Cybersecurity
Cybersecurity essentials for LA law firms
What Rule 1.6 and ABA Opinion 483 mean for LA attorneys.
The threat picture for LA law firms
California law firms are a top-five target for financially motivated attackers, and Los Angeles specifically concentrates the two ingredients criminals want: high-value M&A, entertainment and real-estate matters, and thousands of small-to-midsize practices that historically underinvest in security. The California Bar's competence rules (Formal Opinion 2010-179 and its successors) make cybersecurity a professional obligation, not an IT preference.
This guide is a practical baseline — the controls a 5-to-75-attorney LA firm should have in place before the end of the current fiscal year.
1. Identity is the perimeter
Roughly 80% of the incidents we see at LA firms start with a credential — phished, reused, or bought on a criminal marketplace. Non-negotiable identity controls:
- Phishing-resistant MFA on email, VPN, document management, and time & billing. SMS codes are no longer sufficient.
- Conditional access that blocks logins from countries where the firm has no clients or attorneys.
- Privileged accounts separated from daily-use accounts, with just-in-time elevation.
- Quarterly access reviews — most firms discover terminated staff still have logins somewhere.
2. Email is still the front door
Business email compromise (BEC) fraud in real-estate closings has hit multiple LA firms in the last 24 months, often for six or seven figures. Wire fraud on a client trust account is career-ending. Table stakes:
- DMARC set to
p=reject, DKIM and SPF fully aligned. - Inbound protection that inspects attachments in a sandbox and rewrites URLs.
- Impersonation protection tuned to your named partners and finance staff.
- A written wire-verification protocol — voice callback to a known number, always, no exceptions.
3. Endpoint and data protection
Every laptop and desktop should run modern EDR (not signature-based AV), with full-disk encryption enforced by policy and remote-wipe available. Document management systems should log every access and export. If your DMS can't produce a per-matter access report for the last 90 days on demand, that is a discovery-response gap.
4. Backups you have actually tested
Backups that have never been restored are not backups; they are hope. Every firm should:
- Keep immutable, off-tenant copies of email, DMS, and finance systems.
- Run a quarterly restore test of at least one production matter.
- Retain backup copies for the length of your longest matter, not the length of your subscription default.
5. Incident response before the incident
The California Attorney General publishes annual breach reports; the median cost of a breach at a small firm now exceeds $175,000 once you count forensics, notification, credit monitoring, malpractice premiums and business interruption. Every firm should have:
- A named incident commander and a printed contact tree (attackers often take email offline first).
- A retainer with a breach-coach attorney and a DFIR firm — retainers are much cheaper than emergency hourly rates.
- A cyber insurance policy read carefully for sub-limits on social-engineering fraud and ransomware.
- A written communication plan for clients, opposing counsel, and courts if a matter is delayed.
6. Training that matches how attorneys actually work
Generic phishing training doesn't move the needle at law firms because attorneys are trained to click on documents from strangers — it's the job. Effective programs use realistic scenarios (fake court notices, fake opposing counsel, fake wire instructions) and measure click rates by practice group, then coach outliers privately.
What "good" looks like at an LA firm
You have named accountability for security at the partner level. You can produce, on demand, an access log for any matter, a restore test from the last quarter, and a current MFA-coverage report. Your wire-verification protocol has been used in the last month. Your insurance policy actually covers what you think it covers. You have a rehearsed 3am plan.
If your firm can't yet say yes to all of that, prioritize in that order. Our directory lists providers who specialize in California legal work and can help you close the gaps.