Two Law Firm Data Breaches And New Breach Stats

Ed. note: This is the latest in a new article series, Cybersecurity: Tips From the Trenches, by our friends at Sensei Enterprises, a boutique provider of IT, cybersecurity, and digital forensics services.

Two New Law Firm Breaches in the News

On April 22, it was reported that midsized law firms McCarter & English and Stevens & Lee had suffered data breaches.

McCarter & English said it is actively investigating a network security incident that “impacted the availability of [its] computer systems.”

Leaders at the New Jersey-based firm said they restored key systems in the week after the incident occurred the weekend of April 9, including access to email. Their lawyers’ ability to perform services for clients was “not significantly impacted,” according to the firm.

“Upon discovering the incident, we took proactive measures to contain the incident and initiated an investigation. Law enforcement was also notified,” the firm said. “The investigation into the incident remains ongoing.”

According to the American Bar Association’s 2021 technology survey, solo and small firms continue to lag behind larger firms when it comes to their tech budgets, with only 43% of solo and 50% of small firms responding that they budget for technology, compared to the 65% of all firms indicating they budget in technology.

Our own experience is that even those who budget for technology don’t separately budget for cybersecurity defenses. While small and midsize firms consistently believe that they are not at great risk, they do not understand the mindset of cybercriminals. Law firm size doesn’t matter as much as the clients they serve and the extreme likelihood of weak security in smaller firms.

We know we harp on two-factor authentication, but it appears that McCarter & English’s data breach highlights the critical role that two-factor authentication can play in a firm’s cybersecurity. McCarter & English already had a multifactor system for authentication. However, after the incident, the firm migrated to data security company Duo for onsite as well as remote access to the firm’s systems.

A report released by Duo states that multifactor authentication has grown significantly…