Congratulations On Your Merger! Hope You Enjoy The Malware.

Glossy press releases never capture the hidden costs of a merger or acquisition. There’s always some eye-popping top-line value number and the audience is left to imagine the toll exacted by integrating accounting systems, aligning org charts, and telling staff that all the corporate swag they got in lieu of bonuses over the years is now against the office dress code. But what’s rarely thought about is the lurking cybersecurity dumpster fire in the server room, gift-wrapped and waiting for you!

At last week’s ILTA Evolve, the panel “The Cybersecurity Evolution: Legal Risks and Best Practices for Law Firms,” confronted this oft undiscussed topic. For those of us who think cybersecurity will prove the hot issue of 2025, the conversation led by seasoned tech veterans should scare any lawyer out there eyeing a merger while ducking their cyber training.

Picture it: a nice, low-key acquisition targeting an Australian firm of 10 employees. If only all deals could be this easy! Nobody bothers looping in IT or a security team before the deal, because why would you? How much trouble could 10 people get into?

Spoiler: so much trouble.

After handing out shiny new laptops, IT received the casual call asking to plug one of the Down Under servers with all their client data into the network. In a moment of “better late than never,” the tech folks got a chance to do some diligence before hooking it into the Matrix. After checking with the Australian tech people (who assured them that they had McAfee… a line that drew concerned chuckles from the ILTA audience), they brought up the console to show their effort before saying, “Oh, wait a second, that’s weird. It’s been turned off on this server. Let me turn that on.”

Ding.

Ding.

Ding.Ding.

Ding.Ding.DingDingDingDingDing.

They turned on the lights and a thousand digital cockroaches scattered. All told around 900 alerts popped up. Brute force hackers out of Singapore had got in through remote desktop. After a detour through the Soviet bloc, a bunch of malware landed on there.

Good thing someone bothered to look before plugging in Malware Mary.

But this is the kind of cybersecurity “oh crap” moment that can happen all the time because security can be an afterthought in M&A diligence until it’s too late. It’s going to get worse too. In a chat with the folks from PromptArmor, I learned about malicious, invisible code getting buried in files that humans won’t see but the AI will read when these files inevitably get fed into it.

And while lawyers should make this a concern for their clients’ deals, they might want to look in the mirror too. Because law firm mergers are a thing too, and they aren’t immune from cyber threats.

Despite the current health policy coming down from RFK Jr’s brain worm, the best defense to viruses comes from early inoculation and that’s just as true for computer viruses. Take trainings. Change passwords. Keep your system updated. Yes, even if it might mean restarting it once in a while. On this point, of all the cool things a product like Aiden can do in keeping everything updated and minimizing vulnerabilities, one of the most practical is the ability to find windows for those dreaded reboots and piggybacking off the unavoidable Microsoft resets to keep lawyers blissfully unaware that they’re down.

When attorneys hold up the works because they don’t have time to waste while trying to close their next deal, consider catching them in a couple phishing tests beforehand to drive home how much of a risk they are. As the panelists noted, most of the time the lawyers “already spent more time trying to get out of the training than it would’ve taken to just finish it.”

This is the paradox: organizations want security, but they don’t want to do security. They want secure outcomes without secure behavior. They want magic buttons, not tedious awareness campaigns, or annoying policy enforcements.

But cybersecurity requires active participation. Preferably before you turn on the monitor and find out it’s an Airbnb for hackers.

Joe Patrice is a senior editor at Above the Law and co-host of Thinking Like A Lawyer. Feel free to email any tips, questions, or comments. Follow him on Twitter or Bluesky if you’re interested in law, politics, and a healthy dose of college sports news. Joe also serves as a Managing Director at RPN Executive Search.

The post Congratulations On Your Merger! Hope You Enjoy The Malware. appeared first on Above the Law.