Word of the Week: “Phishing” 🎣 in the Legal Profession - What Every Lawyer Needs to Know in 2025 🛡️

/ The Tech-Savvy Lawyer.Page/

Lawyers Battle phishing on a daily basis.

Phishing is one of the most persistent and dangerous cyber threats facing law firms today. Phishing is a form of computer and internet fraud in which criminals use fake emails, websites, or messages to trick recipients into revealing sensitive information such as passwords, bank details, or client data. For lawyers and legal professionals, the stakes are especially high: law firms hold vast amounts of confidential client information, making them prime targets for cybercriminals. The American Bar Association (ABA) Model Rules for Professional Conduct, particularly Rule 1.6 (Confidentiality of Information) and Rule 1.1 (Competence), require lawyers to protect client data and maintain competence in technology relevant to their practice.

How Phishing Targets Law Firms

Phishing attacks against law firms have become more sophisticated in 2025. Criminals now use generative AI to craft emails that closely mimic real communications from clients, colleagues, or even senior partners. These messages often create a sense of urgency, pressuring recipients to act quickly—such as transferring funds, sharing login credentials, or downloading malicious attachments. Business Email Compromise (BEC) scams are particularly damaging, as attackers impersonate managing partners or clients to divert wire transfers or request sensitive documents.

Impersonation: The Hidden Dangers in Your Inbox

Attackers often use email spoofing to manipulate the display name and email address, making a message appear to come from someone you trust. The display name (the name that appears in your inbox) can be set to any familiar contact, but the actual email address may be subtly altered or completely fake. For example, a scammer might use “john.smith@lawfirm.com”or “John Smith of ….” as the display name, but the underlying address could be “jjohn.smith@lawf1rm.com” or “john..john.smith@lawfirm.co@lawfirm.co.” These changes are often just a single character off, designed to trick you into replying or clicking a malicious link.

Lawyers should always examine the full email address, not just the display name, before responding or acting on any request. On many smartphones and email clients, only the display name is shown by default, so you may need to click or tap to reveal the actual sender’s email address. If the message requests sensitive information, money transfers, or urgent action, verify the request through a separate communication channel, such as a phone call using a known number—not one provided in the suspicious email. This vigilance aligns with ABA Model Rule 1.1, which requires lawyers to maintain competence, including understanding risks associated with technology.

Recent Phishing Incidents Involving Lawyers

Phishing Email Threatens Law Firm Cybersecurity Defense

What Lawyers Should Watch For

  • Impersonation: Always check the sender’s full email address, not just the display name. Watch for addresses that are off by one or more characters.

  • Urgency and Pressure: Be cautious of emails that demand immediate action, especially those involving money or confidential data.

  • Suspicious Links or Attachments: Hover over links to check their true destination, and never open unexpected attachments.

  • Unusual Requests: Be wary of requests outside normal procedures, such as buying gift cards or changing payment instructions.

Prevention and Best Practices

  • Employee Training: Regular cybersecurity awareness training is crucial. Staff should be able to recognize phishing attempts and know how to report them. This supports ABA Model Rule 5.3 (Responsibilities Regarding Nonlawyer Assistance).

  • Multi-Factor Authentication (MFA): MFA adds an extra layer of security, making it harder for attackers to access accounts even if credentials are compromised.

  • Incident Response Plan: Every law firm should have a clear plan for responding to phishing incidents, including communication protocols and legal obligations for breach notification.

  • Client Education: Educate clients about phishing risks and encourage them to verify any unusual requests that appear to come from your firm.

Professional Responsibility and Phishing

lawyers need to be proactive Against Cybersecurity Threats in 2025!

The ABA Model Rules make clear that lawyers must take reasonable steps to prevent unauthorized access to client information (Rule 1.6(c)). Lawyers must also keep abreast of changes in technology and its associated risks (Rule 1.1, Comment 8). Failing to implement basic cybersecurity measures, such as phishing awareness and email verification, may expose lawyers to disciplinary action and civil liability.

