BP Perspective Insights from a Business Partner

Five-Alarm Warning: Modern Data Threats Are Too Hot to Handle

Most legal management professionals require a hat rack to hold the caps of their various roles: accountant, marketer, recruiter, HR director, IT coordinator, drill sergeant, therapist, confidant ... and, of course, fire marshal. 

Tom Lambotte

The smaller the firm, the more hats they’re forced to wear — they are asked not only to oversee additional responsibilities but often to handle them personally. This frequently includes assuming IT responsibilities, which can prove to be a fatal business mistake.

While the best administrators deftly juggle jobs and extinguish everyday emergencies, they aren't equipped to battle the existential blazes posed by today’s ever-changing cybersecurity challenges. Legal management professionals who serve as the go-to IT person simply lack the time, knowledge or technical expertise to battle the sophisticated hackers that specifically target law firms and breached 29% of practices last year alone.

Cybersecurity is a pressing threat — 60% of small businesses fold within six months of being attacked. Data breaches are particularly devastating to law firms, where client privacy, legal reputations and even accreditation can be on the line.

Unfortunately, small to midsize firms are short on appropriate resources to address the problem. Based on my 16 years in this field, I’ve found most office managers run into one of these IT scenarios:

1. In-house IT: Some admins have in-house IT staff managing day-to-day operations. Especially for smaller firms with a headcount of 50 or fewer, this is often a single individual. It is common for this person to be overwhelmed with support tickets, new projects and fires of their own that leave little time to tackle new emergencies or stay current on cybersecurity best practices. 

2. Managed service provider (aka outsourced IT): Many firms enlist managed service providers (MSPs) to handle their tech needs. Sadly, a significant chunk of them are equally stretched and generally focused on shifting rapidly between support tickets, printer maintenance and internet outages rather than fending off dangerous threats. As a result, many MSPs are still relying on outdated solutions to cybersecurity problems. The best ones have modern cybersecurity stacks — but fully outsourcing your tech and security needs is not in everyone’s budget.

3. Hourly IT consultant: The third most common option is an hourly consultant to call on when Google searches prove fruitless. The problem with this option is that the best ones keep their clients for a long time. Why is that an issue? Before long, their schedules are spoken for and filled to the brim on a regular basis. 

They solve their clients’ tech issues in the moment but rarely have time to research and keep up to date with cybersecurity — that is not their primary role. They aren’t paid to be proactive. Rather than putting out fires, they simply sweep up ashes in the aftermath.

4. Random help or paralegal/IT expert: Then there are the desperate admins forced to rely on a partner’s tech-savvy family member or that paralegal who moonlights as an influencer to serve as their resident IT authority. What usually happens is whoever is the most tech-knowledgeable in the office ends up being the in-house IT expert. 

“In today’s threat environment, every firm (regardless of size) needs bona fide cybersecurity experts to protect their clients, reputation and livelihood.”

All these approaches often come up short, but there are not many other options. Simply having the awareness can help you assess your current situation and see where you can complement with additional resources.

In today’s threat environment, every firm (regardless of size) needs bona fide cybersecurity experts to protect their clients, reputation and livelihood. The problem is, where are they?


Fortunately, it’s now easier than ever to find specialized help and activate safeguards. An impressive class of affordable, dedicated cybersecurity solutions has emerged, capable of defending your data from afar and monitoring your systems remotely without stepping foot on-site.

Not all such services are created equal, however. Before selecting a provider, make sure that it:

  • Accepts firms of your size: Many providers offer only enterprise solutions that are scaled and priced to larger businesses. If you’re a solo practitioner or a small to midsize firm, find a service that fits your staff. This can prove problematic since most MSPs have strict user and monthly spend minimums.
  • Integrates with your current IT solution: Many solutions will require all your IT environment to implement the security measures. If this fits your needs, great. If not, seek a solution that can complement your current scenario, whether it is in-house IT, MSP, hourly consultant or even the random tech-savvy family member or paralegal/IT expert.
  • Understands the legal field: Most professional security solutions are generically business-oriented — they are going after everyone, and they know next to little about the specific needs of a law firm. Heightened sensitivity of client data, inherent ethical obligations, bar association requirements, and case management software integration make law firm cybersecurity a specialized field.
  • Provides a turnkey solution: Hiring an expert should make your job easier, not force you to assemble more pieces. Ensure that your service performs as a coordinator of all security aspects.
  • Employs a proactive philosophy: Rather than passively waiting for an incursion, your security should continually monitor dark web channels (only one example) to determine whether credentials have been compromised. 
  • Uses a multilayered approach: No silver bullet defeats all digital threats — any serious cybersecurity outfit will integrate several tools to provide comprehensive protection (preferably curated from an array of best-in-class providers rather than a single proprietary source).
  • Prepares for the worst: No security plan is infallible, and yours needs to realize that. The best solutions include contingency protocols, off-site backups and cyber insurance — just in case. 

Don’t delay! Malware, ransomware, hackers and phishing scams may represent the greatest external danger to your network, but the most formidable threat resides right in your office: complacency.

I’ve witnessed too many firms clinging to life after catastrophic incidents while lamenting how they should have done more. With so much on your plate, it’s easy to ignore data security and simply hope that trouble won’t find you — until it’s too late. Waiting one day too long can find your firm among the growing number of hacked practices that have fallen victim to the fire. 

Legal managers are among the brightest, most competent and versatile professionals I work with, and sometimes the brightest move is admitting a need for help. When it comes to data protection, it’s time to hang up that hat and turn the task over to professionals.

Partnering with dedicated cybersecurity specialists not only protects your data, clients, lawyers and staff and covers your assets while providing peace of mind. It also frees up time to don other caps and focus on what you do best: running and growing the business.

At the very least, every law firm should have an outside cybersecurity professional regularly audit their network. Even if you trust your current approach, there’s no harm in verifying that you’re fully protected and that your defenses are up to date.

Heavy is the head that wears too many crowns — let a dedicated cybersecurity solution shield your practice, douse some flames and make your load a little lighter.