Contact Us

Math Captcha   18 + = 19

* Required Fields

Contact Us

Cyber Security Fast Facts for Law Firms

May 24, 2017
By John P. Torres and Kenneth C. Citarella

Applying some basic legal skills can be really helpful for law firms as they move forward with their cyber security priorities. Lawyers tackle new matters all the time and no two cases are alike. There are factual issues to master, legal research to conduct and a plan to prepare to guide the transaction of litigation. Making assumptions, even when based on past experience, can be a serious error for a lawyer. A fresh case requires a fresh mind.

That same attitude can successfully guide a law firm on the path to cyber security.

Start with being certain you understand the facts of your cybersecurity “case”. Cyber security is all about protecting the information that sits within your computer network, including the equipment in your office(s), cloud storage and portable devices. So, a law firm has to master the following sets of facts:

  • How do you work? – Be sure you really understand how the firm functions as a business enterprise. What types of employees do you have? What do each of them do? How does information travel among them? This concerns all the nuts and bolts of business operations.
  • What data do you have? – This is likely to be a longer list than you think. There is client data, case data, employee data, payroll data, draft documents, closed case files, etc. Make sure you identify every variety.
  • Where is your data? – This is a tricky one. Data will migrate to every conceivable part of your network, as files get created and updated, and as email attachments. This is why understanding how you operate is so important. Unless you can answer that question, you will never answer this one.
  • Who has access to your system and your data? – A basic premise of cyber security is the idea that no one should have access to files or software who does not need to have access to them in order to do his or her job. Identify all your users, determine what they must have access to and prepare to block their access to everything else.
  • How do you access your system and your data? – The answer to this question includes your log-in procedures in the office and from remote locations. Does the firm provide smartphones or do employees provide their own? Can you insert a USB drive into a device connected to your network? Do employees use public wi-fi systems to connect while traveling? Can they log in from their home computers? Here again, the “how do you work” question looms large.

Achieving a deep understanding of the facts of your cyber security “case”, will naturally expose some of the vulnerabilities you face. They will mean even more to the “expert witness” you should retain to help you win this case.  Just like in any case in which real expertise is needed to help present and interpret the facts, you need a cyber security consultant on your side. Ideally, retain the expert as early as you can while assembling the facts and allow him or her to guide and assist with the process.

Now that you know the facts, you can proceed on to the equivalent of your legal research, determining the best operational and technological steps to improve your cyber security.

For more information, please view our webinar:

About the authors

Torres_webJohn Torres
Chief Operating Officer, STC and President, Federal Practice

John P. Torres has extensive investigative and security experience. Previously, he served as the Special Agent in Charge for Homeland Security Investigations in Washington, D.C. and Virginia. His background includes more than 27 years of experience providing investigative and security management for the U.S. Departments of Homeland Security and Justice, including serving as the Acting Director and the Deputy Director of U.S. Immigration and Customs Enforcement. John can be reached at


Kenneth C. Citarella has more than 30 years of experience investigating and prosecuting white collar crime and computer crime. Previously, he had a distinguished 28-year career as a prosecutor in the Westchester County, New York District Attorney’s Office. A pioneer in computer crime prosecution, Mr. Citarella obtained convictions for computer intrusions, malicious software attacks, a software time bomb, spamming, digital child pornography, and the use of the Internet for child exploitation, among other cases. Kenneth can be reached at


Please enter your email to subscribe. By doing so, you are opting-in to receive news from Guidepost Solutions LLC.

Math Captcha   98 − = 91