Massive Data Theft at U.S. Law Firms

Shot of a young businesswoman looking stressed out while working on a laptop in an office at night. It accompanies a story on massive data theft at law firms.

According to several news reports, three of the country’s largest law firms were victims of a massive data theft, compromising more than 16 million people globally. The firms, Kirkland & Ellis, K&L Gates and Proskauer Rose, were reportedly attacked by the Clop cybercrime group, which may have its origins in Russia. At least one news source stated, “Law firms are attractive and frequent targets for hackers, although some have been criticized for their efforts to educate staff about phishing.”

Ya don’t say? 

Savvy has been working with law firms across North America and Europe for over a decade to help them shore up their cyber defenses through security awareness training. As we are fond of saying: You may have the best technological fire walls out there, but your people can let the bad guys in with one click. Our partners at KnowBe4offer the world’s most sophisticated testing and training platforms to protect law firms from massive data theft. And the results are dramatic.


  • You test your firm’s employees on their tendency to click nefarious emails and you discover that 39% of them like clicking on those fake coupons, fake CEO emails, and fake bank accounts, handing over sensitive information.
  • You launch security awareness training and, within one year, that rate drops to 2%.

There aren’t many sure things in the world today, but returns like that are a guaranteed way to protect your law firm from massive data theft.

What is Your Phish-Prone Percentage? (aka: How vulnerable are you to a massive data theft?)

Luckily, it’s not hard to get a baseline on your law firm’s phish-prone percentage. (That’s lingo for “how many people in your firm will click on nefarious emails and let the bad guys in?”) Our partner, KnowBe4, has a free tool that you can easily launch to get your baseline phish-prone percentage. Once you have that number, you can share it with your managers to help them understand that your firm is in dire need of intervention.

The free tool is called the Phishing Security Test and all you have to do is let me know via email, phone or Calendly that you want to get the test. Then you add your users to the tool and launch it. Within a few hours, you will have your results. 

On average, KnowBe4 has found that law firms and corporate legal departments are around 28% phish-prone without any security awareness training. After just three months of training, that number drops to around 15%, and after a year of training, it drops to about 5%.

If you are a firm with 250 employees and 28% of them click nefarious emails, that means 70 people are opening your firm up to massive data theft. That is a humongous hole in your security system.

Protect yourself from ransomware (and the terrible publicity) by training your law firm employees now. Contact Savvy today for your free phishing test or to simply chat about your security goals.


Leave a Reply

Contact Us: