Compliance
A Fake Wire Email Almost Cost a Closing $180K: IT Support for Western PA Law Firms
A paralegal at a small firm in New Castle gets an email that looks like it is from the managing partner. It is short, it is urgent, and it asks her to update the wire instructions for a real estate closing happening that afternoon. The formatting is right, the signature is right, the partner is in a deposition and not answering his cell. So she sends the corrected instructions to the title company, and the closing funds (about 180 thousand dollars) wire into an account the firm has never seen before. By the time anyone notices, the money has been moved twice and is most of the way to being gone.
That email did not come from the partner. It came from an attacker who had been quietly reading the firm's email for two weeks, learned the rhythm of how the office talks, and waited for a closing to land. This is business email compromise, and law firms are a favorite target because they routinely move large sums on short notice. The hard truth is that this was preventable with the kind of email security that proper law firm IT support builds in by default. This post lays out what law firm IT support should actually cover, how the Pennsylvania Rules of Professional Conduct change the requirements from ordinary small business IT, and how a firm in Mercer, Lawrence, Butler, Crawford, or Erie county should think about the cost.
What should law firm IT support actually cover?
A general IT company keeps your email working and your computers patched. IT support for law firms has to do all of that plus protect a specific kind of asset (confidential client information) under a specific kind of scrutiny (your obligations as an officer of the court), because a failure there is not just downtime. It is a potential ethics problem.
At minimum, law firm IT support in Western PA should cover:
- Document and case management uptime. Whether the firm runs Clio, MyCase, PracticePanther, NetDocuments, iManage, Worldox, or a shared file server, the matter files are the practice. Support has to include the platform, the database backups, and the version updates, so a partner preparing for a Monday hearing is never locked out of the file on Sunday night.
- Email security and anti-fraud controls. Given the wire-fraud story above, this is not optional for a law firm. It means multi-factor authentication (MFA, the second login step that blocks most account takeovers), email filtering that catches impersonation, and a verification habit for any change to payment or wire instructions.
- Secure remote access. Attorneys work from court, from home, and from the road. They need to reach the case files securely without exposing the firm's network, which means encrypted connections and managed devices, not a personal laptop on hotel wifi pulling down privileged documents.
- Backup and recovery of client files. Covered in detail below, because for a law firm the loss or ransom of case files can mean a missed deadline, a malpractice exposure, and a confidentiality breach all at once.
- Time, billing, and trust accounting support. The systems that track billable hours and manage IOLTA (Interest on Lawyers Trust Accounts) funds have to be available and accurate. Downtime here is lost revenue and a compliance risk.
- E-discovery readiness. The firm has to be able to find, preserve, and produce its own data when it is a party or when a client matter requires it. A firm that cannot account for where its email and documents live is not ready for a litigation hold.
The test of a law firm IT support provider is not whether they can fix a slow printer. It is whether they understand that a ransomware hit the week before a trial is a five-alarm emergency, and that a leaked client file is a problem the firm has to report.
How do the Rules of Professional Conduct change what IT a law firm needs?
This is the line that separates law firm IT support from ordinary small business IT, and it is the one most likely to put a partner in front of the disciplinary board.
Pennsylvania, like nearly every state, has adopted a duty of technology competence. Comment 8 to Rule 1.1 of the Pennsylvania Rules of Professional Conduct says that to maintain competence, a lawyer should keep abreast of the benefits and risks associated with relevant technology. Rule 1.6 requires a lawyer to make reasonable efforts to prevent the unauthorized disclosure of, or access to, information relating to the representation of a client. Put together, those rules mean a partner cannot simply say "our IT guy handles the computers" and consider the confidentiality duty satisfied. The reasonable-efforts standard is now a technology standard.
In practice, the Rules of Professional Conduct turn several IT tasks from "nice to have" into "expected and documentable":
- Encryption of confidential data, both on the devices that store it and when it travels. An unencrypted laptop left in a car in Hermitage that held client files is the kind of event that becomes a confidentiality problem and possibly a notification obligation.
- Access controls and unique logins, so the firm can limit who sees which matters (think conflict walls and confidential settlements) and can prove who accessed what.
- Multi-factor authentication on email and remote access. Most law firm breaches start with a phished email password, and MFA is the single most effective block against the account takeover that leads to wire fraud.
- A clear answer on where client data lives. If the firm uses cloud platforms, reasonable efforts include vetting that the vendor protects the data and signing the agreements that hold them to it.
- Documented backups and a recovery plan you can actually execute, because the duty to safeguard client property extends to client files and data, not just paper.
