{"id":755,"date":"2025-11-20T03:14:08","date_gmt":"2025-11-20T09:14:08","guid":{"rendered":"https:\/\/cmitsolutions.com\/philadelphia-pa-1200\/?p=755"},"modified":"2025-12-22T04:22:55","modified_gmt":"2025-12-22T10:22:55","slug":"what-hackers-know-about-law-firms","status":"publish","type":"post","link":"https:\/\/cmitsolutions.com\/philadelphia-pa-1200\/blog\/what-hackers-know-about-law-firms\/","title":{"rendered":"What Hackers Know about Law Firms That Most Partners Never See Coming"},"content":{"rendered":"

Based on a case from a Philadelphia-area practice, and relevant to any small or mid-size firm that assumes their systems are \u201cprobably fine.\u201d<\/span><\/em><\/strong><\/p>\n

Written by Keith Tessler, a Philadelphia-area MSP owner specializing in cybersecurity and managed IT services for small and mid-size law firms.<\/em><\/span><\/p>\n

A few years ago, I got to know the senior partner of a small Philadelphia-area law firm.<\/strong> Smart, steady, well-respected. The kind of attorney who keeps a calm hand on the wheel.<\/span><\/p>\n

But like many firms I work with across this region, he didn\u2019t spend much time thinking about what was happening inside his technology because nothing looked out of place. And when everything looks normal from the outside, it\u2019s easy to believe the systems behind it are safe \u2014 especially if you\u2019re convinced that a small practice isn\u2019t worth a hacker\u2019s time.<\/span><\/p>\n

I had mentioned more than once that the threat landscape had changed.<\/strong> Hackers aren\u2019t the same hobbyists we dealt with twenty years ago.<\/span><\/p>\n

Why Law Firms Face Unique Cybersecurity Risks Today<\/span><\/h2>\n

Today, many hackers are offshore operators using automated, AI-driven tools that hunt for weaknesses without caring who you are. It might be a few guys, or it might be an entire company of hackers. Either way, they don\u2019t need to target you personally. They only need to find a gap.<\/span><\/p>\n

He acknowledged the point, but like a lot of people, he set it aside for later.<\/span><\/p>\n

Then one day, later arrived.<\/span><\/p>\n

He called me about a strange alert from Microsoft.<\/strong> It said he\u2019d exceeded his daily limit for outgoing email. He told me he\u2019d only sent a handful of messages that day and wondered if something was wrong with Microsoft.<\/span><\/p>\n

For context, Microsoft\u2019s limit for most business accounts is roughly 100,000 outbound messages per day.<\/span><\/p>\n

If they\u2019re warning you that you\u2019ve hit it, something much more serious is probably going on.<\/span><\/p>\n

And it was.<\/span><\/p>\n

His email account had been compromised, but the real story went much deeper.<\/strong> Like a lot of small firms, he was using administrator-level access on his Microsoft 365 account. It made life easier \u2014 install a program here, tweak a setting there, no need to bother anyone for help. I understand the impulse. Convenience feels efficient.<\/span><\/p>\n

The problem is that when a hacker breaks into a system with admin rights, they now have all the same powers you have. Your keys open the entire building for them.<\/span><\/p>\n

\n

Key Insight: <\/strong>Once a hacker finds just one person\u2019s admin-level access, they have the key to your entire practice \u2014 and there\u2019s a good chance you won\u2019t know it.<\/span><\/h3>\n
\n

Quietly, over several days, the attacker installed dozens of programs, plugins, and remote-control tools inside his Microsoft 365 account.<\/strong> They created new email accounts. They positioned themselves to read documents, browse shared folders, access spreadsheets, harvest contacts, and move through every corner of the firm\u2019s Microsoft 365 environment.<\/span><\/p>\n

And they did all of it without setting off alarms.<\/span><\/p>\n

By the time we stepped in, the intruder had a level of access that would make any attorney\u2019s hair turn gray. We spent hours unraveling the first layer of damage, and once we installed our own monitoring and security tools, we began to see the rest of the picture.<\/span><\/p>\n

As soon as we cleaned up their foothold, the attacker tried again<\/strong>, immediately attempting to create more fraudulent email accounts. This time, we stopped it.<\/span><\/p>\n

