By MET Florida - METFL | Legal Technology & IT Security

Picture this: It's 7:45 AM on the morning of a critical deposition. Your VPN won't connect. The opposing counsel's exhibits are sitting on the firm server — inaccessible. Your client is already waiting. This is not a theoretical scenario; it is a recurring nightmare for attorneys across the country who depend on aging remote access infrastructure that was never designed for today's hybrid legal practice.

81% of VPN users report issues including slow speeds, dropped sessions, and login complications — and for a practicing attorney, every one of those issues carries professional, ethical, and financial consequences. Breaches and access failures in 2024 averaged $4.88 million per incident, meaning VPN connection problems are not a minor inconvenience: they are a threat to your law firm's survival. Therefore, every attorney must have at least one tested emergency access solution ready before a VPN fails — not after.

This guide breaks down why attorney VPN problems happen, what your ethical obligations actually are, and — most importantly — what emergency access solutions you can deploy right now, today, before the next crisis hits.

Key Takeaways

• VPN failures are not rare — they are routine: Nearly 29% of ransomware claims in Q3 2024 were tied to vulnerable VPNs — a sixfold spike in just one quarter. If your firm has no fallback plan, you are gambling with client representation.

• Ethical obligations require more than good intentions: The American Bar Association Model Rules of Professional Conduct require lawyers to make reasonable efforts to protect client information — and using public Wi-Fi without VPN protection violates this duty of confidentiality. Therefore, attorneys must maintain a functioning, tested access solution at all times.

• Zero Trust is rapidly replacing VPN as the legal industry standard: In 2025, the shift from VPN to ZTNA is accelerating at an unprecedented rate, to the point where Zero Trust is tending to become the new standard for secure remote access. Start evaluating ZTNA options now before your insurer requires it.

• Most VPN connection problems have immediate, fixable causes: Weak Wi-Fi, incorrect credentials, or a server going offline are the most common problems — and simple fixes. Build a personal troubleshooting checklist so you can self-resolve in under five minutes.

• The cost of doing nothing is rising: The ABA reported 29% of firms experienced a security breach. If your firm is not in that statistic yet, it is only a matter of time without proactive remote access planning.

Quick-Start Prioritization Framework

Start here if you're:

• A solo attorney or small firm: Begin with the VPN troubleshooting checklist + cloud document access (Microsoft 365 or similar) — fastest ROI with minimal IT overhead.

• A mid-size firm with hybrid staff: Deploy a VDI solution such as Microsoft Azure Virtual Desktop; pair it with MFA on every system — built for multiple simultaneous remote users.

• A growing or enterprise-level firm: Begin your ZTNA evaluation immediately — your cyber insurance carrier is likely already asking questions about your segmentation and Zero Trust alignment.

Why Attorney VPN Problems Are Getting Worse, Not Better

The Fundamental Design Flaw

VPNs have been around since lawyers still used fax machines — they work by creating a secure tunnel between a user's device and the firm's internal network. That sounds reassuring. The problem is the threat landscape of 2025 looks nothing like the world VPNs were designed for.

VPNs were designed for a different era — a simpler time before ransomware gangs rented out hacking kits and remote work became the norm. When every attorney worked from a single office location, the castle-and-moat model of network security made sense. Today, attorneys work from courthouses, hotels, coffee shops, home offices, and airports — and a VPN treats every connected device as fully trusted the moment it logs in.

One bad credential means full network access. A single stolen password can give attackers free reign over your entire environment. For a law firm handling trade secrets, financial records, and privileged communications, that is an unacceptable risk profile.

The User Experience Problem Is a Compliance Problem

In my experience, the biggest VPN risk at law firms is not hackers — it is frustrated attorneys finding workarounds. VPNs are clunky and slow, which is why so many attorneys end up using unauthorized tools. When an attorney uploads a case file to a personal Dropbox account because the VPN is too slow, that action may violate attorney-client privilege, bar rules, and firm policy simultaneously.

The rise of shadow IT and unsanctioned workarounds is a direct consequence of VPN friction. Therefore: if your VPN is difficult to use, it is a security liability, not just an IT annoyance. Ease of use and security are not opposites — and your remote access solution must deliver both.

