Computer Forensics Lab
Computer Forensics Lab
Digital forensics · Since 2007
← Blog·Guides·01/02/2026

Cybersecurity for solicitors: the 2026 UK guide.

Cybersecurity for solicitors and law firms.

The professional obligations to protect client information have not moved. The threat environment has. Law firms are a routine target for ransomware, business email compromise and supply chain attacks against practice management software. The controls needed to meet the obligations are neither exotic nor expensive.

The baseline every firm should meet

  • Multi factor authentication on every account, without exception.
  • Timely patching of client facing systems and endpoints.
  • Encrypted backups tested by actual restoration, not just by the vendor's dashboard.
  • A written incident response plan with named roles and retained specialists.
  • Regular, short, mandatory training on phishing and payment fraud.

The failures we see most often

Shared accounts, missing MFA on legacy systems, unrestricted forwarding rules on partner mailboxes, and backups that turn out to be encrypted by the attacker along with everything else. Every one of these is straightforward to fix in advance, and painful to explain in retrospect.