Cybersecurity Services for Law Firms

Is Your Firm in Compliance?

Both the ABA and the California State Bar have a lot to say about your obligations to your clients regarding technology. Are you in compliance?

The competence requirements in handling electronically stored information (ESI) have come of age. The lessons driven home by the State Bar’s COPRAC Formal Opinion 2015-193 are clear: either learn the basics of ESI, find someone who does, or decline the representation. Source: Continuing Education of the Bar (

Many local law firms are using outdated systems that fall outside the realm of acceptable best practices - sending unencrypted emails to clients, failing to store confidential data on encrypted drives, and potentially even running afoul of both State and Federal data breach laws should a cybersecurity incident take place.

As a Cybersecurity consultant it is my job to help flag problem areas for your firm, and propose affordable solutions. For many of my clients, figuring out what they don’t know is the first step!

Free Cybersecurity Audit

Let’s start with a free, confidential, in-person Cybersecurity audit. This is a chance to get to know each other, and for me to explain in more detail the kinds of services I provide. Think of the audit as a Cybersecurity health checkup. It only takes about an hour, and at the end you’ll get a document explaining my analysis of the current state of your organization’s cybersecurity health. This document is yours to keep and use even if you choose not to pursue my consulting services.

Services Offered

Active Cybersecurity Training (Individual and Group)

The cybersecurity threats facing organizations are always changing. Education is the key, and I provide training in best practices and threat intelligence for both groups and individuals.

Password Management

Most data breaches originate from compromised passwords. I train organizations in using state-of-the-art password management software to defend their accounts and digital assets.

Active Data Breach Monitoring

I can help set up your firm with automatic monitoring tools for notifications in the event of a data breach. As an extra precaution I can also check every individual email account used by your firm and your contractors.

Active Cloud Services Auditing

Most firms employ numerous third-party services (such as GSuite, Dropbox, Quicken Online, MailChimp, etc.) each of which generate an audit trail (log files) that needs to be monitored. This is both a practical cybersecurity and a liability issue. It is often the case that after an event is detected, going through the log files reveals that the initial breach occurred months or years prior, and could have been detected!

Active Anti-Phishing Campaigns

This service involves actively sending safe, fake, but realistic phishing emails to employees, and measuring the responses that those emails receive. This is the technique that banks and government institutions are mandated by law to undertake for all of their employees on an ongoing basis. I can initiate phishing campaigns targeted at the organization’s employees and work with employees to reduce their exposure to such emails.

24/7 On Call Service

Did something suspicious just happen? Not sure if that email is from who it says it’s from? I am always available for my clients! From suspicious emails and texts to general cybersecurity and IT services, help is just a phone call, text, or email away!

Next Steps

I look forward to talking with you about your firm’s specific needs and concerns, and to schedule your free cybersecurity audit. Please email me at to contact me directly.