Practical writing for solo and small-firm lawyers, healthcare practices, and financial advisors who need to satisfy real regulatory obligations without an enterprise security team. No sales pitches disguised as articles. No scare stories. Just the rules, what they mean, and what to do about them.
Model Rule 1.6(c) is 27 words. What it doesn’t tell you is what “reasonable efforts” means when the threat is ransomware or a business email compromise. This post unpacks the Comment [18] factors, Formal Opinions 477R and 483, state bar variation, and gives you a practical framework for documenting compliance.
Read the post →Twelve specific M365 settings every law firm should verify — MFA, legacy auth, forwarding rules, audit logging, sensitivity labels, matter-based access, DLP, Defender, Intune, PIM. Organized by impact, with “good enough” vs “fully hardened” notes for each.
Read the post →