Mid Sized Law Firm

A mid-sized law firm handling confidential client information recognized it had been exposed to
increased and significant cybersecurity threats. With the increasing frequency of data breaches,
ransomware attacks, and the potential legal and reputational consequences, the firm decided to
proactively review its current cybersecurity measures and invest in developing a comprehensive
cybersecurity program to protect its client data, maintain professional integrity, and comply with
data protection regulations.

Law Firm
  • The team held a kickoff meeting with all stakeholders including but not limited to client leadership, client technical representatives. The purpose of the meeting was to agree on the project scope. Rules of Engagement (ROE) and reporting requirements.
  • The team requested and reviewed all current cybersecurity and IT related documentation, interviewed relevant stakeholders and spent considerable time understanding the firm’s current business processes and workflows.
  • The team reviewed prior quarterly vulnerability assessment results, prior annual penetration scans
  • The team identified significant areas for improvement including but not limited to: configuration gaps in a number of the clients cloud platforms, lack of uniformity in security configurations of employee equipment, insufficient employee training, weak password policies, inadequate data encryption at rest and in transit, outdated software instances and an ad-hoc patching cycle which left critical system exposed.
  • The team created a 12 month cybersecurity roadmap that included activities to improve the cybersecurity posture of the firm.
  • The team deployed a continuous vulnerability assessment solution, a ransomware solution and scheduled routine activities such as: periodic cybersecurity awareness training, annual table top exercises, phishing simulations, SAAS security configuration reviews & quarterly penetration testing.
  • The team implemented a robust data backup strategy to ensure the availability of critical data in the event of a disruption.
  • The team developed a cybersecurity incident response plan and data breach notification letter template and data breach checklist.

Praxtion helped the client reduce its cybersecurity spend, improve its cybersecurity posture, educate the lawyers and staff and made sure they were prepared to respond to a potential cybersecurity incident