FREE FOR LAW FIRMS

Does your firm meet the ABA’s “reasonable efforts” standard?

Law firm cyberattacks doubled in 2025. Our free 10-point compliance checklist shows you exactly where your firm stands on client data protection — in about 5 minutes.

See the Checklist

No signup required. No sales pitch.

Why this matters right now

2x
Law firm cyberattacks in 2025 vs 2024

$4.2M
Average ransomware demand for professional services

$5.9M
Average data breach cost in professional services

29%
Of law firms have experienced a security breach (ABA)

ABA Rule 1.6 Compliance Checklist

10 items every firm should have in place. Walk through each one. If you’re unsure about any item, that’s a gap worth investigating.

1

Multi-factor authentication on all systems

Email, practice management (Clio, MyCase, etc.), document management, and remote access. A single compromised password should not equal full case file access.

2

Endpoint protection on every device

Every laptop, desktop, and phone that accesses client data — including attorneys’ personal devices used at home, court, or while traveling.

3

Email encryption and filtering

Attorney-client communications should be encrypted. Inbound email should be filtered for phishing. A ransomware group called “Chatty Spider” is specifically targeting law firms via social engineering.

4

Tested backup and disaster recovery plan

Not just “we have backups” — when was the last time you tested a full restore? Court filing deadlines don’t move because your server crashed.

5

Data encryption at rest and in transit

Client files should be encrypted on your servers and when transmitted. If a laptop is stolen, the data on it should be unreadable.

6

Access controls and role-based permissions

Not everyone needs access to everything. Paralegals, associates, and support staff should only access what their role requires.

7

Security awareness training for all staff

Annual training at minimum. Phishing simulations. Every person at the firm is a potential entry point — the receptionist included.

8

Incident response plan

If you discover a breach at 2am on a Friday, who do you call? What’s the notification timeline? Colorado has specific breach reporting requirements.

9

Cyber insurance with verified controls

Not just “we have a policy” — does your current security setup actually meet the policy’s requirements? Insurers are denying claims when controls are missing.

10

Documentation and audit readiness

Can you produce evidence of all the above if the bar, an insurer, or a client’s corporate counsel asks? Most firms can’t. This is where “reasonable efforts” gets tested.

What we typically find

“Most Denver law firms we review are solid on 6-7 of the 10 items. The gaps are usually in backup testing, endpoint protection on remote devices, and security documentation for insurance. These are invisible problems — the kind you don’t find until someone checks.”
— Chris Hale, CEO, Technology Response Team

Want a professional review?

If you walked through the checklist and weren’t sure about a few items, we can help.

1

Book 15 minutes

A quick call with our team. We’ll ask about your current setup.

2

We review the gaps

We check your firm against all 10 items and identify what’s missing.

3

Get a clear report

You walk away knowing exactly where you stand and what it would take to close any gaps. No obligation.

Not sure about a few items?

A 15-minute call can give you clarity. We work with several law firms in Denver and understand the specific compliance requirements your firm faces.

Book a 15-Minute Review

Free. No pitch. You keep whatever we find.