- Secure handling of e-discovery and litigation holds, so the firm can preserve data when a duty to preserve attaches.
The reason this matters beyond the rules is the client relationship. A confidentiality breach at a law firm is not a slow morning. It can mean notifying affected clients, reporting to the appropriate authorities, and the kind of reputational damage that a small firm in a tight legal community like the Shenango or Mahoning Valley cannot easily absorb. Good law firm IT support treats the ethics rules not as paperwork but as the framework the whole security setup is built around, so compliance is a byproduct of doing the technical work correctly rather than a binder nobody updates.
What actually goes wrong at a law firm without proper IT support?
To understand why law firm IT support is worth paying for proactively, it helps to count what the common failures actually cost.
The wire-fraud scenario at the top is the most expensive single event, and it is rising fast because attackers know law firms move closing funds, settlement payments, and retainers. The loss is often not recoverable, and the firm can be on the hook for client money that vanished on its watch.
Ransomware is the other big one. When case files get encrypted and held for ransom, the firm cannot open documents, cannot meet filing deadlines, and may face a confidentiality breach on top of the outage if the attacker stole data before locking it. A firm carrying active litigation with hard court deadlines has very little room to be offline.
Then there is the quiet, ordinary failure: the document management system that goes down during a closing, the email that stops syncing the day before a hearing, the backup that nobody tested until the server died and it turned out to be incomplete. None of these make the news, but each one costs billable hours, frustrates clients, and chips away at the firm's reputation for being buttoned up.
The whole argument for proactive, flat-fee law firm IT support is that this math runs the other way. Monitoring catches the failing drive in the file server before it dies. Email security and a wire-verification process stop the fraudulent transfer before the money leaves. Backups get verified with a real test restore, so a ransomware hit is a few hours of recovery instead of a missed deadline and a hard call to a client.
How much should a Western PA law firm budget for IT support?
Pricing for law firm IT support depends on the number of attorneys and staff, the number of workstations and locations, whether the document management and practice systems are cloud-hosted or server-based, and how much of the security, encryption, and backup work is already in place versus needs to be built. A solo practitioner with a laptop and a cloud platform has very different needs than a twelve-attorney firm with a file server, two offices, and a litigation practice.
Because of that, a credible provider will not quote a per-month number off a phone call without seeing your setup. What you should expect instead is a flat monthly fee, scoped to your firm after an assessment, that covers proactive monitoring, the help desk, email and endpoint security, encryption, backup management, and the safeguards your confidentiality duty requires as one predictable line item, rather than a stack of hourly invoices you cannot forecast. If you want a real number for your specific firm, the right next step is to request an IT assessment so the scope is based on what you actually run.
What you should be wary of is the opposite: a provider who leads with a low flat fee and then bills "project work" every time the file server needs attention or a security gap turns up. That is break/fix wearing a managed-services label, and for a law firm it reintroduces exactly the risk (downtime, unpatched systems, a breach nobody was watching for) that you were trying to remove.
How do you switch IT providers without disrupting active cases?
The fear that keeps firms stuck with a provider who does not understand legal work is the fear of the switch landing in the middle of a trial week. A competent transition is built specifically to avoid that.
It starts with documentation, not disruption. The incoming provider inventories the server, every workstation, the document and practice management configuration, the email setup, the backups, and every credential, while your current setup keeps running untouched. New monitoring and security tools (MFA, encryption, email filtering) get layered in alongside the existing ones, verified, and only then is anything retired. The actual cutover of help desk, Microsoft 365 administration, and backup management gets scheduled around the firm's calendar, on an evening or a quiet day, not the morning of a closing.
For a typical Western PA firm, a well-run transition is a couple of weeks of quiet overlap and one scheduled cutover after hours. The firms that have a bad switch are almost always the ones that waited until a breach or a ransomware hit forced an emergency move, and then tried to change everything in a panic.
If your current IT company treats your client files like any other small business data, and treats your confidentiality duty as your problem instead of theirs, your firm is carrying risk it does not need to. MCR Business Tech Solutions provides law firm IT support across Mercer, Lawrence, Butler, Crawford, and Erie counties in Western Pennsylvania and the bordering counties of northeast Ohio, with the encryption, email security, and backup safeguards a firm actually needs to meet its obligations. Call 833-859-9021 or request an IT assessment. The first call is a conversation about how your firm runs and where your risk sits, not a sales pitch, and you will leave it knowing exactly where your technology and your client data stand.