How Law Firms Can Use AI Tools & vCISO Platforms To Mitigate Emerging Threats
By Mike Brimberry
Published July 9, 2024
Estimated Reading Time: 5 minutes

As a managing partner, principal, or senior IT staff at a law firm, you’re a prime target for cybercriminals. According to the American Bar Association (ABA), “25% of law firms have experienced a data breach at some point” and “over 36% of firms have reported some form of cyberattack.”  

For this reason, the ABA requires law firms to take intentional steps to protect client data under Rule 1.6 of the ABA Model Rules of Professional Conduct. This means putting into place intentional cybersecurity measures to prevent unauthorized access and disclosure of the data that your clients trust you to protect. 

How AI-Driven Tools Enhance Security 

For law firms needing to enhance their cybersecurity without the budget for full-time professionals, AI-driven tools offer practical and affordable solutions to help them improve security. Here’s how these tools can help: 

  • Identify Security Postures and Needs: As prescribed by the ABA, AI tools like our vCISO platform can quickly assess your law firm’s current security posture, identifying strengths and weaknesses. They provide specific controls necessary to comply with frameworks like GDPR, CCPA, and HIPAA, creating a clear roadmap from where you are to where you need to be. 
  • Implement Effective Controls: Once your security needs are identified, AI tools help implement the necessary controls and improve your security posture. As a Microsoft-based service provider, we at Model Technology Solutions trust AI tools like Microsoft Defender and Copilot for these tasks. These powerful tools help create and deploy security policies, ensuring your firm meets all regulatory requirements and is protected against emerging threats. 

Example 1 | Help Your Staff Keep Their Email Inboxes Secure 

Emails are the lifeblood of any law firm, and so email a primary entry point for cybercriminals. That’s why it’s crucial to train your staff to identify suspicious emails and understand what to open and what to delete right away. Here’s how AI-driven vCISO platforms and Microsoft tools can enhance email security awareness in your firm: 

  1. Identify Security Posture: Start by using a vCISO platform like our Cynomi platform to assess your current email security posture. The platform will highlight gaps and the need for security awareness training. 
  1. Implement Phishing Tests: Microsoft Defender offers built-in phishing testing tools. Send simulated phishing emails to see who needs additional training to identify and prevent these attacks. 
  1. Develop and Deploy Training: Once unaware employees are identified, use Microsoft Copilot to create and outline comprehensive email security awareness training. Educate your staff on recognizing phishing attempts, handling suspicious emails, and understanding the importance of email security. 
  1. Monitor and Improve: Document the training in the vCISO platform and monitor your security score. Your compliance rating will increase as your employees become more adept at handling email threats. 

Example 2 | Equip Your Team with Secure Legal AI Tools to Improve Productivity 

AI tools are becoming more common in legal services. 26% of lawyers are using AI monthly in their casework. However, while AI tools can enhance productivity and efficiency, they also introduce significant security challenges, particularly around client data. Tools like ChatGPT or legal-specific AI platforms are not inherently secure and using them without proper safeguards can expose sensitive information. That’s why it’s crucial to work with your senior IT staff to create a generative AI policy that ensures compliance and security. 

Here’s how you can use AI-driven vCISO platforms and Microsoft tools to develop and implement a robust generative AI policy: 

  1. Identify Your Firm’s Security Posture: Start by using a vCISO platform like ours to assess your firm’s current security posture. The platform will help you identify any gaps and specific areas where security measures need to be enhanced. 
  1. Identify the Need for a Generative AI Policy: The vCISO platform will highlight your need for a formal generative AI policy to achieve compliance. This policy is essential to manage the risks associated with using AI tools and to protect sensitive client data.  
  1. Create Policies and Controls: Use Microsoft Copilot to draft and implement comprehensive policies and controls to safeguard your firm’s sensitive data. These policies should adhere to best practices and frameworks, such as the NIST AI Risk Management Framework, ensuring that your AI use is secure and compliant. Here’s an example of what one might look like. 
  1. Monitor and Improve: Document the creation and deployment of your AI policies in the vCISO platform. As you implement these controls, track your security posture and compliance rating. You’ll see improvements as your policies take effect, providing continuous enhancement of your firm’s security, peace of mind about using AI, and even help you win new clients who value proof of data security. 

For more detailed guidance about securing AI, you can join our upcoming webinar to learn how to secure AI use at your firm. You an also read our blog post Generative AI Implications for Law Firms for a basic list of AI security best practices. 

Example 3 | Improving Data Protection with vCISO Portal + Purview 

Lawyers today must be very intentional about safeguarding the data they handle. Gone are the days when simply locking the office doors at night was enough. Now, with everything stored in the cloud, data security must be a top priority for compliance in legal services. Here’s how AI tools can help ensure robust data security: 

  1. Identify Data Protection Needs: Start by using your vCISO platform to assess your firm’s data protection needs. This involves identifying critical data assets and evaluating your current protection measures. The vCISO platform will help you pinpoint areas that require stronger security controls to comply with regulations like GDPR, CCPA, and HIPAA. 
  1. Identify Specific Data Protection Policies: Use the vCISO platform to determine the specific data protection policies needed to achieve compliance. This could include data loss prevention (DLP) policies and other critical security measures that safeguard client information. 
  1. Implement Data Protection Policies: With the assessment complete, use Microsoft Purview to implement robust DLP policies. Purview helps classify and protect sensitive information, ensuring compliance with regulations. Microsoft Copilot can assist in outlining and deploying these policies effectively, providing clear guidelines and automated enforcement to protect data. 
  1. Monitor and Improve: Document the creation and deployment of your data protection policies in the vCISO platform. Track your security posture and compliance rating as these policies are implemented. You’ll see improvements as your data protection measures take effect, helping your firm stay secure and compliant. 


The American Bar Association (ABA) mandates that law firms take intentional steps to protect their clients and data, as they are prime targets for cybercriminals. Many firms need to meet legal compliance standards but lack the budget for a full-time Chief Information Security Officer (CISO) to help their firm improve substantially. 

At Model Technology Solutions, we help bridge the gap between need and budget by offering tailored cybersecurity solutions designed specifically for small and mid-sized law firms like yours. Our vCISO platform helps you assess security, implement controls, and ensure compliance with standards like GDPR, CCPA, and HIPAA cost-effectively and with a trusted partner guiding you as you use it. 

We’re also hosting an upcoming webinar on July 16th, 2024, specifically made for managing principles of law firms and their senior IT staff to learn how to leverage AI securely and effectively. 

In whatever capacity – through our blog posts, webinars, or vCISO services – our goal is to help you serve the clients who you represent by reassuring them that their data will be safe. Your clients are your top priority, and we’re honored to help in any way we can to help you make them feel more confident and secure. 

Article By Mike Brimberry
Mike is the Director of Cybersecurity at Model Technology solutions. Mike has over 20 years working experience for large and small organizations in service desk, endpoint management, data center, cloud, Cybersecurity, IT leadership and service delivery. He loves to travel, cook, listen to beach music, and he's a self-proclaimed Disney expert in addition to his numerous other areas of expertise. He currently lives in southern Illinois with his wife and 5 kids.

Related Posts