A boutique litigation and corporate law firm in the New York Metro Area — 3 partners and 22 staff managing confidential client matters, privileged communications, and sensitive financial and legal documentation under strict attorney-client privilege and ABA data protection obligations.
Staff protected
Critical gaps closed
Cyber insurance reduction
From assessment to remediation
The Challenge
When this boutique litigation firm’s cyber insurance carrier sent their annual renewal questionnaire, the managing partner answered it the same way he had the previous two years — quickly, with the assumption that their IT situation was roughly adequate. This year, the carrier pushed back. Based on the responses, the renewal would be declined unless the firm could demonstrate remediation of several flagged security deficiencies within 60 days.
The managing partner hired Solved IT to run the assessment. What the assessment found was not unusual for a law firm of this size — it was simply the accumulation of years of reactive, unmanaged technology decisions. None of the firm’s 25 staff accounts had multi-factor authentication enabled. Email security had no anti-phishing controls and no filtering beyond the default Microsoft settings. Endpoint protection was a consumer antivirus product on some machines and nothing on others. There was no documented backup and recovery plan. And a dark web scan of the firm’s domain returned 11 exposed staff credential sets — email addresses and passwords available for purchase on criminal marketplaces, some of which had been there for over a year.
Beyond the insurance renewal, the ABA’s cybersecurity guidance and most malpractice carriers now require law firms to demonstrate reasonable security measures for client data. The firm had no documented security program, no incident response plan, and no way to demonstrate due diligence if a breach occurred and a client brought a claim.
The timeline was 60 days. The stakes were both the insurance renewal and the firm’s professional liability exposure.
What Solved IT Did
Solved IT began with a full cybersecurity assessment — reviewing every system, account, and configuration across the firm’s environment, running the dark web credential scan, and mapping every finding to the specific insurance carrier requirements and ABA guidance categories. Within five days, the managing partner had a complete remediation roadmap with every gap documented, prioritized, and priced. We started building it the same week.
Cybersecurity Assessment & Program Documentation Our CISSP-certified team conducted the full technical assessment and produced the documentation the insurance carrier required — a formal risk assessment, a written information security policy, and an incident response plan tailored to the firm’s size and practice areas. These documents don’t just satisfy an insurance questionnaire: they establish the firm’s defensible security posture if a breach ever results in a client claim. The LCCA credential on our team — the Lead CMMC Certified Assessor designation from ISACA — brought a depth of compliance framework expertise to the assessment that goes well beyond standard MSP security reviews.
Dark Web Credential Remediation The 11 exposed credential sets were addressed immediately — affected staff were identified, passwords were force-reset, and MFA was enforced across all 25 accounts before any other remediation work began. Dark web monitoring was deployed on the firm’s domain, providing ongoing surveillance and immediate alerting if any staff credentials appear on criminal marketplaces going forward. The managing partner now receives a monthly dark web report as part of the managed services engagement.
Microsoft 365 Security Hardening The firm was already using Microsoft 365 but with almost none of its security features configured. We implemented MFA across all accounts, deployed Microsoft Defender for Business across all endpoints, configured anti-phishing and anti-spoofing policies on the firm’s email domain, enabled audit logging across all mailboxes and SharePoint activity, and configured DLP policies to flag potential exfiltration of documents containing privileged matter information. The firm’s Microsoft 365 environment went from a default configuration to a security-hardened deployment aligned with the insurance carrier’s requirements — without any change in the applications staff used daily.
Endpoint Protection & Patch Management Consumer antivirus was replaced with SentinelOne endpoint detection and response across all 25 workstations — providing behavioral threat detection, automatic isolation of compromised endpoints, and forensic-quality incident logging. Patch management was brought under centralized control, ensuring operating system and application updates deploy on a documented schedule rather than whenever individual staff members happen to click “remind me later.”
Backup & Disaster Recovery The firm had no tested backup. We implemented Acronis cloud backup across all workstations and the firm’s SharePoint environment — with encrypted offsite retention, point-in-time recovery to 30 days, and a documented monthly restore test. The backup plan and test results are included in the firm’s written security program documentation.
Managed IT Following remediation, Solved IT assumed full managed IT responsibility for the firm — providing helpdesk support with an under one-hour response SLA, ongoing patch management, security monitoring, and quarterly security reviews. The managing partner has a named contact, a monthly report, and no more IT decisions made by whoever happens to know the most about computers.
The Results
- Cyber insurance renewed — 34% premium reduction — carrier accepted the remediation documentation and issued renewal at a significantly reduced rate, reflecting the demonstrably improved security posture
- 14 critical security gaps closed in 4 weeks — every insurance carrier finding and ABA guidance gap addressed within the 60-day deadline with documented evidence of remediation
- 11 exposed credential sets remediated — all dark web exposures addressed; ongoing monitoring active with zero new exposures in 12 months since deployment
- MFA enforced across all 25 accounts — from zero MFA coverage to 100% enforcement, including partners, associates, paralegals, and administrative staff
- Written security program in place — formal risk assessment, information security policy, and incident response plan documented and available for carrier, malpractice insurer, or client review on demand
- Full managed IT coverage from a single partner — helpdesk, endpoint management, patch management, dark web monitoring, and quarterly reviews under one flat-rate engagement
