As lawyers become increasingly familiar with the world of cybersecurity in their work, it behooves them to remember that their firms are not immune from suffering a breach that could expose them to a host of potentially damaging consequences including litigation, reputational harm, loss of clients, regulatory investigations, fines and penalties. The fines and penalties may be tied to their failure to adequately adhere to their legal and professional obligations. In this article, we address those risks and how to mitigate them, based on insight provided by privacy and security experts at a recent webinar hosted by the American Bar Association Center for Professional Responsibility. See also “How Law Firms Should Strengthen Cybersecurity to Protect Themselves and Their Clients” (Mar. 30, 2016).