Cybersecurity Basics for Law Firms
Trust and Readiness Checklist (Starter Edition)

This checklist is educational guidance from bb2Logic LLC.
It is not legal advice, regulatory advice, or a guarantee of compliance.

1) Access Control and Authentication
- Enforce multi-factor authentication across email, cloud storage, and critical systems.
- Review privileged access regularly and remove stale accounts.
- Use a password manager and prohibit password sharing.

2) Endpoint and Device Hygiene
- Maintain an inventory of firm-managed endpoints.
- Apply security patches on a documented cadence.
- Ensure endpoint protection and disk encryption are enabled.

3) Email and Communication Security
- Configure phishing and spam filtering controls.
- Document wire/payment verification procedures.
- Train attorneys and staff on suspicious message escalation.

4) Data Handling and Confidentiality
- Classify sensitive matter-related data.
- Restrict broad file-sharing permissions.
- Define secure retention and disposal workflows.

5) Incident Readiness
- Maintain a concise incident response checklist.
- Clarify escalation ownership and external contact pathways.
- Run tabletop drills at least annually.

6) Vendor and Third-Party Risk
- Track critical vendors and legal technology providers.
- Review vendor security practices periodically.
- Record decisions and exceptions in writing.

7) Audit and Evidence Readiness
- Maintain policy versions and control evidence history.
- Document exceptions and remediation timelines.
- Prepare concise summaries for partner and client review.

Need help prioritizing these controls?
Request a consultation: https://bb2logic.com/contact