Attention March 13th, 2024 Webinar Attendees, please click here to complete our Survey or Attendance Verification and Credit Request Form. (required for CLE credit)

How to Keep Your Law Data Safe in the Cloud

Last update





Print Friendly, PDF & Email
Looking for some cloud cover? This will help.

By Craig Petronella, CEO Petronella Technology Group Inc.

When a law firm is moving from in-house data storage to the cloud, it should start with a security risk assessment.

This is similar to what you did when you set up your computer system. In the cloud, your cybersecurity needs to be configured from the ground up inside the provider’s dashboards. While you can re-purpose your existing security software, different types of security, policies, and procedures may be needed. Based on the cloud provider you select, there should be different risk assessments to verify the security protocols, policies and procedures of those whom your firm works with.

For smaller law firms using cloud solutions like Office 365, for example, in addition to a platform they need to have their cloud settings configured properly so there are no gaps creating vulnerabilities. They need to do penetration assessments. Firms that allow mobile devices access to their systems need to be configured properly and set up for encryption.

Want to attend a free CLE webinar on “Top 10 Things to Prevent a Data Breach?” It’s just one of the many benefits of membership in the Alta Pro Lawyers RPG. Find out how to join here.

Big Hosts Don’t Always Mean Big Security
There is a common misconception that if you are hosting with Microsoft or Amazon or one of the other big providers, all your troubles will go away. That’s not exactly true.

Two law firms recently had their trust accounts hijacked through wire fraud. The users were tricked with a phishing e-mail, then their settings were misconfigured. The settings could have been hardened to make it tougher for the hackers to get in.

Using the cybersecurity that comes with the cloud storage software without any upgrades puts your system at very high risk of exposure. See the most recent news postings on default router and IoT device settings. The defaults don’t cut it.

Why You Need an Expert
Cybersecurity is not “one size fits all,” but you can do some things to heighten the security of your platforms that are public. If you read the terms and conditions of Microsoft and Amazon, they are not responsible for how you configure your controls. They give you the platform, but you still need to know what you are doing. You need to have an expert configure it all, assess the security assessment on those platforms. Plus you need checks and balances.

A freelancer who handles your IT may be an excellent resource for support or general helpdesk support, but not cybersecurity.

A cybersecurity expert can help you through the maze of what your law firm specifically needs to do, analyze what technology you are using, what software packages you are using, what vendors you are using. It’s like the doctor analogy, if you have cancer you would not treat yourself for it.

The cost for analysis can range widely. An expert could tell you what needs to be fixed and provide options on other types of assessments and remediation. It’s like going to your GP to get initial tests done and a first diagnosis. Then the GP sends you to a specialist

Training is Essential
Many cybersecurity breaches are the result of human error when established procedures are not followed. Training your staff should always be an essential element of your cybersecurity system. When you move to the cloud, you will need to train your team on any new protocols. This is also an opportunity to reinforce security procedures you already have in place.

Want a Pro Practice Partner that’s available 24/7? Join the Alta Pro Lawyers RPG for tech tools and risk management resources. Learn more here.

About the Author

Craig A. Petronella is the CEO of Petronella Technology Group Inc, which specializes in helping law firms with security and compliance. With 30 years of experience, he is the author of the Amazon bestsellers “How Hackers can Crush your Law Firm,” Peace of Mind Computer Support” and other titles. MIT Certified: AI, Blockchain & Hyperledger. Phone: 919-601-1601; Helpdesk Support: 919-422-2607. For more information about a cyber-crime risk assessment call: 1-877-468-2721


Print Friendly, PDF & Email

Related Posts on!

Alta Pro Logo Icon

About the Editorial Staff

In an age of consolidation where increasingly impersonal transactions have made customer service an oxymoron, we bring together independent agents, insurance companies, and other industry specific service providers to develop and deliver insurance products and risk management solutions that benefit our insurance customers.

May 22, 2024 1:00 pm EST
1.0 Regular Credit
June 12, 2024 1:00 pm EST
1.0 Ethics Credit

Join Our Newsletter

Occasional newsletters and CLE invites

Find Us on Social

Upcoming CLE Webinar: Essential Business Skills for Busy Lawyers Part 1 – Communicate Like A Pro

May 22, 2024 1:00 pm EST
CLE Credit: 1.0 Regular

Colleen L. Byers

Colleen Byers Mediation, LLC


Latest Videos

1 Hour

Creating an Attorney Compensation Plan That Will Build Firm Culture and Attract Top Talent

1 Hour

Ethical Uses of Generative AI in the Practice of Law

1 Hour

Four “Ds” of Client Relations: Dabbling, Documentation, Difficult Clients, Don’t Do it!

Need Help?

Visit our Frequently Asked Questions page. 

Or email us directly at

Or submit your issue in the comment form below and we will respond as soon as possible.