Cybercriminals are targeting law firms with more precision than ever before. From ransomware attacks that can freeze your operations overnight to lawsuits following major data breaches, the stakes have never been higher.
In this issue, we break down the latest threats, real-world cases, and practical steps your firm can take to stay protected.
Class Action Lawsuit Highlights Rising Cyber Risk for Law Firms
U.S. law firm Kelley Drye & Warren, a practice of roughly 300 attorneys, is now at the center of a proposed class action following a data breach earlier this year.
The breach, which came to light in March, allegedly exposed sensitive personal data, including Social Security numbers, driver’s license details, dates of birth, and client information.
The plaintiff, a former employee of one of Kelley Drye’s clients, claims the breach has already led to a surge in phishing attempts, scam calls, and targeted fraud. She further argues that the firm’s notification letter “downplayed the severity” of the incident and misled affected individuals about the risks.
While Kelley Drye has publicly stated it recovered the stolen data and believes the likelihood of disclosure is low, the lawsuit seeks class action status and monetary damages for potentially thousands of impacted clients, employees, and third parties.
This case underscores a growing trend in the legal industry: cyber breaches are not only operational crises but also legal liabilities.
Kelley Drye joins a list of major firms, including Orrick, Herrington & Sutcliffe and Gunster, that have faced multimillion-dollar settlements tied to data breaches.
For law firms, the takeaway is clear: data security failures now carry consequences on multiple fronts: regulatory, reputational, and financial.
Clients expect strong safeguards for sensitive data, and regulators and courts are increasingly holding firms accountable when those safeguards fall short.
What this means for your firm:
- Prepare for litigation risk: Even if stolen data is “recovered,” lawsuits may still arise from breach notifications.
- Invest in proactive defenses: Strong cybersecurity practices, such as zero-trust architecture, MFA enforcement, and continuous monitoring, are essential to minimize vulnerabilities.
- Communicate transparently: Post-breach response letters and notifications must balance compliance with client trust. Downplaying the impact can fuel litigation.
Proactive Ransomware Defense: A 6-Step Blueprint for Law Firms
Cybercriminals know that legal practices often lag in security, hold high-value, sensitive data, and are more likely to pay under pressure. That makes law firms especially vulnerable to ransomware.
Understanding how attacks begin is key to stopping them:
- Website-based attacks: Even trusted sites like legal research platforms (e.g. LexisNexis) can be compromised. Just loading a fake page or clicking a link can trigger ransomware downloads.
- Email-based attacks: Deceptive emails with subject lines like “Refund Available” or “Invoice Attached” may use social engineering and personalized details to lure unsuspecting users into downloading or clicking malicious links.
To interrupt these attack paths, law firms should build a structured and practical defense with these six critical steps:
1. Block Known Threat Sources with DNS Filtering
Use services like OpenDNS to block access to IP addresses tied to ransomware. This helps prevent the download of malicious payloads before they reach your network.
2. Implement Smart Attachment Scanning
Leverage spam filters that analyze attachment behavior and signatures. Modern tools like Barracuda Essentials can sandbox attachments and detect hidden attempts to download malware.
3. Monthly Vulnerability Scans and Patching
Don’t wait for vendor alerts. Conduct frequent network vulnerability assessments and patch systems immediately to close entry points for ransomware.
4. Disable Remote Desktop Access Unless Absolutely Needed
RDP is a common gateway for attackers. If it’s not essential, turn it off. If it is needed, restrict and monitor its use rigorously.
5. Maintain Isolated, Immutable Backups
Regularly back up critical files to a secure, non-editable environment, ideally air-gapped. In case of a ransomware attack, you can restore files without paying ransoms.
6. Test Your Ransomware Recovery Plan
Practice your incident response plan with realistic drills and drills involving partner firms or executives. Understand who needs to be notified and how, and ensure backups are tested regularly to confirm that recovery works as planned.
AI in Cybersecurity: Why Law Firms Need Trust as Much as Speed
For law firms and other organizations, time is critical when responding to a cyber threat.
But speed alone isn’t enough. In fact, an inaccurate or poorly timed response can lock out attorneys mid-trial, disrupt casework, or compromise client confidence.
In the legal industry, where client trust is everything, cybersecurity powered by artificial intelligence (AI) must deliver speed plus accuracy, reliability, and transparency.
Why Trust Matters in Legal Cybersecurity
Law firms are high-value targets for attackers because they hold sensitive client records, case strategies, financial data, and intellectual property. A delayed response gives hackers the opening they need to escalate privileges, move laterally through networks, and compromise confidential files.