Exploitation Is Surging

In 2024, VPN gateways from big names like Ivanti, Cisco, and SonicWall were hit by mass exploitation. These are enterprise-grade products used by some of the world's largest organizations, and they were successfully weaponized against their users. For law firms running older, unpatched VPN infrastructure — often maintained by stretched IT teams or even managed by attorneys themselves — the risk is exponentially higher.

The Six Most Common VPN Connection Problems (and How to Fix Them Right Now)

Problem 1: The VPN Won't Connect At All

VPN connectivity issues can be categorized into connection, authentication, and configuration problems. Before escalating to IT, work through this sequence:

1. Confirm your base internet connection works by browsing without the VPN active.

1. Restart your router and modem — this alone resolves a surprising number of failures.

1. Verify credentials, check ports 443/1194, and test on a different network to isolate the issue.

1. Check whether your device's firewall is blocking VPN traffic.

1. Try connecting from a completely different network — your phone's cellular hotspot is ideal for this test.

Action: Weak Wi-Fi, incorrect credentials, or a server going offline are simple fixes and the most common problems. Save this checklist on your phone so it is available even when your laptop is offline.

Problem 2: Slow VPN Speeds Making Work Impossible

VPN connection issues fall into two main categories: slow connections and dropped connections. A slow VPN connection increases the time required to load files, access online resources, and complete tasks. Generally, a low internet speed or a weak wireless signal can slow VPN connections down.

For attorneys specifically, a slow VPN during a live deposition, court filing deadline, or client call is a professional emergency. Here is what to do immediately:

• Switching VPN servers can help with a slow connection — if a server is overcrowded, each user gets less bandwidth.

• Switch to WireGuard, change servers, try UDP, or enable split tunneling for immediate gains.

• If you're using Wi-Fi, consider switching to a wired connection for better stability.

• Background applications can consume bandwidth and slow down your connection — close any applications you're not actively using.

Action: Check your speeds with and without the VPN to determine whether your internet provider or the VPN server is causing the slowdown. Use a free tool like Speedtest by Ookla to establish your baseline.

Problem 3: Dropped Connections Mid-Session

Repeated VPN disconnects are commonly caused by an unstable internet connection, though the root issue can differ from case to case.

Sometimes the issue isn't throughput but firewall or routing rules — because of newly added rules, changed policies, or a device reboot that resets defaults. A VPN may successfully connect but then get blocked or timed-out by a firewall that isn't configured to maintain the session. This is particularly common after a firm IT update or when attorneys travel and connect from hotel networks.

If your VPN keeps disconnecting, disable your firewall temporarily, switch protocols, or check for DNS leaks causing drop-outs. Re-enable security software immediately after testing.

Problem 4: DNS Leaks Exposing Client Data Without Your Knowledge

I've found this to be one of the most underappreciated risks in legal remote access. A VPN can appear to be working perfectly while silently leaking your DNS queries to third parties.

Modern browsers include a feature called "Secure DNS" (also known as DNS-over-HTTPS or DoH). While this feature enhances privacy in normal browsing, it creates a significant vulnerability when used alongside a VPN.

When Secure DNS is enabled in your browser, your DNS queries bypass your VPN tunnel entirely — instead of routing through your encrypted VPN connection, these queries go directly to third-party DNS providers like Google or Cloudflare.

Action: By disabling Secure DNS while using a VPN, you ensure all your traffic, including DNS queries, flows through a single encrypted tunnel. For legal professionals handling confidential client matters, this simple configuration change can close a significant privacy gap.

Problem 5: VPN Application Crashing or Failing to Launch

If your VPN is crashing, update or fully reinstall the client — corrupted app data is a common culprit on all devices. Many attorneys neglect updates to VPN client software for months, causing silent compatibility failures with operating system updates.

Additionally: Over time many devices experience "fatigue" due to running out of free memory or resources — restarting your device may help your connection speed.

Problem 6: Certain Applications Won't Work Over VPN

VPN is a great solution for remotely accessing files with firm laptops, but not every application runs well over VPN — practice management software is a common issue.

When evaluating, it is recommended to roll out a pilot program and let a few staff and attorneys test real-world usage. You may encounter issues where certain firm applications run too slowly to use over VPN, or possibly that an application cannot be made to work properly.

Action: For applications that consistently fail over VPN, consider migrating those specific apps to a cloud-hosted version or adding a virtual desktop layer for those workflows only.

