What does the Law Firm Cybersecurity Assessment cover?

Twenty-four questions across six domains: Client Confidentiality & Privileged Data, Identity & Microsoft 365 / Email Security, Wire Fraud / BEC / Trust Account Protection, Ransomware / DMS / eDiscovery Resilience, Incident Response & Compliance Readiness, and Third-Party Vendors & Vulnerability Management. Each answer maps to a maturity level (Initial, Developing, Managed, Optimized) and references ABA cybersecurity guidance, the CIS M365 Benchmark, NIST CSF 2.0, CISA #StopRansomware, and state breach-notification statutes.

How long does the assessment take?

About ten minutes. You can stop at any point — your answers are scored locally in the browser and never leave your device until you choose to request a report.

Do I need to give an email address to use it?

No. The assessment runs entirely client-side. If you want a written report and a 30/60/90-day plan from our team, you can request one at the end — but the score itself is yours immediately.

Is this a substitute for a formal audit, pen test, or ethics opinion?

No. It is a fast, honest self-check — meant to surface the obvious gaps before a client outside-counsel security questionnaire, a cyber-insurance renewal, or — worst case — a wire-fraud or ransomware event. A formal risk assessment, pen test, or ethics review is a separate engagement.

Law firms · Self-assessment · Free

Law Firm Cybersecurity Assessment.

Twenty-four questions across the six domains that decide whether privileged client data stays where it belongs — Client Confidentiality, Identity & M365, Wire Fraud & BEC, Ransomware & DMS Resilience, Incident Response & Compliance, and Third-Party Vendors & Vulnerability. About ten minutes. No email required to see your score.

References ABA cyber guidance, CIS M365, NIST CSF 2.0, CISA
Maturity scored Initial → Optimized per domain
Scoring runs locally in your browser
Optional written report + roadmap on request

Client Confidentiality & Privileged Data Identity & Microsoft 365 / Email Security Wire Fraud, BEC & Trust Account Protection Ransomware, DMS & eDiscovery Resilience Incident Response & Compliance Readiness Third-Party Vendors & Vulnerability Management

Question 1 of 24 0%

What it covers

Six domains. Twenty-four honest questions.

Built around the threat picture law firms actually face: ransomware on the document management system, BEC and wire fraud rerouting settlement and trust funds, third-party DMS and eDiscovery exposure, and the client outside-counsel guidelines and cyber-insurance applications that expect documented evidence. The score gives partners a place to start the conversation — not the conversation itself.

Client Confidentiality & Privileged Data

How privileged communications, matter files, and client NPI are classified, encrypted, and kept inside the controls your engagement letters promise.
Identity & Microsoft 365 / Email Security

MFA, Conditional Access, and the Microsoft 365 hardening that protects partner mailboxes, document management, and remote attorneys from account takeover.
Wire Fraud, BEC & Trust Account Protection

The Microsoft 365 hardening, payment-verification controls, and trust-account guardrails that close the doors attackers use to reroute settlement, escrow, and IOLTA funds.
Ransomware, DMS & eDiscovery Resilience

EDR coverage, immutable backups, and tested restores for the document management system, matter files, time and billing, and eDiscovery platforms a firm cannot operate without.
Incident Response & Compliance Readiness

What happens between the alarm and the client / state notification — including state breach-notification timelines, ABA ethics duties, and cyber-insurance readiness.
Third-Party Vendors & Vulnerability Management

DMS providers, eDiscovery platforms, co-counsel, and the patching cadence that keeps client questionnaires — and attackers — from finding the gaps first.

FAQ

About this assessment

Don't see your question? Talk to a real person — 833-92-CYBER.

What does the assessment cover?

Twenty-four questions across six domains: Client Confidentiality & Privileged Data, Identity & Microsoft 365 / Email Security, Wire Fraud / BEC / Trust Account Protection, Ransomware / DMS / eDiscovery Resilience, Incident Response & Compliance Readiness, and Third-Party Vendors & Vulnerability Management. Each answer maps to a maturity level (Initial, Developing, Managed, Optimized) and references ABA cybersecurity guidance, the CIS M365 Benchmark, NIST CSF 2.0, CISA #StopRansomware, and state breach-notification statutes.
How long does it take?

About ten minutes. You can stop at any point — your answers are scored locally in the browser and never leave your device until you choose to request a written report.
Do I need to give an email address?

No. The assessment runs entirely client-side. If you want a written report and a 30/60/90-day plan from our team, you can request one at the end — but the score itself is yours immediately.
Is this a substitute for a formal audit, pen test, or ethics opinion?

No. It is a fast, honest self-check — meant to surface the obvious gaps before a client outside-counsel security questionnaire, a cyber-insurance renewal, or — worst case — a wire-fraud or ransomware event. A formal risk assessment, pen test, or ethics review is a separate engagement.

Talk to a real engineer

Want a partner who knows what your clients' security questionnaires actually ask for?

Whether you're shoring up after a phishing scare, fielding a Fortune 500 client security addendum, renewing cyber insurance, or scoping a managed SOC for the firm — we can help.

Schedule a discovery call Call 833-92-CYBER

Law Firm Cybersecurity Assessment.