Want Your business to Thrive?
Stay connected with our weekly newsletter that contains tips and actionable advice you can use.
- May 7
Joe Popper Shares Why Law Firms Are Easy Targets for Cybercrime (and What to Do About It)
The Risk Most Law Firm Owners Ignore
Most law firm owners believe cybercrime is something that happens to large firms… banks… or corporations.
Not to them.
But that assumption is exactly what makes small and mid-sized firms the easiest targets.
In a recent conversation with IT expert Joe Popper, one message became very clear…
Law firms are sitting on extremely valuable information… and most are underprotected.
The Real Story: How a Simple Email Can Cost $100,000
Imagine this…
Your firm sends a $50,000 invoice to a client.
Everything looks normal.
Behind the scenes, a hacker has already accessed your email system. They set up a rule so replies from that client go straight to trash… and you never see them.
Then they send a follow-up email… from your account…
“Please send payment to our new bank account.”
The client trusts the request.
The money is gone.
No alarms… no warning… no obvious mistake.
This is called Business Email Compromise (BEC)… and it is one of the most common ways law firms lose money today.
The Framework: How Cybercriminals Actually Target Law Firms
This is not random.
It is a structured, repeatable process… just like any business.
1. Identify the Target
Small law firms are preferred because they often lack strong security controls.
2. Build a Lead List
Public data makes it easy to find firms, employees, and roles.
3. Launch a Phishing Campaign
Emails are crafted using AI to look professional and believable.
4. Gain Access
One click… one login… one mistake… and access is granted.
5. Extract Value
Hackers monitor email, find invoices, and redirect payments.
The goal is simple…
Steal large amounts of money with minimal effort.
The Fix: What Law Firms Must Do Immediately
You do not need to become a cybersecurity expert.
But you do need to put safeguards in place.
1. Verify Financial Changes by Voice
Any request to change banking details must be confirmed by phone.
2. Send Test Payments First
Before sending large payments, send a small amount and confirm receipt.
3. Require Multi-Factor Authentication (MFA)
Every user… every system… no exceptions.
4. Review IT Controls Regularly
Ask your provider for proof, not just reassurance.
5. Get Cybersecurity Insurance
This is risk management… not optional protection.
Results: What Happens When Firms Take This Seriously
Firms that implement these controls:
Prevent fraudulent payments before they happen
Reduce financial exposure dramatically
Protect client trust and reputation
Avoid operational disruption
Gain confidence in their systems
Firms that ignore this…
Often learn the hard way.
Conclusion: Every Law Firm Is a Target
It does not matter if you are a solo attorney or a 20-person firm.
Size does not protect you.
In many cases… it makes you more vulnerable.
Cybersecurity is no longer an IT issue.
It is a financial risk… an operational risk… and a leadership responsibility.
Connect with Joe Popper:
Website: https://poppertechteam.com
LinkedIn: https://www.linkedin.com/in/joepopper/
Curious About Working with Profit Scale Thrive?
Running a successful law firm takes more than legal expertise—it requires financial mastery, strategic planning, and data-driven decision-making. At my accounting firm, Profit Scale Thrive, we specialize in helping law firms achieve lasting profitability by providing tailored financial guidance, optimizing cash flow, and equipping you with the insights needed to scale with confidence.
Ready to take your firm's finances to the next level? Join our private community for law firm owners called "Your Profitable Law Firm Community". Each month, we talk about essential topics specific to the business side of running a law firm. This is your opportunity to connect with other firm owners, share challenges, and discover proven solutions in a supportive environment.