Data security is of paramount concern for law firms. Right off the bat, firms have professional and ethical obligations to protect data pertaining to both clients and cases. Firms also have a responsibility to themselves. To run a firm without appropriate data security policies in place is borderline insanity.

Would you believe that law firms are a prime target for hackers? According to a 2017 study by the American Bar Association, 22% of America’s law firms were victimized by data breaches that year. The total number was up 14% from the year before.

Bad actors target law firms because they are a treasure trove of information. Their networks and servers are rich with personal client data, case data, and proprietary business data. All of those data streams can be leveraged by hackers for financial gain. The smartest law firms know this and take appropriate steps to keep hackers at bay.

Software in the Cloud

Here at NuLaw, we are doing our part by moving legal case management software into the cloud. The cloud is a much more secure environment today than it was just a decade ago. It is increasingly more secure than local networks. According to a 2018 report from Gartner:

  • The 60% of enterprises that embrace the cloud each year will experience 33% fewer security failures.
  • By 2020, public cloud environments will be subject to 60% fewer security failures than traditional data centers.
  • Between 2018 and 2022, 95% of all security failures will be attributable to customers rather than the cloud environment itself.

Cloud technology has improved vastly since it was first introduced at the turn-of-the-century. If your law firm is looking for the best way to secure data in the environment in which it exists, moving case management software to the cloud is the way to go.

Other Strategies to Implement

Moving software into the cloud is a good starting point. Yet cloud technology alone will not protect sensitive data from every kind of attack. As such, law firms have to implement other strategies if they hope to meet their professional and ethical obligations.

Here are a few suggestions:

  • Better Training – Not all security breaches are the result of autonomous computer systems hacking into unprotected networks. Many times, breaches are the result of human error. Better training reduces the risk of threats like phishing, malware, and computer viruses.
  • Mobile Security – With cloud software comes more mobility. However, individual devices may pose a risk because they are not optimized for mobile security. Law firms should put their ID departments on the task of mitigating said risks as much as possible.
  • Data Audits – Data breaches can go from relatively minor to quite severe if not caught quickly. Moreover, the best way to catch early stage breaches is through regular data audits. Data and data security should both be reviewed by qualified experts on a regular basis.
  • Encryption – All data should absolutely be encrypted before leaving the cloud environment. This includes e-mails, file transfers, and so forth. Encrypted data is protected from prying eyes by requiring both sender and receiver to have the appropriate key to unlock it.

The four suggestions offered here do not constitute the totality of what law firms can do to improve data security. But they do provide an introduction to the concept of proactively maintaining security. In a world where data is becoming increasingly more valuable to those who would steal it for their own advantage, law firms cannot afford to turn a blind eye. Even the slightest data breach could cause big problems.


  1. Lawyers Mutual –
  2. Gartner –