Active security breach or incident? We provide urgent response support.Get Emergency Help Now →
CanadaSecure LogoCanadaSecure
← CanadaSecure

Law Firms & Legal Practices

Client files, trust accounts, andthe confidentiality your licence depends on.

Business email compromise targeting law firms is documented and growing in Canada. Scammers study your public communications, identify the right moment in a transaction, and send a wire instruction that looks exactly like yours — only the account number is different.

Insurer renewal coming up? Client questionnaire sitting in your inbox? Start with the free 3-minute check.

Check Your Exposure — Free, 3 MinutesTalk to a Security Advisor

* Free 20-min call · No pitch, no scan, just answers

What actually happens

A typical law firm incident doesn't start with a hack. It starts with an email.

1

A staff inbox gets compromised.

A paralegal or assistant reuses a password that appeared in an unrelated breach — a streaming service, a professional association portal. The attacker logs in silently and starts reading.

2

They wait for the right transaction.

The attacker monitors the mailbox for weeks, sometimes months, learning the language of your firm and the timing of active closings. They don't rush — the longer they wait, the more convincing they can be.

3

They send revised wire instructions from your domain.

The email looks exactly right — your firm's address, the right tone, the right matter reference. Only the account number is different. The client follows the instructions. The funds don't arrive.

4

The question is no longer about the money. It's about your licence.

Even when funds are partially recovered, the Law Society and your insurer will want to know what controls were in place. "We didn't know the inbox was compromised" is not a sufficient answer.

What we review

An external view of your firm's exposure — in plain English.

We don't require access to your files, your practice management system, or your client data. We review what's visible from the outside, what's in your accounts, and how your communications are configured — then give you a written report.

Email impersonation & spoofing check

We verify whether your domain can be spoofed — meaning a scammer could send a fake wire instruction that appears to come from your firm's email address. This is the most common vector for trust account fraud.

Credential exposure scan

We check whether staff email addresses and passwords have appeared in known data breaches. A single compromised inbox is enough to intercept client correspondence without anyone noticing.

Cloud account access review

We assess whether your Microsoft 365 or Google Workspace accounts have multi-factor authentication enforced, whether inactive accounts exist, and whether login activity shows anything unusual.

External footprint mapping

We review what's publicly visible about your firm online — domains, open services, exposed systems — and flag anything an attacker could use to build a targeted fraud campaign against your clients.

Client-data workflow review

We document how client files, trust account instructions, and signing packages move through your systems — and flag any step where the integrity of those communications could be compromised.

Insurer-readiness documentation

The report maps our findings to the questions your professional liability insurer and Law Society ask about cybersecurity controls. You'll have written answers, not just impressions.

Common triggers

Most firms we work with come to us for one of these reasons.

Professional liability renewal

Insurers increasingly ask about MFA, email security, and incident response plans. A documented assessment gives you verifiable answers — not best-guess responses.

Client security questionnaire

Corporate clients, government agencies, and larger law firm referral partners now routinely ask for evidence of security controls before sharing sensitive mandates.

Staff change or partner departure

Every departure leaves behind active credentials, shared inboxes, and access that may not have been revoked. A review after any significant staffing change is the standard you want on record.

New practice area with higher-value transactions

Adding real estate, M&A, or trust administration to your scope puts higher-value wire instructions through your systems — and changes your risk profile immediately.

Where to start

Choose how deep to go.

Start free. The self-assessment tells you where you're weakest. The paid options give you a verified, documented picture you can share with your insurer or the Law Society.

Free

Self-Assessment

3-minute quiz — see your weakest areas and get a score. No email required to start.

Check Your Exposure Free

Most popular

Plan + Advisory Session

$297 CAD

Your prioritized fix-it plan plus a 45-minute call walking through it. Walk away knowing exactly what to do and in what order. Applies toward any full assessment.

Get Started

External review

Essential Exposure Review

From $497 CAD

We review your firm from the outside — email security, exposed credentials, domain configuration. You receive a written report and a 60-minute findings call.

See What's Included

Not sure which fits? Book a free 20-minute call— we'll tell you honestly.

The insurer and the Law Society
will ask what controls were in place.

A CanadaSecure assessment gives you a written answer — not a best guess. Start free, or book a call if you're ready to go further.

Check Your Exposure — FreeTalk to a Security Advisor

Paid assessments from $497 CAD · No retainers · Plain-English reports