On June 16, Massachusetts Lawyers Weekly broke the story: nearly 13,000 clients and opposing parties learned their Social Security numbers and financial details had slipped through the digital cracks at respected Boston firm Casner & Edwards. Two federal class actions followed, accusing the firm of negligence and a 14-month delay before victims were told their data was at risk. masslawyersweekly.com
If a 150-lawyer, Boston powerhouse can be blindsided, where does that leave a three-person family-law shop in Providence or Worcester?
Why small firms should care (beyond the obvious)
-
Law firms are prime targets. Cyber-criminals prize legal files for the intimate, high-value data they contain. National giant Kirkland & Ellis is already fighting its own MOVEit breach lawsuit—proof that no size or budget is bullet-proof. reuters.com
-
Regulators don’t grade on a curve. Massachusetts’ breach-notification law still applies whether you’re 200 attorneys or two partners. “Unreasonable delay” in alerting clients can trigger fines and headlines. mass.gov
Five lessons you can act on this week
-
Clock starts now, not later. Casner’s 14-month gap between intrusion and client notice is a flashing red light. Build (or refresh) a written incident-response plan that spells out who calls whom—and sets internal deadlines measured in hours, not months. masslawyersweekly.com
-
Map the treasure. You can’t protect what you can’t locate. Inventory where Social Security numbers, driver’s-license scans, and settlement spreadsheets live. Then segment or encrypt those folders so a single password leak doesn’t open the whole vault. (Yes, your MSP should guide this.)
-
Lean on outside expertise early. Casner engaged third-party forensics after the fact. Line up those relationships before trouble hits: a cybersecurity firm, breach counsel, and a credit-monitoring provider you trust. Advance retainers shave days off your response clock. federmanlaw.com
-
Two years of credit monitoring isn’t a magic wand. Plaintiffs in the Casner suits argue that 24-month credit protection “doesn’t cut it” for lifelong identity-theft risk. Offering robust, multi-year safeguards shows clients you value their peace of mind as much as their case outcome. masslawyersweekly.com
-
Yesterday’s defenses are already dusty. As cybersecurity chair Cameron Shilling warned, “What was good enough six months ago is not good enough now.” Schedule quarterly security reviews the same way you calendar trust-account reconciliations—non-negotiable. masslawyersweekly.com
The heart of it…
You didn’t go to law school to memorize firewall settings. Yet your clients entrust you with the most sensitive chapters of their lives. Protecting that trust—swiftly, transparently, and proactively—is no longer optional.
If the Casner headline stirred a knot in your stomach, let’s turn that anxiety into action. Let our team partner with your firm to deliver cybersecurity that feels less like an IT project and more like a silent, steadfast co-counsel.
(Ready to breathe easier? A 30-minute consult could save you 30 sleepless nights.)
