From ransomware targeting law firm backups to the legal fallout of delayed breach disclosures, this edition of our newsletter covers the evolving threats facing the legal sector and what your firm must do to stay protected.
Boston Law Firm Faces Twin Class Actions Over Data Breach
A cybersecurity breach at a Boston-based law firm has triggered two class action lawsuits, highlighting growing legal exposure for firms that fall short on data protection.
The lawsuits allege that Casner & Edwards, a well-established firm, failed to secure sensitive client data, resulting in a breach that compromised the personally identifiable information (PII) of nearly 13,000 individuals.
While the breach occurred in March 2024, affected individuals weren’t notified until more than a year later, prompting claims of negligence and delayed disclosure.
The complaints, filed in May and June 2025, argue that the firm either ignored or inadequately implemented cybersecurity protocols, putting confidential client data at risk.
One lawsuit states that Casner “intentionally, willfully, recklessly, or negligently” failed to protect its systems from unauthorized access. Another claims the firm’s delay in notifying affected parties significantly worsened the impact of the breach.
Casner’s leadership has responded, claiming the incident affected only a limited portion of the firm’s network. They also emphasized that the firm engaged law enforcement, launched a detailed investigation, and implemented new security measures.
Still, the lawsuits move forward, citing negligence, breach of fiduciary duty, and violations of federal law, including the Federal Trade Commission Act.
Why This Matters to Your Firm
Law firms are increasingly prime targets for cybercriminals.
From confidential client files to sensitive financial transactions, legal practices hold valuable data that hackers are eager to exploit. And while no system is completely breach-proof, how a firm prepares for, detects, and responds to a cyberattack can determine its legal liability.
Legal Risk Is Rising
As of early June, the plaintiffs in both class actions had requested the court to consolidate the lawsuits and appoint interim counsel. The legal claims include:
- Negligence and negligence per se
- Breach of implied contract and fiduciary duty
- Unjust enrichment
- Violations of the FTC Act
The lawsuits underscore the real-world consequences when firms lack a formal incident response plan, fail to implement cybersecurity best practices, or delay breach notifications. And with courts increasingly sympathetic to plaintiffs in cyber-related litigation, the bar for law firm accountability is rising fast.
Takeaways for Law Firms
This high-profile breach should serve as a wake-up call. Here’s what every law firm should consider immediately:
- Audit your cybersecurity posture, especially client-facing systems and data storage platforms
- Implement and regularly test your incident response plan
- Encrypt sensitive data both in transit and at rest
- Limit access based on role and need-to-know
- Establish a breach notification policy aligned with regulatory expectations
- Engage third-party security experts for vulnerability assessments
___________________________________________________________________________
6-Step Approach to Building a 24/7 SOC for Law Firms
If your current security operations don’t offer 24/7 coverage, your law firm may be one phishing email or zero-day exploit away from disaster.
Here’s a six-step framework to help legal organizations design and implement a resilient, around-the-clock Security Operations Center (SOC) with minimal disruption and maximum protection.
1. Build a Foundation That Aligns With Your Firm’s Risk Profile
Every law firm is different. The size of your client base, the type of matters you handle (e.g., M&A, IP, white-collar defense), and your jurisdictional exposure all shape your risk profile.
Define the mission and scope of your SOC in direct alignment with these factors and data privacy laws.
- Do you need to comply with HIPAA, GLBA, or NYDFS?
- Are you handling international matters subject to GDPR?
- Are you working with high-net-worth individuals or corporate boards?
Use your answers to justify 24/7 monitoring to senior leadership.
Also, consider your SOC model:
- In-house SOCs provide control but require staffing.
- Hybrid SOCs offer flexibility and scale.
- Managed SOC services can deliver instant coverage if resources are tight.
AI-powered platforms can stretch your security capabilities further without increasing headcount.
2. Build the Right Security Team And Keep Them Sharp
Staffing a SOC for a law firm means more than hiring analysts. You need professionals who understand the regulatory, ethical, and reputational stakes of a breach in the legal sector.
SOC structures typically include:
- Tier 1: Monitors alerts and triages incidents.
- Tier 2: Investigates and remediates threats.
- Tier 3: Performs threat hunting and strategic planning.
Can’t build all tiers internally? Outsource strategically or consolidate into a two-tier model with clear escalation protocols.
Train your staff on legal-specific threats like BEC scams impersonating managing partners, spear phishing targeting clients, and ransomware campaigns exploiting outdated case management software.
Encourage certifications (e.g., GCIA, CISSP) and internal learning paths.
3. Avoid Analyst Burnout With Smarter Shift Design
Cybersecurity burnout is real and a serious liability. If your analysts are exhausted, mistakes happen. Threats get missed. Data gets compromised.
Avoid this with smart shift design:
- Use 8- or 12-hour rotations with built-in recovery days.
- Adopt a “follow-the-sun” model if you have global offices.
- Maintain a bench of analysts for flexibility.
Also, rotate responsibilities. Let staff switch between triage, threat hunting, and playbook development to stay engaged.
