Cyber Security for Law Firms

Built for the Business and Practice of Law: We understand the unique regulatory, ethical, and operational demands of legal professionals. Our team includes legal malpractice defense attorneys, privacy and data security counsel, and former regulators with a deep knowledge of attorney obligations and law firm operations.

Cross-Disciplinary Firepower: Our cyber team draws from Hinshaw’s national bench in professional liability, class action defense, insurance coverage, commercial litigation, and IP/technology. This allows us to offer coordinated guidance that reflects the full scope of risk facing today’s firms.

Trusted by the Legal Industry: Hinshaw is consistently ranked among the top law firms in professional responsibility and ethics. We host the industry-leading Legal Malpractice & Risk Management Conference (LMRM) and have authored foundational risk management guidance for lawyers nationwide.

Representative Experience

The Case of the Missing Laptop

• Hinshaw was contacted by a law firm after one of its partners had an unencrypted laptop computer—which contained personally identifying information of individuals residing in multiple states—stolen. We: counseled the law firm on reporting the incident to its insurance carrier and to law enforcement; drafted a breach notification letter; advised on reporting obligations to state officials; and recommended and worked with the firm to hire a vendor to offer identity theft protection, issued the breach notifications, and set up a call center to handle questions from those persons who received the notification.

Extortion Attempt

• Hinshaw's Cyber Security for Law Firms practice group worked with a client that was the victim of an extortion attempt, which threatened the public release of personally identifiable information in the client's possession involving thousands of third parties, which we believed was sent by a former employee. We: assisted the client in making contact with federal law enforcement; worked with the client to hire forensic experts to investigate the incident and to confirm that its network was secure; coordinated the forensic evaluation of the client's network with the law enforcement investigation; hired a third-party vendor to offer credit monitoring and to set up a call center; and drafted the required breach notifications under state and federal (HIPAA) law.

Network Intrusion

• After being contacted by a client's information technology department about a network intrusion originating from the Far East, we worked with the client to contain the intrusion, and arranged for forensic security experts to meet with the client the following day. The forensic security experts eradicated the threat to the client's system, and blocked all email traffic coming from that sector of the Internet without the loss or exfiltration of any data.