Your Ethical and Legal Obligations Regarding Remote Access

ABA Model Rules: What They Actually Require

ABA Model Rule 1.1 requires that lawyers provide competent representation. In 2012, the ABA amended Comment 8 to add that competence includes "keeping abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology." This single sentence transformed technology competence from a best practice into an ethical duty.

Rule 1.1 requires lawyers to stay up to date on changes in technology and how those changes affect client confidentiality. Rule 1.6 outlines the obligation to prevent unauthorized access to client information.

This is not abstract guidance. An attorney who knowingly uses a VPN that has known vulnerabilities — and does not patch, replace, or supplement it — may be in violation of their professional conduct rules. Therefore: if your VPN is more than 18 months old and has not been audited, schedule that audit today.

State Bar Specifics

The New York City Bar Association's Formal Opinion 2019-5 addresses remote access to client data and establishes specific expectations for VPN usage, device encryption, and access controls.

The State Bar of California adopted the duty of technology competence through Formal Opinion 2015-193. California's opinion goes further than many states by explicitly listing cybersecurity as a component of competence and noting that attorneys may need to hire outside experts or attend continuing education on technology topics.

Many state bars go a step further than the ABA with more specific cybersecurity expectations. New York, for example, encourages firms to have written cybersecurity policies, employee training programs, and formal breach response plans.

Action: Check your state bar's formal ethics opinions on remote access. Compliance is jurisdiction-specific, and failing to meet your jurisdiction's guidelines can result in ethics complaints and disciplinary action.

What Happens When Access Fails During Active Representation

Where an incident prevents the law firm from accessing client information, the Rules obligate lawyers to take reasonable steps to determine the scope of attack and restore access.

A cybersecurity incident that materially impairs the lawyer's ability to provide legal services to clients is a "material development" in a matter about which the lawyer must "promptly inform the client."

This means a prolonged VPN outage during active litigation may trigger client notification obligations. Therefore: your emergency access plan is not just an IT document — it is a professional responsibility document.

Emergency Access Solutions That Actually Work

Solution 1: Mobile Hotspot as the Instant Fallback

When your VPN fails at a critical moment, your phone's cellular data connection is your fastest safe alternative. When in doubt about Wi-Fi legitimacy, use your mobile device's cellular hotspot instead of connecting to questionable public networks — this provides a more secure connection for accessing sensitive information.

Many legal professionals keep backup mobile data plans specifically for situations like this. Consider adding a secondary data-only SIM to your mobile plan specifically for emergency legal work. The cost is minimal; the protection is substantial.

What to do: Keep cellular hotspot enabled and tested on your phone at all times. Pair it with a cloud document access system so that critical files are accessible even if the firm server is unreachable.

Solution 2: Cloud-Based Document Management (Microsoft 365 / SharePoint)

Cloud storage solutions such as SharePoint play a pivotal role in enabling remote work for legal professionals. By storing your firm's documents in a centralized, cloud-based repository, you ensure that your team can access critical files anytime, anywhere — eliminating the need for physical office visits.

SharePoint offers robust capabilities tailored to the needs of law practices, allowing for secure document sharing, real-time collaboration, and version control, ensuring that every update is tracked.

This approach is particularly powerful as a VPN backup because it requires no VPN tunnel at all — attorneys connect directly to a cloud-hosted system through standard HTTPS, with MFA providing the security layer.

Action: Many firms run hybrid models while modernizing internal apps and storage — start with email and document management systems, then extend firm-wide.

Solution 3: Virtual Desktop Infrastructure (VDI)

A virtual desktop, sometimes called VDI or Virtual Desktop Infrastructure, takes a fundamentally different approach. Instead of extending network access to the remote device, a virtual desktop delivers a computing session that runs entirely on servers in the firm's data center or cloud environment.

A VPN creates an encrypted connection between a remote device and the firm's network, extending network access to the attorney's local device. A virtual desktop runs the attorney's computing session entirely on firm servers, delivering only a screen image to the local device while keeping all firm data on the server rather than on the attorney's machine.

For attorneys handling highly sensitive matters — M&A, criminal defense, family law involving children — VDI provides a level of data separation that VPNs simply cannot match. Microsoft Azure Virtual Desktop environments for law firms deploy a configuration in which attorneys access a fully managed virtual desktop session that enforces security policies, prevents data downloads to personal devices, and logs all session activity for audit purposes.

