Technology
7
min read

The Human Firewall

Why your legal team is your best cybersecurity investment

The return on investment of your law firm cybersecurity strategy depends on your people—the human firewall protecting your digital assets.
Written by:
Andrew Thrasher
Published:
January 19, 2025

Headlines have confirmed a stark reality: law firms of all sizes are targets for cybercriminals—and small and midsize practices often bear the brunt of these attacks.

Why? While larger firms may have the resources needed to bounce back from an attack on their digital infrastructure, a similar data breach could be ‘game over’ for smaller firms. And the risk appears to be growing, as noted by Dan Roe in a May 2024 article in American Lawyer:

Five months into the year, 2024 is on pace to be the biggest year in the history of law firm data breach reports.

Client trust shattered. Reputation in tatters. Years of hard work undone in moments.

Now, it makes sense that you might turn to the latest, greatest security software to help here. Historically, law firms have relied on tools like firewalls, VPNs, and anti-virus software to protect devices and shared server access. But with modern cloud systems—and more intricate social engineering attacks—this tech-based approach to cybersecurity is no longer sufficient.

Your most critical digital security tool is really your human talent, rather than any piece of technology. When employees—at any level of your organization—are poorly trained and under-resourced to handle cybersecurity threats, this tool is practically nonexistent and can be a glaring point of weakness. With the right knowledge and training, though, every member of your team is empowered to contribute to this ‘human firewall’, helping to spot and mitigate security threats across their daily work.

In this post, we'll explore why investing in your team's cybersecurity skills isn't just smart business—it's essential for modern legal teams. Even the most sophisticated security products can’t compete with well-trained employees in protecting your digital assets. And nothing will undermine your security products more than an untrained employee.

We'll give you actionable steps to start building your human firewall today—along with a preview of our upcoming industry-focused cybersecurity training for immigration legal professionals.

Ready to turn your biggest IT vulnerability into your strongest defense? Let's dive in.

An Evolving Digital Landscape

If you think your firm is too small to be on a hacker's radar, think again. Realistically, any business that has a digital presence is a potential victim nowadays—and smaller organizations are increasingly enticing targets. Here's what you need to know:

Immigration Law Firms: A new gold mine for cybercriminals

Cybercriminals have come to realize that law firms are treasure troves of sensitive data. In our world of U.S. immigration law, a client’s case will often require everything from financial records to sensitive personal documents. Many of the supporting documents and data needed for a petition—yes, even basic information needed for USCIS forms—is valuable to others, and cybercriminals know who will pay for it.

Your firm’s case management system and document storage solution are, therefore, potential one-stop shops for identity theft, fraud, and data ransoming. And with the volume of data that is collected and stored by even the smallest firms and solo practitioners nowadays, it’s no wonder small organizations in immigration law are increasingly common targets.

The limits of tech solutions

Firewalls, antivirus software, email filtering—you’re probably using at least one of these products in your current operations. But they're not foolproof. And many of these solutions inherently rely on competent and consistent human deployment, like multi-factor authentication (MFA) tools and password managers.

Recent studies have found human error was a contributing factor in a majority of organizational security incidents. The most sophisticated security system in the world can't guarantee protection from human error.

The remote work shift

The shift to remote and hybrid work models has expanded the list of potential security threats for many law firms. Home wifi networks and a blended use of personal devices for work have created new vulnerabilities, which traditional office-based security measures aren't built to address.

Relying solely on technology to protect your firm is an incomplete solution, at best. A more effective strategy recognizes that your team—properly educated to understand these threats—is your best defense against modern digital security risks.

Pressure is mounting

As cyber threats evolve, so do the legal and ethical obligations for protecting client data. Failing to adequately protect clients’ personal identifiable information (PII) isn't just a security risk, it's a potential ethics violation.

Bar associations across the country are updating their guidelines on digital security and technological competency, and clients are increasingly seeking reassurance—through audit reports or other evidence—that their data is protected. According to the ABA's 2023 Cybersecurity TechReport, 27% of survey respondents had been asked by clients for their firm’s security requirements document or guidelines.

And corporate clients aren’t the only ones putting pressure on law firms. Consumers are increasingly unforgiving of companies that have experienced breaches, and individuals are better equipped today than ever before to move their business elsewhere.

Next, we'll explore how human error contributes to security breaches and why investing in your team's cybersecurity skills is more than a smart move—it's a necessary one.