AI is rapidly closing that gap by detecting threats faster and automating responses. But here’s the catch: automation without trust can backfire.
Imagine an AI tool misidentifying legitimate attorney logins during a late-night filing as “credential stuffing” and locking out dozens of users. Or an overzealous phishing filter quarantining court notices or client communications.
In a law firm, those mistakes pose operational and reputational risks.
That’s why trust is the most important metric for AI in cybersecurity. It comes down to two fundamentals:
- Accuracy – Does the system correctly identify threats without unnecessary disruption?
- Reliability – Can it make those decisions consistently across matters, clients, and systems?
The New Frontier: Agentic AI
Earlier generations of automation followed predefined rules. Today’s agentic AI makes decisions in real time, adapting to live data across multiple sources.
For example, if malicious activity is detected on an attorney’s workstation, an AI system could:
- Correlate Active Directory logs, device telemetry, and network traffic to confirm the threat.
- Disable specific compromised credentials rather than locking the whole practice out.
- Deploy just-in-time access policies to limit exposure during containment.
- Update intrusion detection rules automatically to prevent similar attempts.
Done correctly, this minimizes disruption while containing the breach. Done poorly, it risks halting legal work, cutting off privileged sessions, or even triggering broader system downtime.
How Law Firms Can Build Trust in AI Workflows
Law firms adopting AI-driven cybersecurity should ensure trust is operationalized through:
- Clear guardrails – Define where AI acts autonomously versus where attorney/IT approval is required.
- Rigorous testing – Validate responses in simulated incidents before deploying across client matters.
- Continuous feedback loops – Use attorney and analyst oversight to refine future AI decisions.
- Ongoing measurement – Track metrics like detection accuracy and response consistency.
Bottom Line for Firms
AI in cybersecurity is becoming essential for law firms facing increasingly sophisticated attacks. But speed without trust is a liability. Law offices that implement AI with strong safeguards, transparent workflows, and measurable accuracy will gain the confidence to act decisively without compromising attorney productivity or client trust.
Password Managers and Clickjacking: What Law Firms Need to Know
Many law firms rely on password managers to keep track of the countless logins needed for case management systems, client portals, research databases, and cloud storage.
While these tools are widely considered best practice, new research shows that they are not invulnerable, and attackers may be able to exploit them using a technique called clickjacking.
What Is Clickjacking?
Clickjacking is a tactic where a malicious website tricks users into clicking something they didn’t intend to.
An attacker may layer a hidden “Confirm” or “Autofill” button on top of what looks like a harmless web element, such as a link or video. With one misplaced click, the user unknowingly approves an action, like exposing passwords or sensitive client data stored in a password manager.
This matters for law firms because password managers often contain “the keys to the kingdom”: attorney logins, client credentials, e-discovery platforms, billing systems, and even stored payment information.
A single compromised account can expose confidential communications or privileged documents.
Several leading password managers’ browser extensions (the add-ons that make autofill quick and convenient) could be manipulated by clickjacking attacks.
In many cases, the attack only requires a single click from the victim.
Some vendors have already released patches, but others are still rolling out fixes. Even where updates exist, the underlying issue stems from how browsers render pages, which makes a complete technical solution difficult.
Why This Matters for Law Firms
For attorneys on the go, autofill features are tempting because they save them time when logging into court portals or legal research tools.
But convenience can come at a cost. If an attacker tricks a user into triggering autofill, they may walk away with:
- Client usernames and passwords
- Privileged work product stored in online systems
- Payment card information used for firm expenses
That kind of breach could trigger ethics violations, malpractice exposure, and regulatory scrutiny.
Practical Safeguards for Firms
To reduce the risk, law firms should:
- Update regularly – Ensure browser extensions and password managers are patched promptly.
- Enable confirmation prompts – Where available, require a manual confirmation before autofill of sensitive data.
- Limit autofill scope – Avoid storing or autofilling highly sensitive information like payment details.
- Train attorneys and staff – Teach them to be alert for suspicious pop-ups, overlays, or unexpected website behavior.
Password managers remain a powerful defense against weak or reused credentials. But as this research shows, they are not “set-and-forget” tools. Law firms must balance convenience with caution, implementing safeguards to prevent attackers from exploiting small clicks into major breaches of client trust.
As attackers grow more sophisticated, your law office can’t afford to wait until after a breach to act. Protecting client data is a professional duty.
Ready to strengthen your law firm’s defenses? Schedule a security assessment with Infoguard Security today.
If you found this newsletter helpful, don’t forget to share it with your colleagues.
Best regards,
