Cyberattacks hit 20 of law firms last year Heres how to stay safe Proton

pEncrypted email thats private by defaultppYour calendar is a record of your life Keep it safeppSecure cloud storage that gives you control of your datappYour gateway to online freedomppAn encrypted password manager that protects your online identityppStore and transact Bitcoin privately with an encrypted selfcustody walletppImprove the security of your business and comply with data protection lawsppProton stands for privacy Always has always willppMeet the people building a better internetppDefending freedom through tech is why we existppSeeking talented people to take Proton to the next levelppWeve always been guided by the Proton communityppJoin the fight to make the internet a better placeppEveryone is welcome to inspect our code Were openppOur nonprofit model puts people before profitppMove to Proton in just a few clicks with Easy SwitchppGuides and customer support for Proton productsppCreate strong random passwordsppLatest news on privacy and the InternetppShare this pageppAfter surveying 500 legal professionals across the US Proton uncovered that 664 of legal professionals are concerned about cyberattacks and theyre right to be ppFrom privileged case information to confidential client communications law firms are a treasure chest for malicious actors seeking to exploit sensitive information And as digital threats become increasingly sophisticated AI for example is transforming the methods attackers use legal professionals are under increasing pressure to find ways to protect themselves and their clients data ppIn this article we outline why law firms are a prime target for cyberattacks before providing actionable steps for preventionppLegal teams have transitioned from physical to digital information solutions relying heavily on email or cloudbased storage to manage their workflow and collaborate with dispersed teams partners and clients ppThere are undoubtedly significant benefits to this change from realtime collaboration to seamless remote work But internetbased solutions also expose firms to risks leaving them vulnerable to data theft extortion and espionageppRoughly 20 of the law firms we surveyed experienced a cyberattack in the past year Of these 39 reported losing data or having it exposed The American Bar Association performed a similar survey in 2024 finding that 42 of law firms new windowwith 100 or more employees experienced a data breach This suggests that the larger a law firm gets the bigger a target it becomes ppThe cost of falling victim to a cyberattack is high ranging from ransoms in 2024 ransomware attackers received approximately 81355 millionnew window in payments from victims to the exposure of confidential information regulatory fines and lasting damage to client trust For law firms the stakes are even higher due to the pressure of court deadlines and the need to protect active cases This urgency often leads firms to pay ransoms quickly in order to regain access to critical files or systems making them appealing targets for opportunistic attackerspp82 of surveyed legal professionals agree that the greatest risk from a cyberattack is the theft of confidential client or company information However the most popular cloud storage solutions used by the law firms we surveyed were OneDrive 3760 Google Drive 2880 iCloud 2760 and Dropbox 2040 all of which require additional configurations to provide advanced protection from data theft and leaks ppWhile popular these solutions use a type of encryption that leaves data on their servers at risk of unauthorized access if there is a breach If you use their default settings these services can access your files allowing them to share your data with third parties and creating potential points of entry for attackers One New York law firmnew window was compromised when attackers exploited this type of vulnerability in its Microsoft email server ppBy opting for an endtoend encrypted storage solution like Proton Drive law firms can retain control of who can see their files folders and documents without sacrificing the convenience of mainstream solutions With Proton even in the unlikely event of a breach law firms data remains securely encrypted and protected from unauthorized accessppPhishing emails historical breaches malicious browser extensions and unintentional sharing are all ways for individuals to mistakenly expose the passwords that unlock access to a firms most sensitive information Implementing multifactor authentication MFA methods like twofactor authentication 2FA and requiring complex regularly updated passwords significantly reduces the risk of unauthorized access even if passwords are compromisedppWith Proton Drives twofactor authentication for example you must provide your password and verify your identity through a second method like a code sent to your phone or a biometric scan This extra layer means that even if someone gets hold of your password they still cant log in without that second piece of verificationppBy restricting who can view edit or manage specific files or folders firms can reduce the risk of accidental data leaks or intentional misuse With Proton Drive legal professionals can share case files with internal stakeholders or outside counsel while maintaining complete control and showing clients that they take security and confidentiality seriouslyppAt an organizational level Proton Drive lets administrators decide whether individual team members whether theyre legal assistants or senior partners can edit or view certain files from a central control panel Such segmentation is particularly valuable in highstakes litigation or corporate matters where information must be compartmentalized for security and complianceppWhen it comes to sharing individual files or folders you can use Proton Drive to send files with email invitations or secure links and assign access permissions create passwords set expiration dates or revoke access whenever necessary ppOur survey showed that less than 35 of legal professionals are familiar with the legal obligations for handling cyberattacks despite 70 identifying employee education as a method of risk reduction for cyberattacks suggesting a gap in training regarding regulatory complianceppIt only takes even one uninformed employee to open the doors to bad actors and worse consequences Whether it involves opening phishing emails or mishandling data a weak link in the team can lead to anything from ethical violations to malpractice claims which is why security education is key One way to keep security at the top of employees minds is by routinely sharing practical information like ransomware explainers or secure sharing guidesppAs attorneys increasingly work remotely or access files from courtrooms and client sites unsecured mobile devices pose a major risk However we found that 2860 do not employ mobile device management for companyissued devices potentially leaving a gap in mobile security ppWith Proton Drive law firms can manage and revoke employee access to sensitive information from a single dashboard ensuring that lost or stolen devices dont become gateways to confidential client datappAmong the legal professionals we surveyed 42 expressed uncertainty about their ability to recover from a cyberattack indicating a concerning lack of confidence in postincident resilience This uncertainty may be linked to broader gaps in preparedness 45 of respondents are either unclear or unsure about the necessary response steps suggesting that nearly half may not have welldefined or effectively communicated cyberattack response plansppBy opting for digital solutions built with privacy and security at their core law firms can better safeguard client data ensure compliance with industry regulations and reduce the risk of operational disruptions caused by cyberthreats ppBy switching to Proton Drive endtoend encrypted cloud storage law firms can take the first step toward building a secure digital foundation gaining control over their data and enabling safe collaboration both in and out of the officeppShare this pageppJasmine is a writer and content marketing specialist Across an eightyear career she has covered topics ranging from business and technology to society and culture Following a stint in Big Tech Jasmine joined Proton to help people protect their right to privacy and freedom of expressionp