Security Step 1: Identify Your Cyber-Assets

James Sparrow
James Sparrow
May 11, 2016

Our mission with LawPay’s Security Series is to promote better data protection in law firms through simple, manageable steps. Each week we will deliver a practical tip you can use to easily update security in your firm. With the increase of cyber-crime and the associated risk to your firm, securing your assets is more important than ever. As a leading payment provider for the legal industry, we are in a unique position to share our knowledge and expertise in data security with our partners and colleagues.

The path to a more secure office starts with creating a simple document detailing your firm’s IT assets. Using our template, list all of the technology you use at your firm, to the best of your knowledge. If you have an IT service or office manager, have them fill in any missing areas they know about. This inventory should include:

Networking infrastructure

Do you have wired (LAN) and Wi-Fi networks? What is connected to each? Is there a guest network? What people have the Wi-Fi passphrase(s)?

Systems and Other Hardware

What PCs, laptops, mobile devices, printers, file servers or network attached storage are present in the practice? The sample office network map below may help prompt you with the hardware present.

Applications and Data

What business software are you using, and what are those applications responsible for? Common software for law firms include QuickBooks or other financial applications, practice management suites, and search and discovery tools. What information do they manage and where does that data reside (both cloud-based and on premises)? Don’t forget about any backups and archives that you may have residing in different locations.


Who are the users with accounts on your systems, and what privileges or capabilities do those users have? For example, you might have administrative rights on your PC, but you may have created an account for your bookkeeper with access restricted to certain folders or files. Ask all members of your staff to help ensure this information is as complete as possible.

Once you have this information recorded in your IT asset inventory, you have officially taken the first steps towards becoming a more secure law firm. Next week, we will talk about simple but effective measures you can take to secure your various accounts.