Cybersecurity training built for law firms in the Silent Ransom Group era.

The Silent Ransom Group (SRG) is a threat actor that has claimed at least 38 law firms as of May 2026, according to an FBI Private Industry Notification. Unlike traditional ransomware groups, SRG uses social engineering and physical infiltration to exfiltrate data — no malware, no encryption. Law firms are targeted because they hold high-value privileged data (M&A deal terms, litigation strategy, client financials) and typically have weaker security controls than their clients. The Figure Technologies breach in February 2026 — where a vishing call bypassed Okta SSO — demonstrates the same attack pattern is hitting tech companies too, and law firms are equally exposed.

Yes. ABA Model Rule 1.6(c) requires lawyers to make reasonable efforts to prevent unauthorized disclosure of client information, and Comment 8 to Rule 1.1 extends the duty of competence to technology — including understanding digital communication risks. Most state bars have adopted similar requirements. Most state bars have adopted similar requirements. A documented training program is also your best defense in a malpractice or bar disciplinary proceeding after a breach. The $8M Orrick settlement and class action against Wacks Law Group illustrate the real financial and reputational stakes.

General phishing training covers credential harvesting and abstract threat patterns. Partner phishing training is built around the exact scenarios law firm partners face: attorney impersonation to redirect closing wires, fake DocuSign requests from opposing counsel, ransomware disguised as court filing notifications, and vishing calls from someone claiming to be IT support. Partners handle the highest-value transactions and receive the most targeted impersonation attempts — they need scenario-specific training, not generic password advice.

Law firm incident response must account for attorney-client privilege during forensic investigation, state bar notification timelines (which vary from 30 to 72+ hours depending on jurisdiction), client notification obligations, and the risk of spoliation if the firm doesn't follow proper evidence preservation protocols. A generic IR plan doesn't cover these nuances. Our training walks through the specific decision tree: who to call first (forensic counsel vs. IT), how to preserve privilege in the investigation, and the notification checklist sorted by state jurisdiction.

A wire fraud attack doesn't necessarily touch the IOLTA account directly — attackers redirect confirmations and change vendor ACH details through the firm's email system. The funds leave through a legitimate-looking transaction. The FBI reports wire fraud losses are recovered in fewer than 30% of reported cases. Training your team to verify wire instructions via phone call — every time, without exception — is the single most effective control. Our wire verification drill is included in all three tiers.

In February 2026, ShinyHunters used a vishing (phone-based) call to convince Figure Technology's IT help desk to reset MFA — bypassing Okta SSO entirely and exposing 967,200 customer records. The same vishing technique was documented in the FBI's Silent Ransom Group warning to law firms. Help desk staff at law firms are the direct equivalent: if an attacker can call your receptionist or IT help desk, impersonate an attorney, and get an MFA reset or VPN credentials — they bypass every technical control you have. Our training covers help desk MFA reset protocols specifically.

Most firms are fully trained within 5–7 business days of booking. Personal tier sessions can be scheduled within 48 hours. Business tier includes a 15-minute intake call to confirm headcount and practice area, then the 2-hour live Zoom webinar is scheduled at your convenience. Sessions are recorded for staff who can't attend live. Book directly via the Calendly links above — no sales call or proposal process required.