Final Thoughts

Phishing is not just an IT problem—it’s a business risk that can compromise client trust, cause financial loss, and result in legal liability. By staying vigilant, investing in training, and adopting robust security measures, lawyers can protect themselves, their clients, and their reputations in an increasingly digital world. Compliance with the ABA Model Rules is not optional—it's essential for ethical and effective law practice.

📖 Word(s) of the Week (Woow): "Service as a Service" (SaaS) & "Hardware as a Service" (HaaS)!

/ The Tech-Savvy Lawyer.Page/

SaaS vs. HaaS: What Law Firms Need to Know About Service as a Service and Hardware as a Service in 2025 ⚖️💻

Exploring SaaS vs. HaaS in Legal Tech!

Legal practices are rapidly embracing cloud-based solutions, and two models stand out: Software as a Service (SaaS) and Hardware as a Service (HaaS). Understanding these models is essential for law firms seeking efficiency, security, and cost-effectiveness in 2025.

What is SaaS?
SaaS is a cloud-based software delivery model. Instead of buying software outright and installing it on each device, law firms subscribe to web-hosted applications. This means no more managing physical servers or complex installations. Leading SaaS providers handle updates, security, and maintenance, freeing attorneys to focus on clients and cases.

Benefits of SaaS for Law Firms:

  • Centralized, secure document management—enabling paperless workflows and real-time collaboration.

  • Cost savings by eliminating expensive hardware and IT support. Firms pay only for what they use and can scale up or down as needed.

  • Remote access to case files, calendars, and billing from anywhere, supporting hybrid and remote work environments.

  • Automatic updates and improved security, with providers responsible for compliance and data protection.

  • Specialized legal features, such as document automation, calendaring, and legal billing, tailored for law practices.

Legal Considerations for SaaS:
SaaS agreements replace traditional software licenses. They must clearly define service levels, data privacy, and compliance with regulations. SaaS lawyers play a crucial role in drafting contracts, protecting intellectual property, and ensuring regulatory compliance across jurisdictions.

What is HaaS?
HaaS provides physical hardware—like computers, servers, or networking equipment—on a subscription basis. Law firms avoid large upfront purchases and instead pay a monthly fee for access, support, and maintenance. HaaS often includes installation, configuration, troubleshooting, and ongoing monitoring.

Benefits of HaaS for Law Firms:

Knowing your SAAS and Haas agreement terms is essential to maintaining client confidentiality and security

  • Predictable budgeting with no surprise hardware expenses.

  • Up-to-date equipment and proactive maintenance, reducing downtime.

  • Comprehensive support agreements, including warranties and rapid response times.

  • Enhanced security and compliance, as providers manage device updates and data protection.

Legal Considerations for HaaS:
HaaS contracts should specify the scope of services, pricing, service-level agreements (SLAs), liability, data privacy, and dispute resolution. Clear terms protect both the law firm and the provider, ensuring accountability and compliance with industry standards.

Challenges Law Firms Face in Using SaaS and HaaS

Law firms adopting SaaS and HaaS face several notable challenges:

  • Security Vulnerabilities: SaaS platforms can be susceptible to misconfigured access controls, inadequate monitoring, and insufficient threat detection. These weaknesses make law firms prime targets for cyberattacks, such as unauthorized access and data breaches, as seen in high-profile incidents involving major firms.

  • Data Breaches and Compliance Risks: Sensitive client data stored in SaaS environments is at risk if proper security measures are not in place. Breaches can expose confidential information, leading to regulatory penalties, reputational damage, and class action lawsuits if firms fail to notify affected parties promptly.

  • Integration Challenges: As law firms rely on multiple SaaS vendors, integrating various software platforms can become complex. Poor integration may disrupt workflows and reduce efficiency, especially if systems do not communicate seamlessly.

  • Shared Responsibility Confusion: SaaS providers typically secure the platform, but law firms are responsible for data security and access controls. Many firms mistakenly believe vendor security alone is sufficient, which can leave critical data exposed.

