busy and would rather spend their time on billable matters; but that excuse won’t matter to clients who question why their trusted adviser’s systems were compromised. In fact, there really is no excuse for missing out on patch updates, especially since many outsourced IT support providers offer packages that can automate the process of hunting for and installing them.
And that is just the beginning. Sophisticated automated agents can also monitor a firm’s cyber systems and devices for compliance, address a host of issues, and alert IT support providers about any problems so they can be addressed. Customized patch solutions can also be designed with such features. An audit tool can create a list of all the software residing on a system; a regression tool can check for patches and downloads and install them; and other tools can monitor for compliance — an important step because even if a patch is downloaded on time, a sophisticated attacker may be able to disable it without any obvious warning signs.
Despite the danger that hackers represent, these kinds of cyber security managed services solutions often fly under the radar of law firms, primarily because initiatives like establishing basic security protocols are not “glamorous” enough to attract a partner’s attention, until something goes wrong. Then, suddenly, it becomes a top priority. But firms that want to limit their exposure to cybercrime will stay on top of their patches, either manually or with an automated tool, and will likely avoid a lot of unnecessary “cleanup expenses” while continuing to enhance their reputation.
Carl Mazzanti is president of eMazzanti Technologies, a cyber security and IT support organization based in Hoboken, NJ. The company can be reached at [email protected].
Share this story, choose a platform

Brought to you by BridgeTower Media
Free Weekly Newsletter
Recommended content
Reputational Management: Mitigating sexual harassment risks at law firm and legal industry events
Reputational Management: Mitigating sexual harassment risks at law firm and legal industry events By Gina Rubel Creating a safe and inclusive [...]
The modern approach to law firm sales and client onboarding
From initial contact to the first signed agreement, each interaction with a new client should reflect a firm’s professionalism, priorities, [...]
What comes before the zero draft? Exploring the negative draft
A negative draft helps writers clarify their thinking by reacting to what does not work. It’s an area where generative [...]
The lawyer’s brain in retirement: What changes and why it matters
Retirement can be daunting for anyone. But lawyers face special challenges when they suddenly disengage from the intellectual intensity of [...]