The Human Element

We've all been there: a busy day, an overflowing inbox, and suddenly—click—you've accidentally downloaded an attachment you shouldn’t have. These small human moments can have big consequences. But with the right strategy and approach, you can turn your human team from a vulnerability into your strongest digital defense.

To err is human

How are humans particularly prone to digital security mistakes in our work? A few common errors:

  1. Phishing fails: That urgent email from your manager asking for sensitive information? It might be a sophisticated phishing attempt.
  2. Password perils: Using "MainStreet123" as your password for everything from your work email to your coffee shop rewards account? You're not alone, but you're also a dream target for hackers.
  3. Oversharing is not caring: With social media marketing, it's easier than ever to reveal too much. An innocent LinkedIn post with a photo of your office could be a potential goldmine for social engineering attacks.
  4. BYOD blunders: Using personal devices, like smartphones, is a convenient reality in modern work. But it also increases the number of potential entry points for a digital breach when not managed properly.

A human firewall

Now for the positive part: with the right training and organizational culture, your team can become your most effective cybersecurity asset. Here's why:

  1. Adaptive intelligence: Humans are well-equipped to recognize and adapt to new, unfamiliar threats. For example, an employee with some basic digital security training might spot a phishing attempt that slips past your automated filters.
  2. Contextual understanding: Your team understands the nuances of your practice. They can recognize when a request is out of the ordinary or when something just doesn't "feel right.”
  3. Proactive problem solving: Educated staff don't just follow security protocols—they actively contribute to improving them, identifying potential vulnerabilities before they become problems.
  4. Cultural shift: When digital security awareness becomes part of your firm culture, it helps create a collective defense that's far more effective than any single technological solution. A strong employee onboarding process that emphasizes digital security can be a great place to start, and a culture of re-training and reinforcing best practices can ensure that good habits are made.

Building a human firewall isn't a one-time task. It's an ongoing process of education, practice, and cultural shift—rather than achieving perfection, it's about continuous improvement. Every step you take strengthens your defense against cybersecurity threats, and a repeated commitment to train your team is one of the most effective steps you can take.

The ROI of Cybersecurity Education

When it comes to investing in your firm's future, cybersecurity education might not seem as glamorous as a flashy new case management system or office equipment. But in today's digital landscape, it could be the most crucial investment you make. Let's break down the returns on investment when you prioritize your human firewall:

The cost equation

Now, consider a scenario: your 12-person immigration law firm invests $500 per employee in comprehensive cybersecurity training. That's a $6,000 investment per year.

Steep? Maybe at first glance. But cheap compared to the potential multi-million dollar cost of a data breach—an average of $2.98 million USD according to IBM’s Cost of a Data Breach Report 2021. Not to mention the incalculable costs of lost business from the damage to your professional reputation and loss of current (and prospective) client trust. Investing in your business costs money, but being seen as professionally incompetent costs a lot more.

Additional benefits

When data breaches make headlines weekly, a strong cybersecurity posture becomes a powerful differentiator in professional services. Imagine being able to tell potential clients, "Our entire team is certified in cybersecurity best practices." That's not just a security measure—it's a huge marketing advantage.

And speaking of marketing: today's legal professionals (especially younger generations) are increasingly tech-savvy and security-conscious. Offering quality cybersecurity training can also be a powerful tool for attracting and retaining top talent.

The compounding returns

Maybethe most valuable return on your investment is the creation of a security-conscious culture. This isn't just about preventing breaches—it's about building a firm that's resilient, adaptable, and prepared for the digital challenges of today and tomorrow.

When actively engaged in your organization’s digital security, your team is more likely to contribute to your security posture, helping to identify potential vulnerabilities and suggest improvements. It's an investment in your internal feedback loops that will pay dividends down the road.

The Final Verdict: Worth It

Again, investing in your human firewall isn't just a smart defensive move—it's a strategic, offensive play. It protects your business assets, enhances your firm’s reputation, fulfills your ethical obligations, and positions you for success in an increasingly digital legal landscape.

As you consider your priorities for the coming year, ask yourself if you can afford NOT to invest in your team's cybersecurity skills.

Ready to start building your human firewall?

Our cybersecurity course is designed for immigration professionals by immigration professionals with over 20 years of experience —Kelcey Baker and yours truly.

Learn more and schedule your training today—and follow along for more insights on building a resilient digital future for your law firm.

Get our newsletter
A monthly email on the latest in legal technology, process design, and the business of immigration law.
From quick tips to deep-dive content, we share the resources you need to deliver better legal services.