  • Reliable and consistent internet access: Reliable and consistent internet access is essential for law firms using SaaS and HaaS, as these cloud-based solutions require an active connection to access software, documents, and case management tools; any internet outage or slow connectivity can disrupt workflows, limit access to critical information, and impact client service. (What if you are on travel and the airplane, hotel, or location does have (reliable) internet connection - how do you get your work done?)

  • Business Email Compromise (BEC): SaaS ecosystems increase the risk of BEC attacks. Compromised email accounts can be exploited for fraud, impersonation, and data theft, often going undetected for extended periods.

  • Data Classification and Visibility Issues: Rapid adoption of SaaS can lead to scattered data across multiple platforms. Without a formal data classification strategy, firms may lose track of where sensitive information resides, complicating compliance and incident response.

  • Legal and Contractual Complexities: SaaS contracts involve nuanced licensing agreements, third-party vendor relationships, and service level commitments. Discrepancies between vendor terms and client expectations can result in disputes and legal challenges.

  • Dependency on Providers: Both SaaS and HaaS models make firms dependent on external vendors for uptime, support, and updates. Service disruptions or vendor instability can directly impact firm operations.

  • Hardware Lifecycle Management: With HaaS, firms avoid upfront hardware costs but must rely on the provider for timely upgrades, maintenance, and support. Poor vendor performance can lead to outdated equipment, downtime, or security gaps.

  • Cost Over Time: While SaaS and HaaS reduce initial capital expenditures, ongoing subscription fees may add up, potentially exceeding the cost of traditional ownership in the long term if not carefully managed.

Lawyers need to know the pros and cons in using saas and haas products!

While SaaS and HaaS offer significant advantages, law firms must address these risks through robust security practices, careful contract negotiation, and ongoing vendor management to protect sensitive data and maintain operational integrity. This may be easier for large law firms but difficult if not nearly impossible for mid- to small- to solo-size law practices.

Why Law Firms Should Care
Both SaaS and HaaS offer flexibility, scalability, and security that traditional IT models cannot match. By leveraging these services, law firms can modernize operations, improve client service, and reduce risk. The right contracts and due diligence are critical to ensure business continuity and compliance in a rapidly evolving legal tech landscape.

Word of the Week: RAM in Legal Computing 🖥️💻

/ The Tech-Savvy Lawyer.Page/

“RAM,” or “Random Access Memory,” is crucial for lawyers as it affects the performance of their computing systems. Nobody wants a slow computer! 😳 Adequate RAM ensures smooth multitasking, efficient document management, and quick access to legal databases 📚.

More RAM, more power: Work FASTER, not SLOWER!!!

RAM can be likened to the amount of desk space a lawyer has to work with. Just as a larger desk allows for more documents to be spread out and accessed simultaneously, more RAM enables a computer to handle multiple applications and files without slowing down 📊. With sufficient RAM, lawyers can multitask efficiently, switching between documents, research tools, and communication platforms without a performance bottleneck. Insufficient RAM can lead to slow processing times, impacting productivity and client service. Lawyers should assess their computing needs to ensure they have the right amount of RAM for optimal performance, especially when handling large files or multiple applications simultaneously 📊.

Pro Tip: It is better to get a little (or a lot) more RAM than you think you need. Depending on the device you purchase, you may not be able to increase the RAM later if you find yourself lacking.

Happy Lawyering!!!

WoW: AI Anthropomorphism - Why Law Firms Must Recognize the Human Illusion in Legal Tech 🤖⚖️

/ The Tech-Savvy Lawyer.Page/

What Is AI Anthropomorphism?

Real wisdom isn’t coded—lawyers still Need to read the dictionary.!

AI anthropomorphism is the tendency to attribute human qualities—like emotions, intentions, or consciousness—to artificial intelligence systems. In law practice, this often means treating chatbots, legal research tools, or document automation platforms as if they “think,” “feel,” or “understand” like a human attorney. This perception is not just a quirk of psychology; it can have real consequences for how law firms use, trust, and market AI-powered legal technology.