Solution 4: Zero Trust Network Access (ZTNA) for Long-Term Security

Zero trust network access (ZTNA) is a security framework that shifts access decisions from location-based trust to identity- and context-based verification. Instead of assuming that anyone inside the corporate network is safe, ZTNA follows the principle of "never trust, always verify."

Think of the difference this way: If a VPN is a master key to the whole building, ZTNA is a lock that opens only the specific rooms the user is authorized for, only when they meet security requirements.

For attorneys, ZTNA aligns powerfully with the ethical principle of least-privilege access to client data. Whether your lawyers are in court, at a café, or halfway up a ski lift, access controls follow them — supporting compliance with Model Rules 1.1 and 1.6.

Gartner estimates that by 2025, at least 70% of new remote access deployments will be via a ZTNA solution. Therefore: if your firm plans any infrastructure refresh in the next 12 months, do not invest in legacy VPN capacity — invest in ZTNA instead.

Solution 5: Managed Legal IT Services

After years of working with law firms on technology resilience, what actually works is having a dedicated managed IT partner with legal-specific experience. Ideally, you engage a vendor that explicitly provides managed IT services for law firms — providers should understand legal ethics requirements, have experience with law firm technology, be familiar with the regulatory frameworks governing legal practice, and demonstrate successful engagements with similar firms.

Establish a remote IT helpdesk that can be accessed via phone, email, or live chat — and verify that your managed service provider offers emergency after-hours response. A VPN failure at 6 AM before a 9 AM hearing requires immediate human support, not a ticketing system.

VPN vs. ZTNA: The Decision Framework for Law Firms

Head-to-Head Comparison

One of the most significant differences between VPNs and ZTNA is the level of access they grant. VPNs offer network-level access, while ZTNA provides access to a specific application. Since VPNs provide access to the network as a whole, an attacker has the potential to access other systems without authorization by exploiting vulnerabilities or using compromised credentials.

When to Keep Your VPN (for Now)

Not every firm needs to rip out its VPN tomorrow. VPN vs. Zero Trust isn't a clean either/or decision — think of VPN as a tool you deploy, and ZTNA as a security framework you apply. Most organizations find value in using both during transition periods.

For legacy systems, a hardened VPN with MFA, network segmentation, and short session lifetimes can be effective. If your firm's on-premise server infrastructure is not yet ready for a full ZTNA migration, hardening your current VPN is a legitimate interim step — provided you commit to a migration timeline.

When ZTNA Is the Only Responsible Choice

Institutional clients, particularly in financial services, healthcare, and technology, increasingly require outside counsel to complete security questionnaires before engagement. Firms that cannot demonstrate adequate security controls lose business to competitors who can.

If your firm is actively competing for enterprise clients, major corporate mandates are already in play. Major corporations including JPMorgan Chase, Google, and Johnson & Johnson have implemented formal outside counsel security requirements. If you cannot pass a client security questionnaire, you will lose the engagement — therefore, security investment is now directly tied to revenue.

Common Mistakes Attorneys Make With Remote Access Security

Mistake 1: Using Free or Consumer VPNs for Client Work

You should try to select a VPN that does not log any information that passes through it — meaning you should likely avoid "free" VPN services which may be ad-based or may collect your user data, instead opting to pay for the VPN software.

Free VPNs are available but may have restrictions and/or security risks. A "free" VPN that monetizes user data is categorically incompatible with attorney-client confidentiality. Action: Audit every VPN currently in use at your firm and confirm the provider's data handling and no-logs policy in writing.

Mistake 2: Skipping Multi-Factor Authentication

To protect client confidentiality while enabling speed, focus on a proven stack: MFA in legal practice, VPN or zero trust, role-based access control, endpoint protection, mobile device management, encrypted communications, and continuous training.

I've found that MFA is the single highest-return security investment available to any law firm. Encryption is a critical tool for protecting client data. Law firms should use end-to-end encryption for sensitive emails and files, and multi-factor authentication should be enabled for all systems and applications that store or access sensitive data, adding an extra layer of security.

Action: Enable MFA on every system that a remote attorney can access — email, document management, billing, case management — without exception.

Mistake 3: Treating Personal Devices as Secure

An attorney working from home opens their personal laptop, connects to the family Wi-Fi router, and pulls up a client's case file to prepare for a deposition. The router is running firmware from three years ago that has never been updated. The laptop has no endpoint protection beyond the consumer antivirus software that came pre-installed. This is the single most common source of law firm data exposure.

