Legal & Law Firms

IT Built Around
Attorney-Client Privilege

Your clients trust you with their most sensitive matters. Lewis IT builds the technology infrastructure that protects that trust — from encrypted communications to access-controlled document systems, designed around ABA confidentiality requirements.

The Compliance Landscape for Law Firms

Law firms face a unique intersection of ethical obligations and regulatory requirements. Your IT must satisfy all of them.

ABA Model Rule 1.6

Confidentiality of Information

Requires attorneys to make reasonable efforts to prevent unauthorized disclosure of client information. The ABA has clarified this extends to electronic communications, cloud storage, and third-party vendors including your IT provider.

ABA Model Rule 1.1

Competence & Technology

Requires attorneys to keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology. Knowingly using insecure technology may constitute a competence violation.

Maryland PIPA & Other Laws

State & Federal Obligations

Depending on practice area — HIPAA for health law, GLBA for estate and financial planning, FERPA for education law, and Maryland’s Personal Information Protection Act for breach notification obligations.

Sound Familiar?

These are the IT problems law firms in Southern Maryland come to us with most often.

Privileged Communications Sent via Unencrypted Email

Attorneys routinely email sensitive case documents, settlement details, and client strategy with no encryption. A single compromised inbox exposes not just one client — but everyone in your contact list.

Former Staff Still Has Access to Client Files

Paralegal turnover is high in small firms. Without a formal offboarding process, former employees walk out with active credentials to your case management system, document storage, and email.

No Written Security Plan on File

State bar ethics opinions increasingly expect firms to have documented security policies. Without one, a breach doesn’t just expose clients — it exposes you to disciplinary proceedings for failure to take reasonable precautions.

Remote Access Without Proper Controls

Attorneys accessing case files from home, the courthouse, or client sites on personal devices with no encryption, no MFA, and no remote wipe capability creates exposure that’s difficult to defend under Rule 1.6.

Ransomware Targeting Your Case Management System

Law firms are high-value ransomware targets because of the sensitive client data they hold and their deadline-driven operations. Attackers know you’ll pay to get your case files back before a court date.

Wire Transfer Fraud in Client Transactions

Attorneys handling real estate closings, settlements, and trust disbursements are prime targets for business email compromise. A spoofed wire instruction can redirect client funds with no recourse after the transfer clears.

How We Protect Your Practice

Everything we deploy is selected with Rule 1.6 and your state bar’s technology guidance in mind.

Encrypted Communications

Email authentication, encryption in transit and at rest, and secure client portals for document exchange — so privileged communications stay privileged.

Access Controls & MFA

Role-based access to case management systems and document storage, with multi-factor authentication enforced across all accounts — including remote access.

Same-Day Offboarding

Automated credential revocation the moment an employee departs — no more former paralegals with active logins to your client files.

Endpoint Protection & Encryption

Full-disk encryption and advanced threat detection on every attorney laptop and desktop — including remote wipe for lost or stolen devices containing client data.

Written Security Plan

A documented information security program covering risk assessment, employee training, incident response, and vendor management — the documentation your state bar expects you to have.

Wire Fraud Prevention

Email authentication, anti-phishing protection, and callback verification procedures for wire transfers — so spoofed wiring instructions don’t redirect client funds.

Common Use Cases

Secure Client Portal
Encrypted Email
Access Control
Staff Offboarding
Written Security Plan
Endpoint Encryption
Wire Fraud Prevention
Ransomware Protection
Remote Work Security
Incident Response Plan

Frequently Asked Questions

Do you sign a Business Associate Agreement or confidentiality agreement?

Yes. We understand that your IT provider has access to systems containing privileged client information. We’re prepared to execute appropriate agreements to satisfy your ethical obligations under Rule 1.6 and any applicable state bar guidance.

Do you work with solo practitioners or only larger firms?

Both. Our managed IT services scale from solo practitioners to multi-attorney firms. Compliance obligations don’t scale with firm size — a solo practitioner handling sensitive client matters needs the same security fundamentals as a ten-attorney firm.

Can you help us meet our state bar’s technology guidance?

Yes. Maryland’s state bar ethics opinions and the ABA’s formal guidance on cloud computing and technology both inform how we build security programs for law firms. We’ll build a documented program that satisfies the “reasonable measures” standard.

What happens if we have a breach?

Your written security plan — which we build and maintain — includes an incident response procedure. We’ll contain the incident, document the scope, and help you navigate Maryland’s breach notification requirements and any bar notification obligations.

Do you support specific legal practice management software?

We work with a wide range of legal practice management platforms and can integrate our security stack around your existing software. If you’re evaluating new systems, we can advise on the security posture of available options.

Protect Your Clients. Protect Your Practice.

Start with a free 30-minute IT assessment. We’ll review your current setup and identify where your practice is exposed — no obligation, no sales pitch.