Why Does It Matter for Attorneys? 💼

Legal professionals increasingly rely on AI for research, drafting, and client communications. AI chatbots and document generators are now common in law offices. When attorneys or staff assume these tools “understand” legal nuance or can “reason” like a human, they risk overestimating what AI can do. This can lead to errors, ethical missteps, or even malpractice if AI-generated output is not carefully reviewed by a human expert.

How AI Anthropomorphism Shapes Law Firm SEO and Content Strategy 📈

lawyers still Need to read the dictionary.!

AI is revolutionizing how law firms approach digital marketing and SEO. Generative AI can produce content that sounds human, answers client questions, and even tailors responses to user intent. However, search engines like Google still prioritize content that demonstrates real human expertise, authority, and trustworthiness (E-E-A-T). If your firm relies too heavily on AI-generated content—without human review or unique legal insights—it can hurt your work and credibility.

The Risks of Anthropomorphizing AI in Legal Practice ⚠️

  • Over Trusting AI Outputs: Treating AI as a “virtual colleague” can cause attorneys to accept its answers without proper scrutiny. AI does not “know” the law; it predicts likely responses based on training data and may fabricate information (“Hallucinate”) or miss key context.

  • Ethical & Professional Duty: Lawyers have a duty to supervise technology and ensure its outputs meet professional standards. Assuming AI “gets it right” can result in ethical violations or harm to clients.

  • Client Perception: If clients believe your AI tools are as reliable as a seasoned attorney, they may misunderstand the limits of these technologies. Transparency about what AI can and cannot do is crucial for trust.

Best Practices for Law Firms 👩‍⚖️👨‍⚖️

AI is a tool not the answer.

  • Human Oversight: Always review AI-generated documents and research. Use AI as a tool, not a replacement for legal judgment.

  • Educate Staff and Clients: Make sure everyone understands that AI does not “think” or “feel.” It is a powerful assistant, not a human expert.

  • Blend AI Efficiency with Human Expertise: The most effective law firm content combines AI’s ability to process and structure information with the unique insights and experience of attorneys.

  • Optimize for E-E-A-T: Google rewards content that demonstrates human expertise and trustworthiness. Use AI to support, not substitute, your firm’s voice and authority.

The Bottom Line

AI anthropomorphism is a natural but risky habit in legal practice. By recognizing AI’s true capabilities and limits, law firms can harness its power while maintaining the high standards clients and regulators expect. The future belongs to firms that blend technological innovation with irreplaceable human judgment and expertise.

WOW: 🌐 DNS: The Internet's Phonebook and Why Lawyers Need to Know It! 📚

/ The Tech-Savvy Lawyer.Page/

🛡️ Protect your firm, learn your DNS 🛡️.

Following The Tech-Savvy Lawyer.Page Podcast Episode 🎙️ Ep. 104: The Importance of Data Backup & Cybersecurity w "Mr. Backup", Curtis Preston!, I realize it might be beneficial to explain what “DNS” means:

Imagine you want to visit a friend's house, but instead of using their street address, you only know their name. To find their house, you would need a directory that translates names into addresses. Similarly, when you type a website's domain name into your browser, like "example.com," your computer doesn't understand it. That's where the Domain Name System (DNS) comes in, acting as a translator between human-readable domain names and computer-friendly IP addresses 📊. 

DNS is like a phonebook for the internet, converting domain names into IP addresses that computers can understand, allowing you to access websites without memorizing complex IP addresses like the one for The Tech-Savvy Lawyer.Page, which would be its unique IP address if it were publicly available 📈.

For lawyers, understanding DNS is essential for maintaining a robust online presence, particularly when it comes to their firm's website 🌐. DNS plays a key role in website performance and security, impacting how quickly and securely clients can access legal services online 🚀.

Why DNS Matters for Lawyers:

💼 Lawyer by day, DNS master by night! 🦸‍♂️

  • Performance Optimization: Techniques like DNS prefetching can significantly improve website loading times, enhancing user experience and SEO rankings 📈.

  • Security: DNS security measures, such as DNS firewalls and DNSSEC, protect against cyber threats like DNS spoofing and hijacking, safeguarding client data and trust 🛡️.