The limitation of VPN is that it extends network access to the remote device itself, meaning that any malware or attacker already on that device is now effectively inside the firm's network through the VPN connection.

Action: Deploy mobile device management (MDM) on every device used to access firm systems — personal or firm-issued. This is not optional; it is a baseline under current ABA guidance.

Mistake 4: No Incident Response Plan for Access Failures

Law firms should consider preparing a data breach response plan that informs stakeholders how to respond when a breach occurs.

This plan must include a specific section for VPN and remote access failures — not just data breaches. What is the attorney's next step when VPN fails during active representation? Who do they call? What is the secure fallback? If your firm cannot answer those questions in 60 seconds, your plan is incomplete.

Frequently Asked Questions

What should an attorney do immediately when their VPN won't connect?

First, confirm your basic internet connection is working by browsing without the VPN. Then try restarting your router and re-entering your credentials. Weak Wi-Fi, incorrect credentials, or a server going offline are the most common problems and the simplest fixes. If none of these work, switch to your phone's cellular hotspot and connect to your cloud document system (such as Microsoft 365) as an emergency workaround until your IT support can investigate the VPN.

Are attorneys ethically required to use a VPN for remote access?

Not necessarily a VPN specifically — but they are required to use adequate security. Legal professionals must always use a VPN when connecting to public Wi-Fi. This is not merely a recommendation but an ethical necessity. The ABA Model Rules require "reasonable efforts" to protect client data, and your state bar may have additional requirements. Any solution must protect client confidentiality to meet that standard — whether that is a VPN, ZTNA, or VDI.

Why does my VPN slow down so dramatically when I work remotely?

A VPN is dependent on the speed of your connection to the Internet — whatever the speed of the connection is, the VPN cannot be faster. You should expect a small loss in speed when connecting to any VPN service due to the software having to encrypt every packet of data. This loss should be small, usually 10–20% when compared with your connection without a VPN. If your slowdown is greater than that, the likely causes are an overloaded server, a distant server location, or your underlying Wi-Fi connection. Switch servers, try a wired connection, and close background apps.

What is the difference between a VPN and Zero Trust Network Access (ZTNA) for a law firm?

VPNs offer network-level access, while ZTNA provides access to a specific application. In practical terms: a VPN is like handing someone a master key to your office building; ZTNA is like giving them a key that only opens the specific room they need, only while they are being watched, only after they have proven their identity. For law firms protecting sensitive client data, ZTNA offers significantly stronger protection against both external attackers and insider threats.

How much does a proper VPN or ZTNA solution cost for a small law firm?

VPN pricing can vary — a premium VPN solution with many protocols may offer incredible performance and security measures, but it can be overkill for a small firm. Enterprise-grade VPN solutions typically start at $10–$20 per user per month, while ZTNA solutions from vendors like Microsoft (Entra), Cisco (Duo), or Cloudflare Access vary widely based on firm size and feature requirements. The more meaningful cost comparison is against a breach: breaches in 2024 averaged $4.88 million per incident — making any reasonable security investment cost-effective by comparison.

What is the fastest emergency remote access solution if VPN is completely down?

The fastest emergency solution is your phone's cellular hotspot paired with a cloud document system. Using a VPN also gives your law firm additional flexibility — staff can work from home, a coffee shop, or even while traveling without compromising security or efficiency. When the VPN itself is the problem, your cloud-based systems (Microsoft 365, Google Workspace, cloud-hosted practice management software) become your lifeline — and they require no VPN connection at all to function securely over HTTPS with MFA.

Should a solo attorney or small firm bother with ZTNA, or is a hardened VPN sufficient?

For firms whose attorneys primarily need access to email and document collaboration rather than sensitive case management systems, a properly secured VPN combined with Microsoft 365 cloud access may be a proportionate solution. A solo practitioner handling standard civil matters may not need ZTNA today. However, in a world where large cities can be held up by ransomware attacks and hackers can shut down multinational law firms, we are far past the point where solo and small firm lawyers can ignore cybersecurity issues. At minimum, every solo practitioner needs: MFA on all systems, a no-logs paid VPN, and at least one cloud-based document fallback.

Building Your 30-Day Remote Access Emergency Plan

The goal of this section is to give you a concrete action sequence, not just more awareness. In my experience, awareness without a deadline becomes another item that never gets done.