What Hackers Can Do Inside a Compromised Law Firm Account<\/span><\/h2>\n

That\u2019s when the senior partner asked me a question I\u2019ve heard from more than one law firm after the fact. And he asked it the way anyone would \u2013 needing to know the answer, while at the same time wishing he didn\u2019t have to hear it:<\/span><\/p>\n

How much harm could they have caused?<\/strong><\/span><\/p>\n

I walked him through it. And I\u2019ll do the same for you.<\/span><\/p>\n

Here\u2019s the short version of what a hacker can do once they\u2019ve taken over a Microsoft 365 account inside a law firm.<\/span><\/p>\n

    \n
  • They can quietly forward your emails to an external mailbox.<\/span><\/li>\n
  • They can send emails in your name to infect your contacts\u2019 systems as well.<\/span><\/li>\n
  • They can read and download every document on OneDrive or SharePoint.<\/span><\/li>\n
  • They can create hidden inbox rules that reroute sensitive communications.<\/span><\/li>\n
  • They can impersonate your attorneys using newly created internal email accounts.<\/span><\/li>\n
  • They can send phishing messages to clients that look completely legitimate.<\/span><\/li>\n
  • They can reset passwords, lock you out, or deploy ransomware.<\/span><\/li>\n
  • They can alter, download, or delete files, or copy them for sale on the dark web.<\/span><\/li>\n
  • They can establish persistence so they can return even after you think they\u2019re gone.<\/span><\/li>\n<\/ul>\n

    This isn\u2019t a Hollywood script. This is the real-world playbook.<\/span><\/strong><\/p>\n

    And it happens most often to law firms that believe they\u2019re too small to be noticed.<\/span><\/p>\n

    After we eradicated the intruder\u2019s tools, we rebuilt the firm\u2019s environment properly. Monitoring, maintenance, 24\/7 detection, strong identity controls, no admin rights for anyone with a public-facing account, and ongoing reviews of their Microsoft 365 configuration. Not bells and whistles \u2014 just good hygiene.<\/span><\/p>\n

    Or what a football coach might call fundamental blocking and tackling.<\/span><\/p>\n

    The firm is safer now than it has ever been. But I always wish conversations like this would happen before the emergency, not after.<\/span><\/p>\n

    What Small and Mid-Size Law Firms Actually Need to Stay Secure<\/span><\/h2>\n

    If you\u2019re running a law firm, large or small, and you\u2019re wondering how to avoid becoming the next story, here\u2019s the truth: every firm is different, but the baseline protections are surprisingly consistent.<\/span><\/p>\n

    A typical 10-to-20-person practice usually needs several key elements in place to stay truly secure.<\/strong><\/span><\/p>\n

      \n
    • A professional monitoring system that flags suspicious behavior in real time.<\/span><\/li>\n
    • Strong identity protections with multi-factor authentication and conditional access.<\/span><\/li>\n
    • No administrator rights on everyday user accounts.<\/span><\/li>\n
    • Proper email security, including anti-phishing and anti-spoofing safeguards.<\/span><\/li>\n
    • Routine patching and updates for every system.<\/span><\/li>\n
    • Endpoint detection and response tools that catch malicious activity immediately.<\/span><\/li>\n
    • Reliable cloud and local backups that can be restored quickly.<\/span><\/li>\n
    • A defined onboarding and offboarding process to close gaps.<\/span><\/li>\n
    • Regular reviews of Microsoft 365 settings as the platform evolves.<\/span><\/li>\n
    • Practical guidance about secure workflows for client communication.<\/span><\/li>\n
    • A trusted technology partner who steps in before something becomes urgent.<\/span><\/li>\n<\/ul>\n
      \n

      Key insight:<\/strong> You don\u2019t need to fund an internal tech department to establish and maintain a secure system for your practice. You just need an appropriate tech structure and a qualified IT management service to oversee the vulnerable places where hackers could attack and hide \u2014 so you<\/em> can focus on practicing law.<\/span><\/h3>\n
      \n