  • Reliability: Ensuring DNS records are correctly set up, especially CNAME records for CDNs, ensures efficient content delivery and minimizes downtime 📈.

In today's digital age, lawyers must be aware of DNS to ensure their online platforms are both fast and secure, providing a seamless experience for potential clients 🌟. Moreover, understanding DNS can help lawyers troubleshoot common issues with their website, such as slow loading times or unexpected errors, by identifying problems in DNS resolution or configuration 🚨.

Happy Lawyering!

Word (or Acronym) of the Week: Advanced Data Protection (ADP) 🔐

/ The Tech-Savvy Lawyer.Page/

Advanced Data Protection (ADP) is Apple's robust end-to-end encryption feature for iCloud data. It ensures only the account holder can access their information, including photos, notes, and backups. ADP elevates user privacy by rendering data inaccessible even to Apple itself. This heightened security measure is crucial for legal professionals handling sensitive client information. However, ADP's recent removal in the UK due to government pressure highlights the ongoing tension between data privacy and law enforcement access, prompting lawyers to reassess their digital security strategies.

Word of the Week: "Zoom Mullets" in Legal Practice!

/ The Tech-Savvy Lawyer.Page/

Zoom Mullets: Balancing Comfort & Courtroom Credibility ⚖️💻"

Office mullets can be a Wardrobe option for work - just make sure it’s appropriate and that you can’t be seen below the belt!

 The "Zoom mullet"—professional tops paired with casual bottoms during virtual meetings—has become a staple for remote legal work. While 75% of professionals adopt this hybrid attire 🕴️👖, its impact on courtroom decorum demands scrutiny. James “Jamie” Holland II, featured on *The Tech-Savvy Lawyer.Page* Podcast Episode #35, pioneered the first fully virtual trial in U.S. history via Zoom 🏛️💡. His insights reveal:  

Judges notice attire—even on camera. A wrinkled shirt or unkempt background can subconsciously undermine your credibility.
— Jamie Holland

Key considerations for attorneys:  

You don’t want the judge’s ire if you can be seen dressed inappropriately for court (even through a zoom hearing)!

  • Courtroom protocols: Texas and Michigan courts conducted 1.1 million+ virtual proceedings post-2020, with strict dress codes enforced despite partial visibility.  

  • Tech setup: Holland advises testing cameras/mics pre-hearing and using neutral virtual backgrounds to mask informal spaces.  

🚨Make sure that if you are wearing a Zoom Mullet, the viewer can’t see the bottom half! You don’t want to get in trouble with the judge, your client, or the bar!

📢 Shout out to previous podcast guest Wendy Meadows for illuminating me on this word! 🤗

Word of the Week: 📖 What is Malvertising? 🖥️🚨

/ The Tech-Savvy Lawyer.Page/

lawyers should be weary of malvertising when online shopping!

Malvertising, a portmanteau* of "malicious" and "advertising," is a cybersecurity threat where attackers inject malicious code into legitimate online ads. These ads can appear on reputable websites, potentially infecting users' devices with malware or redirecting them to phishing sites. As online advertising grows, malvertising poses an increasing risk to internet users and businesses alike.

Did you know the word "podcast" 🎙️ is a portmanteau too! 😮 It's a made-up word coined from a combination of the words "iPod" and "broadcast"! 🤯

Did you know the word "podcast" 🎙️ is a portmanteau too! 😮 It's a made-up word coined from a combination of the words "iPod" and "broadcast"! 🤯

* I learned a new word this week too!  Also known as a “portmanteau word” is a word blending the sounds and combining the meanings of two others, for example motel (from ‘motor’ and ‘hotel’) or brunch (from ‘breakfast’ and ‘lunch’.

Wednesday “How too …”: 🔒 Securing Cloud Storage for Lawyers: Best Practices and Ethical Considerations!