Week 1 — Audit and Immediate Fixes:

• Test your current VPN by attempting to connect from three different locations (office, home, phone hotspot).

• Verify MFA is enabled on all remote-access systems.

• Check your VPN client version — update if more than six months old.

• Confirm your VPN provider has a published no-logs policy.

Week 2 — Emergency Fallback Setup:

• Enable cloud document access (Microsoft 365 or equivalent) for all attorneys, separate from VPN.

• Confirm all attorneys can access client files via their phone's hotspot with no VPN required.

• Identify which applications are VPN-dependent and which are cloud-hosted.

Week 3 — Policy and Documentation:

• Use company-approved virtual private networks (VPNs) and encrypted cloud storage for handling sensitive information, and document this policy in writing for your state bar audit trail.

• Draft a one-page "VPN is down" response protocol for every attorney and staff member.

• Schedule a 30-minute training session on the fallback procedures.

Week 4 — Evaluate Long-Term Architecture:

• Decide on VPN hardening versus Zero Trust rollout — pilot with one practice group.

• Contact a managed IT provider with legal-sector experience — including MET Florida - METFL — for a formal assessment.

• Schedule quarterly access-failure drills going forward.

Sources

1. Secure Remote Access for Legal Professionals — IronOrbit. Remote work security for attorneys, MFA requirements, and ZTNA overview. https://www.ironorbit.com/secure-remote-access-for-legal-professionals/
   

1. Law Firm Security: VPN or Zero Trust? — LG Networks, Inc. VPN vulnerabilities, ransomware statistics, and ZTNA comparison for legal environments. https://www.lgnetworksinc.com/law-firm-security-vpn-or-zero-trust/
   

1. Law Firm Security and VPNs: What You Need to Know — AccuNet. Foundational overview of VPN use for law firm data security. https://accu.com/it-services/law-firm-security-and-vpns-what-you-need-to-know/
   

1. Remote Work Best Practices for In-House Lawyers — Thomson Reuters Legal. VPN and cloud security requirements for remote legal professionals. https://legal.thomsonreuters.com/blog/adapting-to-remote-work/
   

1. Secure Remote Access for Law Firms — Clear Guidance Partners. VPN and virtual desktop options, pilot program strategy. https://www.clear-guidance.com/insights/blog-post-title-two-rbbbm
   

1. When Small Law Firms Outgrow VPNs — CentreStack Blog. Real-world case study of VPN migration at small law firms. https://blog.centrestack.com/2026/02/when-small-law-firms-outgrow-vpns-field.html
   

1. Remote Work IT For Law Firms: Secure Attorney Access — Partners Plus. VPN vs. VDI architecture for law firms, Microsoft Azure Virtual Desktop deployment. Remote Work IT for Law Firms: How to Keep Attorneys Productive and Secure Outside the Office
   

1. VPN for Legal Professionals — The Tech-Savvy Lawyer. Public Wi-Fi ethics for attorneys, VPN as ethical obligation. https://www.thetechsavvylawyer.page/blog/tag/vpn+for+legal+professionals
   

1. Law Firm Data Security: VPNs and How Data is Tracked — PracticePanther. VPN types, zero-log policies, pricing guidance for law firms. Law Firm Data Security: VPNs and How Data is Tracked
   

1. Cybersecurity for Law Firms: ABA Compliance Guide — Petronella Cybersecurity. State bar opinions, ABA Model Rules 1.1 and 1.6, formal opinions by jurisdiction. Cybersecurity for Law Firms: ABA Compliance Guide
   

1. The Law Firm Guide to Cybersecurity — Washington State Bar Association. Official bar guidance on VPN selection and two-factor authentication. https://www.wsba.org/for-legal-professionals/member-support/practice-management/guides/cybersecurity-guide
   

1. NYC Bar Formal Opinion 2024-3: Ethical Obligations Relating to a Cybersecurity Incident — New York City Bar Association. Ethics opinion on cybersecurity incidents and client notification duties. Formal Opinion 2024-3: Ethical Obligations Relating to a Cybersecurity Incident
   

1. Best Practices for Law Firms to Meet Cybersecurity Obligations — Association of Legal Administrators. Comprehensive cybersecurity strategy and regulatory compliance guide. [https://www.alanet.org/legal-management/lm-extras/best-practices-for-law-firms-to-meet-cybersecurity-obligations](https://www.