4. Choose Legal-Grade Security Tools
Don’t just buy what’s trending. Instead, choose what actually works for your legal environment.
Many traditional tools (SIEMs, SOARs, EDRs) were built for enterprise IT, not law firms. They often require massive log storage budgets, constant tuning, and extensive configuration.
What you need are tools that:
- Integrate with case management and document systems
- Provide visibility into lateral movement and email compromise
- Detect unauthorized access to privileged files
- Support regulatory audit trails
5. Build a Culture of Continuous Learning and Threat Readiness
A reactive SOC is a vulnerable SOC. You need to be proactive.
Foster a security-first mindset by promoting continuous learning, open communication, and hands-on training across your entire team:
- Hold monthly threat briefings with legal and IT staff.
- Run tabletop exercises with attorneys and partners.
- Involve your public relations, legal, and compliance teams in cybersecurity simulation exercises to ensure a coordinated, organization-wide response during a real incident.
- Conduct post-incident reviews without blame—only learning.
6. Govern With Metrics, Not Guesswork
You can’t manage what you don’t measure. Set specific, measurable benchmarks to evaluate the effectiveness and responsiveness of your 24/7 Security Operations Center.
- MTTD (Mean Time to Detect)
- MTTR (Mean Time to Respond)
- False positive rates
- AI decision accuracy
- Analyst workload balance
Track metrics over time. Use real-time dashboards for daily situational awareness and run monthly deep dives to optimize workflows.
Infoguard Cybersecurity helps law firms build, operate, and optimize modern security operations centers tailored to the legal sector. From hybrid SOC design to managed detection and response, we secure what matters most: your clients’ trust and your firm’s reputation.
Ransomware Now Targets Your Backups First
Threat actors no longer go straight for your case files or email servers. They target something far more devastating first: your backups. Why? Because if they destroy your recovery options, your only path forward may be to pay.
For law firms, this shift changes everything. Backups are often the last line of defense between a crippling breach and business continuity. And if those backups live in the same ecosystem as your production systems or if they’re accessible through compromised accounts, you may already be more exposed than you think.
Attackers understand how the legal industry operates. They know law firms handle sensitive litigation records, financial details, client communications, and privileged data. That’s high-value leverage.
Modern ransomware groups now go after backups first, before deploying encryption across your network. Their playbook includes:
- Deleting snapshots or changing retention policies to eliminate recovery points
- Exploiting known vulnerabilities in backup appliances or Windows-based software
- Gaining access via Active Directory or credential theft to disable backup agents
- Encrypting backup volumes accessible via the network
- Attacking cloud backups by breaching the same platform they’re stored on
Common Backup Mistakes in Law Firm Environments
Legal organizations are especially prone to a few backup missteps that make recovery impossible after a ransomware event:
- Keeping local backups on the same network as production systems
- Failing to use immutable (write-once, read-many) storage
- Relying on one cloud provider for both active data and backups (e.g., Microsoft 365)
- Storing credentials or access tokens in the same environment being backed up
When attackers access your environment, they can use lateral movement to disable both production systems and backups in one coordinated strike.
The 3-2-1-1-0 Strategy — Built for Modern Threats
Law firms must move beyond the outdated 3-2-1 backup rule and implement the more robust 3-2-1-1-0 strategy, an approach designed to meet the demands of legal confidentiality, regulatory requirements, and the high stakes of fiduciary responsibility.
✔️ 3: Maintain three copies of your data
That includes one in production and two backups. For critical case files and email data, use image-based backups that capture full systems, not just files.
✔️ 2: Use two different media types
Store one backup on local disk (preferably with isolated access) and another on secure cloud infrastructure.
✔️ 1: Keep one offsite copy
Physically or logically separate it. In a law firm context, this protects against ransomware and on-site incidents like natural disasters or insider sabotage.
✔️ 1: Have one immutable backup
This version can’t be altered, encrypted, or deleted even by someone with administrative access. It’s your bulletproof restore point.
✔️ 0: Zero backup errors
Regularly test your backups and validate recovery workflows. Ask yourself: Can you get critical systems online within hours after an incident?
Key Backup Security Best Practices for Law Firms
Here’s how your firm can harden both on-premise and cloud-based backups:
On-prem security:
- Segment backup servers into a separate, secure LAN
- Apply least privilege access—no broad admin rights for general accounts
- Use firewalls and port-level controls to prevent unauthorized access
- Require multifactor authentication (MFA) for all backup logins
- Encrypt backups with unique keys and passphrases
Cloud backup security:
- Store backups in a separate cloud environment with its own identity system
- Avoid production-stored credentials or tokens
- Use private cloud backup platforms over shared tenant solutions
- Monitor for unauthorized retention policy changes or agent removal
Whether you’re navigating class-action exposure or building out a 24/7 SOC, one thing is clear: your cybersecurity strategy must evolve faster than the threats. The cost of waiting? Client trust, confidential data, and your firm’s reputation.
Explore how Infoguard Cybersecurity can help your firm lock down backups, boost SOC performance, and reduce breach exposure.
Best regards,