/ The Tech-Savvy Lawyer.Page/

As a lawyer, protecting client data is not just a best practice—it's an ethical obligation. There are too many providers to give step-by-step instructions in a “How to” post. But here’s how to ensure any cloud storage is secure while adhering to ABA Model Rules:
(Note that in future postings, we’ll delve deeper into some of the topics below).

Choose a Secure Provider 🛡️

Lawyers have an ethical duty to ensure information they store on the cloud is secure!

Select a cloud service that offers:

  • End-to-end encryption 🔐

  • Compliance with legal industry standards (e.g., HIPAA) 📋

  • Strong authentication methods 🔑

  • Regular security audits 🕵️‍♂️

Implement Strong Access Controls 🚫

  • Enable multi-factor authentication (MFA) for all accounts 📱

  • Set up role-based access controls 👥

  • Regularly review and update user permissions 🔄

 Encrypt Everything 🔒

  • Use end-to-end encryption for all client data

  • Consider additional tools like Cryptomator for highly sensitive documents 🗄️

Secure File Sharing 📤

  • Use secure file sharing features provided by your cloud service

  • Set expiration dates and passwords for shared links ⏳🔑

  • Avoid sharing sensitive information via email 🚫📧

Regular Security Audits 🔍

  • Conduct periodic reviews of your firm's data security practices

  • Keep all security software and systems up-to-date 🔄

  • Review access logs for any suspicious activity 👀

"Cybersecurity isn't a single step 🔒 — it's a multifaceted priority 📚 every lawyer must understand!"

"Cybersecurity isn't a single step 🔒 — it's a multifaceted priority 📚 every lawyer must understand!"

Cybersecurity isn't a single step 🔒—it's a multifaceted priority 📚 every lawyer must understand!

Educate Staff and Clients 📚

  • Train staff on data security best practices 👨‍🏫

  • Inform clients about your data security measures 📢

  • Obtain informed consent from clients for cloud storage use ✍️

Implement Backup and Recovery Plans 💾

  • Regularly backup all client data

  • Test data recovery procedures periodically 🔄

  • Ensure backups are also encrypted and securely stored 🔐

Use Secure Communication Channels 💬

  • Implement encrypted email or secure client portals for communication

  • Avoid discussing sensitive information over unsecured channels 🚫📱

Monitor for Threats 🕵️‍♀️

lawyers need to stay up-to-date on new cloud security developments and cyberattacks on the cloud-storage/backup platform of choice.

  • Use advanced threat detection tools 🛠️

  • Stay informed about the latest cybersecurity threats 📰

  • Have an incident response plan in place 🚨

Comply with Ethical Guidelines 📜

  • Stay updated on your state bar's ethics opinions regarding cloud storage

  • Ensure your practices align with ABA Model Rules 1.1 (Competence) and 1.6 (Confidentiality) ⚖️

By following these steps, lawyers can significantly enhance the security of client data stored in the cloud, meeting their ethical obligations and protecting sensitive information from unauthorized access or breaches. 🛡️👨‍⚖️👩‍⚖️

Word of the Week:  What do they mean by Natural Language Processing? 🧐

/ The Tech-Savvy Lawyer.Page/

NLP is just a component in the makeup of the AI that lawyers need to learn in order to stay competitive today and in the future!

Natural Language Processing (NLP) is a branch of artificial intelligence (AI) that enables computers to understand and interpret human language. It works by combining computational linguistics with machine learning to analyze text and speech. NLP can automate tasks like document review and legal research, making processes more efficient. But, it won't replace lawyers.

NLP can't think like a human. It can only review data. Thus, NLP cannot carry out important critical thinking and understand important nuances of facts and law. So, lawyers who don't adopt NLP and AI tools risk falling behind.

Lawyers need to embrace Natural Language Processing & Artificial Intelligence technologies to stay competitive and enhance their services to their clients!

💻⚖️

Lawyers need to embrace Natural Language Processing & Artificial Intelligence technologies to stay competitive and enhance their services to their clients! 💻⚖️

 #LegalTech 💻⚖️ #AIinLaw 🤖 #LawFirmInnovation 🚀 NLP 🌐 #FutureOfLaw 📈