Book a free consultation call with an expert today!

Cyber security lessons for Law Firms

By virtuoso


May 8, 2022

Why it’s so important

For law firms the safety and security of their own and clients’ data is not only a legal and compliance requirement, it is also essential to their growth – and even survival. You only need to think of the recent  ‘Panama Papers’ hacking news story at the law firm Mossack Fonesca, which earlier this year announced it would cease trading, to appreciate just how important it is.

In 2013, Mossack Fonesca employed more than 600 people in 35 offices and ran its own internal IT operations for over 30 years. But the pace of technological change created vulnerabilities and in 2015, over 11 ½ million leaked files started the process that resulted in the dismemberment and closure of the firm.  Ironically, the journalistic team that broke the story used open source collaboration and eDiscovery software tools which are not dissimilar in concept to the software that also protects law firm’s data assets.

The best approach 

Whatever the strict letter of the law, our clients operate at the more salubrious end of the market than Mossack Fonesca. Still, with the rise of cloud computing, pervasive mobile devices and web-based applications combined with data access from anywhere means we have crossed a threshold of operational complexity and risk that makes it unwise or even foolhardy for non-specialist firms to attempt to manage their own cybersecurity.

Managing mission-critical IT operations securely and efficiently is now a job for dedicated specialist firms like Microsoft and other global leaders in cloud computing.  As the author of the article below Neal Suggs puts it, he is surprised that any law firm thinks they can do it “…better than hyperscale cloud providers like Microsoft and our peers… why would they think a law firm is better able to protect their information than a company that invests billions on cybersecurity every year? Or devotes armies of engineers to devising new ways to break and fix our products? Or is constantly evolving both threat detection and hardware patching techniques to become more efficient and faster at protecting against new and evolving threats?”


It is easy to be misled though, all of this applies to public clouds such as the ones provided by Microsoft, Google, IBM and so on (Virtuoso are expert in one of these cloud offerings, Microsoft). Private in-house clouds such as law firms or managed service providers with their own data centres, are a different matter entirely. As Gartner put it in the recent report, Clouds Are Secure: Are You Using Them Securely?, “The recent history of public clouds has demonstrated that brand-name, multi-tenant public cloud services are highly resistant to attack, providing a more secure starting point than most traditional in-house implementations.”

Ironically, avoidance of cloud services may even lead to unnecessary security risks, as organisations continue to rely on poorly managed in-house systems that often have more security vulnerabilities than their public cloud equivalents.

Next Steps

For advice and assistance with navigating the complexity of IT and for a customer service ethos that consistently wins plaudits from our customers contact Virtuoso IT.  In the meantime, you should start with the basics and that’s exactly what we’ll do if you contact us.  Do you enforce strong password policies, are you using 2FA (two-factor authentication), is your data encrypted at rest and in transit?  All these security features and many more are inherent in the Microsoft Cloud, security built-in by design.