Law Firm Cybersecurity Assessments

Security is hard enough without being in the cross hairs of nation state hackers. However, that comes with the territory for law firms, who handle the strategic information cyber-attackers crave. Even using next generation security measures, adversaries with the time, resources and skills are ruthless in their persistence and ingenious in their techniques.

Many firms fall into the trap of over-investing in technology courtesy of the advice of security product vendors – looking for a panacea that simply does not exist. A more holistic approach is needed. The key ingredients are: strong executive committee support, a security program and an on-going assessment of cyber risk. John Reed Stark Consulting, together with long-time partner KoreLogic Security, can perform a customized law firm security assessment designed to assist law firms by helping them to shore up their cybersecurity defenses; improve their incident response capabilities; and protect their client's data as follows:

  • Determine how resistant a law firm is to attack with penetration testing customized to the law firm’s needs. The testing can be designed to target critical and confidential information unique to law firms such as materials subject to attorney work product protections or attorney-client privileged communications relating to litigation, transactions, intellectual property and other highly sensitive and central subject areas. Ultimately, we will gauge if a law firm can effectively detect or respond to a simulated attack;

  • Assess the security of critical software used by a law firm, such as case management programs, e-discovery tools, client management systems, business development platforms and other specialized technologies crucial to a successful law firm practice;

  • Help support the development of a healthy risk aware culture with knowledge transfer to partners, associates, legal assistants, executive assistants as well as operational and technology support staff;

  • Examine specifically how confidential legal information (from documents and PowerPoint decks to spreadsheets and databases) are currently stored and protected, using a combination of threat analysis, security architecture review and password recovery; and

  • Translate the results of testing, assessments and analysis into realistic and practical recommendations custom designed for law firms, organized as quick wins, critical risks and relative strengths.

Learn More

For more information about John Reed Stark’s capabilities and expertise, review his recent articles and webcasts on cybersecurity and incident response in his Publications and in his blog, entitled Stark on IR. You can also see a few sample articles and webcasts at:

Article | Law Firms and Cybersecurity: A Comprehensive Guide for Law Firm Executive Committees

Webcast | What Every CFO, GC and CCO Needs to Know About Penetration Testing and Risk and Security Assessments

Webcast | Law Firms Under Cyber-Siege — How Law Firms Can Manage Data Breach Risks and Thrive Amid Cybersecurity Solutions

About John Reed Stark

John Reed Stark's Profile Image John Reed Stark President of John Reed Consulting LLC. Served for 15 years as an SEC enforcement attorney leading cyber-related projects, investigations and enforcement actions; For 11 years as Founder/Chief of SEC Office of Internet Enforcement; For 15 years as Adjunct Professor at Georgetown University Law School teaching cyber law; For 10 years as a Guest Instructor at the FBI Academy; For 5+ years as Managing Director (three as head of the Washington, D.C. office) of Stroz, Friedberg, a global digital risk management firm, leading cybersecurity, incident response and digital compliance engagements for corporations. Appointed since 2017 as Senior Lecturing Fellow at Duke University Law School teaching law of cybersecurity and data breach response. Author of The Cybersecurity Due Diligence Handbook.