In today’s digital warzone, the most dangerous threats often arrive disguised as something harmless. A CAPTCHA prompt. A fake DocuSign request. A simple email from a name you recognize. At MWL, we understand how one innocent click by a law firm without strong cybersecurity protocols can unravel millions of dollars’ worth of client data security. And quite frequently, we are called on to subrogate those claims.
The Breach Hiding in Your Inbox
Take, for instance, the rise of CAPTCHA-based phishing scams—like the one recently circulated across the legal industry. The email looks routine: “Please verify you’re human to view this secure document.” But the embedded link redirects to a credential-harvesting site that captures login details in seconds. Once credentials are compromised, hackers can gain access to file systems, case data, and sensitive personal information—often undetected until it’s too late. This is not theory. This is happening now. And for insurance carriers outsourcing subrogation files to newer, boutique law firms, the risk couldn’t be higher.
The Hidden Cost of “Cheap”
Many newer subrogation law firms operate with skeleton crews and shoestring budgets. They might be driven and hungry—but they often lack the hardened cybersecurity infrastructure needed to protect your insured’s data: Shared office spaces, Free email domains like Gmail or Yahoo, no third-party audits, no penetration testing, and no dedicated IT security staff. In 2024, this is not just insufficient—it’s dangerous. Choosing the cheaper firm might save you a few hundred dollars on fees, but it could cost you millions in fines, lawsuits, and reputational damage if your data ends up on the dark web.
The Anatomy of a Phishing Attack
Spoofing: Attackers imitate trusted sources—a colleague, a client, a vendor.
- Deception: An urgent subject line or call to action compels the user to click.
- Exploitation: The link leads to a spoofed login page, CAPTCHA request, or PDF portal.
- Access: Credentials are harvested, and attackers enter the system, often undetected.
From there, they can move laterally through unsecured environments, often exfiltrating data or deploying ransomware before anyone realizes.
Real Firms, Real Damage
In the past few months alone:
- A small legal vendor was breached via a phishing email disguised as a Dropbox request.
- A boutique firm lost 6 months of client files due to ransomware initiated through a spoofed Microsoft login.
- A regional insurer had to notify over 18,000 policyholders after their legal partner’s unsecured email server was compromised.
None of these firms had active endpoint monitoring. None had cyber insurance that covered the breach. All of them said the same thing: “We didn’t think it could happen to us.”
What MWL Does Differently
At Matthiesen, Wickert & Lehrer, S.C., we don’t guess. We prepare. Our security protocols include:
- Advanced phishing simulations and threat recognition training for all staff
- Multi-factor authentication across every endpoint and login
- All MWL systems and data are stored in cloud data centers that are fully encrypted and geographically redundant
- Our cloud datacenter provider goes through Annual SOC 1 and 2 audits, and we perform regular external penetration tests and audits
- Real-time intrusion detection and 24/7 monitoring, including a full security information and event management (SIEM) cybersecurity solution
- Restricted access policies for all client data based on role and case relevance
All MWL employees nationwide are subjected to phishing and cybersecurity testing and must undergo annual training and testing on all aspects of cybersecurity. We’ve spent over a decade building a security-first culture because we know the stakes. A single breach can undo a century of trust.
Scare Them or Spare Them: Why Insurance Carriers Must Ask Tough Questions
Before you assign your next file, ask your current subrogation vendor:
- What’s your protocol if a phishing attack is successful?
- Have you passed a third-party cybersecurity audit in the past 12 months?
- Where exactly is my data being stored?
- Who has access to it?
- Are you insured for cyber breaches? What’s your coverage limit?
If the answers are vague, evasive, or overly confident without documentation, consider that a red flag. At MWL, we not only welcome these questions—we’ll provide documentation to back every answer.
It’s Not Paranoia If They’re Really After You
Cybercriminals don’t care how passionate your lawyer is about your case. They care about vulnerabilities. And when they see a small law firm with no security budget and no IT team, they see opportunity. All insurance companies are a target. Every claim file is a bounty. Every subrogation vendor is either a safeguard or a liability.
Final Thought: The Click You Didn’t Question
That email that seems just slightly off, that link you clicked without verifying, or that firm you hired without vetting their digital infrastructure could be the crack that opens the floodgates. At MWL, we close the cracks before they become catastrophes. Because you’re not just trusting us with legal expertise. You’re trusting us with your insureds. Your data. Your name.
*Michael Plaza is the IT Manager at Matthiesen, Wickert & Lehrer, S.C. (MWL), where he serves as the architect and guardian of the firm’s advanced cybersecurity infrastructure. With over two decades of experience in information technology and systems engineering, Michael has cultivated a reputation as a forward-thinking strategist and hands-on problem solver in an increasingly complex digital world. His expertise spans network architecture, enterprise cybersecurity, data lifecycle management, and disaster recovery planning. At MWL, Michael is the force behind the firm’s impenetrable security protocols and high-availability systems, ensuring that sensitive client data is not only protected but fortified. Widely regarded as a cybersecurity guru, Michael brings both technical depth and strategic insight, making him an invaluable asset in today’s threat landscape.
