How to Keep Your Data Secure at your Law Firm



Cyber-attacks are becoming increasingly sophisticated. They're often carried out by people trying to steal money or information. Even the American Bar Association has cited this as an "urgent concern" for law firms. As per the ABA, 25% of law firms have experienced a data breach. That’s a lot of law firms.

Below are some areas that all owner's or partners of law firms should investigate to ensure your business is protected:

Shared Wi-Fi

Does your law firm use a Wi-Fi system? Is there a guest Wi-Fi login and password? Who at the firm is aware of the password for the business Wi-Fi? This should be listed and documented in case of a breach.

What software is used at the firm?

Document all the software that's used at the law firm. Who has the master or primary admin seat? It should always be held by a partner or someone responsible for the accounting data at the law firm. It should not be an admin or a legal secretary. It should be the owner of the firm. 

Who has access to the software? What type of access does each employee have? Does the firm use desktop software? Who has access to that software? Who owns that software or is the listed owner? Is that software being backed up?


Is the law firm using complex passwords? It's imperative to protect all data using strong passwords. If the law firm uses a password management system, like Last Pass, who is the administrator? Again, this should be a firm owner. There should be someone at the law firm that manages in reviews the passwords that are selected for the law firm. Password should never be “password123” or anything that's very simplistic.

If a program or platform offers multifactor authentication, it should always be added to the login for any program.

Set up a Firewall

A firewall is an essential part of any network security system. It prevents unauthorized access to your network by blocking incoming connections. You should also make sure that your router has a firewall enabled.

Install an Antivirus Program

All computers at work should have antivirus software installed on them. An antivirus program will protect against viruses and other malicious programs that can cause damage to your computer. Malware bytes is a favorite at our firm because our company uses Mac computers. Norton antivirus is another good software for PCs.

Update Software Regularly

If you use desktop software on your computer, you need to update it regularly. Updating software regularly will ensure that you have the program's latest version and that it works properly. If you are using Chrome as your browser, you may have to log in or re-login if you see that it says "paused." Chrome is constantly updating for the best security, and it's best to ensure you're logged in properly.

Monitor User Activity

You should also monitor user activity on your website. Monitoring user activity includes watching what people do when they visit your site, as well as what they click on and where they go after visiting your site.

Educate Employees About Security Issues

Email is typically the number one place that the cyber threat begins. A good first line of defense against cyber-attacks is educating employees about security issues. Educating them about potential dangers will make them more likely to report suspicious activities to you. This education includes teaching your staff how to open emails and not click on things that seem suspicious. I have seen emails that look exactly like they came from Intuit/QuickBooks that are false and most likely sent by unscrupulous people.

The best way to avoid this drama is if they have software for client communication in document exchange. We use Liscio at our firm and are very happy with the platform.


It's imperative for any law firm to have some protocol in place. I would be neglecting this article without mentioning cyber insurance. It's a must in the lineup of insurance a business should have.

Having a plan and a list of who uses what software and what level of access they have is key to a successful law firm that is well protected. Let's face it, no one wants to be hacked or have a ransomware attack. Being ready for any situation is paramount.

I hope this article gets your brain thinking about how you, as an attorney, can protect your law firm from cyber-attacks. If you have any questions or comments, feel free to reach out. We would love to assist you in helping set up a secure system.

Yes, we do accounting and bookkeeping at our firm, but as you can tell, our advisory services spread far and wide. We are just a contact form away from helping your law firm.