5 Immediate Steps To Take When Your Online Law Firm Security Has Been Breached (2nd in a Series)

LeanLaw Blurred zoom-in to security code script

We’ve heard about the Panama Papers – the hack to international law firm Mossack Fonseca’s online data – where over 11.5 million documents were stolen. Have you thought about what you would do if your clients’ online data from your law firm had been hacked? What if you get infested with malware? How do you get back to a clean, secure system? Do you know your first step? How prepared are you with your small law firm’s online security?

If you already have a plan in place, that’s exactly where you should be. And you’ll need to do a practice run, to keep on your toes and make sure that the plan actually works.

Still, the fact remains that if someone really wants to hack your data, they will get in. It is your ethical duty as an attorney to be current in your law firm’s online security, knowing that you if you follow best practices and then be vigilant in staying on top of it, your clients will know you’ve taken every practical precaution with regard to security.

In the last post, we spoke about how being up to date on your law firm’s online security will give you cover should your data be breached. Below we will address the immediate first steps you can take once you realize that there has been a breach. Please keep in mind that the following steps are for small law firms and solo practitioners. If you are in a big law firm, your in-house IT department will handle these issues in a different way.

Step 1 Reset All Passwords -5 Immediate Steps To Take When Your Online Law Firm Security Has Been Breached

Step One: Reset all passwords.

This goes for any website associated with your law firm: Facebook, Google, Twitter, Evernote,, NetDocuments – think of any and every online portal that is touched by your law firm and change the password.

Depending on the app, deauthorize apps or websites that have been enabled by services like Google and Facebook.

Step 2- Assess the Damage - 5 Immediate Steps To Take When Your Online Law Firm Security Has Been Breached

Step Two: Assess the damage.

Investigate what applications and/or websites the hack affected. Was it isolated to your machine, network or was it specific to a website? The scope of the attack will help you understand its severity and give you a sense of what data might have been compromised.

Don’t reach out to any entity that you don’t already have an established relationship with. No matter, what the notification on the screen might say. Start with your trusted advisors.

Step 3 Scan Update Check - 5 Immediate Steps To Take When Your Online Law Firm Security Has Been Breached

Step Three: Scan / Update / Check

Run a malware scan and check your startup items. Malwarebytes is the best choice at the time of this post.

Update your operating system, browser, and any other critical software.

Depending on how you got hacked, check to see if the hack left any software on your machine or in your web browser.

Check your browser extensions

Chrome: Add in’s, Internet Explorer / Firefox: Add On’s

Check your “add / remove programs” within Control Panel. Sort by install date and check to see if there were any rogue applications installed on the date of the threat.

Step 4 Send Out Notifications - 5 Immediate Steps To Take When Your Online Law Firm Security Has Been Breached

Step Four: Send out notifications contingent on the results of Step Two.

It is a good idea to notify any relevant financial institutions or credit reporting services about the hack. They can put alerts in place to mitigate any fraudulent charges on your credit cards.

If it was an email hack, notifying your friends and clients is useful.

You will need to make decisions regarding how much you want to say, if anything, to your clients. Most breaches are financial phishing schemes and are isolated to a single user. If your network has been breached and you have evidence via logs that data was accessed, it may be sensible to proactively reach out to whoever has been exposed.

Consider engaging a service like Lifelock or another identity theft management entities.

Step 5 Prevent the hack from happening again - 5 Immediate Steps To Take When Your Online Law Firm Security Has Been Breached

Step Five: Prevent the hack from happening again.

Make a list of whom you would call if there was a hack and what specific data and/or logs you would want to investigate.

Check your Windows update settings to ensure that system updates are automatically downloaded and installed. If you have a server, make sure that someone in your organization is updating the operating system on a regular basis.

Train yourself and your staff to mitigate human mistakes.

Be suspicious of emails. Check link locations before you open.

Enable two-factor authentication where applicable (password and text with code).

Use complex passwords – it’s best to use a password manager.

Be cautious on public wifi with personal data. Use your cell as a WIFI hotspot.

Your law firm’s online security is something that your clients take for granted. You are the lawyer, tasked with protecting them and upholding the rule of law. Your clients will assume you have taken all the step you need to be up to date with your online security. Don’t prove them wrong. Be prepared and get the added bonus of creating lean workflows in the process.