      I\u2019ve worked with enough law firms to know this: your reputation rests on more than the strength of your legal arguments. It rests on trust.<\/strong> Your clients trust you with their most sensitive matters, and in today\u2019s world, that trust depends as much on your technology practices as your case strategy.<\/span><\/p>\n

      If you\u2019re unsure how secure your systems really are, that\u2019s a perfectly reasonable place to be. Most attorneys don\u2019t get training in cybersecurity, nor should they be expected to. That\u2019s my lane.<\/span><\/p>\n

      Your lane is serving clients.<\/span><\/p>\n

      My advice is simple: make sure your firm\u2019s technology is built to withstand the kind of attacks that don\u2019t announce themselves.<\/strong> You don\u2019t want to learn the hard way what it means when Microsoft tells you that yesterday, you supposedly sent 100,000 emails you never wrote.<\/span><\/p>\n

      That alert is rarely the central problem.<\/span>
      \nIt\u2019s a symptom of something darker.<\/span><\/p>\n

      \n


      \n<\/strong>FAQs<\/span><\/span><\/h2>\n
        \n
      1. What makes law firms such attractive targets for hackers?
        \n<\/strong>Law firms hold confidential client information, financial data, case documents, contracts, and communication that cybercriminals can use for extortion or resale. Even small practices have valuable data. Hackers know many firms rely on DIY technology setups, which makes their defenses easier to compromise.<\/span><\/li>\n
      2. Is outsourcing IT cost-effective for small and midsize law firms?
        \n<\/strong>Yes. For most firms, outsourcing is far less expensive than hiring even one full-time IT professional. You get access to a full team, enterprise-grade tools, and round-the-clock monitoring without the overhead of building an internal department.<\/span><\/li>\n
      3. What should a law firm do immediately if it suspects a breach?<\/strong><\/span>
        \nStop using the compromised account and reset its password. Then contact your IT or MSP partner right away. Don\u2019t delete anything. A professional team will isolate the threat, identify what was accessed, and begin cleanup. Quick action can prevent a bad break-in from becoming catastrophic.<\/span><\/li>\n<\/ol>\n
        \n

        \"Keith
        \nAbout Keith Tessler<\/strong><\/span>
        \nAs a Philadelphia-based technology expert and owner of a managed IT services firm, I understand how hard it is for attorneys to carve out time for their technology when their priorities are clients and cases. If you\u2019re ready to take a clear, honest look at your firm\u2019s systems and security, I\u2019m here to help \u2014 no drama, no scare tactics, and no high-pressure sales.<\/span><\/em><\/p>\n

         <\/p>\n","protected":false},"excerpt":{"rendered":"

        Based on a case from a Philadelphia-area practice, and relevant to any…<\/p>\n","protected":false},"author":1039,"featured_media":756,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[71,74,70,52,35,73,72],"class_list":["post-755","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it-services-for-the-greater-philadelphia-area","tag-hackers","tag-law-firm","tag-law-firms","tag-managed-it-services","tag-philadelphia","tag-practice","tag-systems"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cmitsolutions.com\/philadelphia-pa-1200\/wp-json\/wp\/v2\/posts\/755","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cmitsolutions.com\/philadelphia-pa-1200\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cmitsolutions.com\/philadelphia-pa-1200\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cmitsolutions.com\/philadelphia-pa-1200\/wp-json\/wp\/v2\/users\/1039"}],"replies":[{"embeddable":true,"href":"https:\/\/cmitsolutions.com\/philadelphia-pa-1200\/wp-json\/wp\/v2\/comments?post=755"}],"version-history":[{"count":0,"href":"https:\/\/cmitsolutions.com\/philadelphia-pa-1200\/wp-json\/wp\/v2\/posts\/755\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cmitsolutions.com\/philadelphia-pa-1200\/wp-json\/wp\/v2\/media\/756"}],"wp:attachment":[{"href":"https:\/\/cmitsolutions.com\/philadelphia-pa-1200\/wp-json\/wp\/v2\/media?parent=755"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cmitsolutions.com\/philadelphia-pa-1200\/wp-json\/wp\/v2\/categories?post=755"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cmitsolutions.com\/philadelphia-pa-1200\/wp-json\/wp\/v2\/tags?post=755"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}