The Compliance Obligation
ABA Model Rule 1.6(c) requires lawyers to make “reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
California State Bar Formal Opinion 2020-203 extends this to every California attorney, requiring competence in evaluating security risks to client data. Monitored security is no longer optional for firms handling sensitive matters.
An ethics violation arising from a data breach carries consequences beyond fines: malpractice liability, bar disciplinary action, and the loss of client relationships built over decades.
The Threat Reality
45+
Confirmed law firm ransomware attacks in 2024
$5.08M
Average breach cost for law firms
56%
Of breached firms lost sensitive client data
40%
Of firms carry cyber insurance (down from 46%)
How Net.Protect Helps
What's included
- 24/7 SOC monitoring with human-led threat response
- Endpoint protection on every workstation and server
- Multi-factor authentication for all attorneys and staff
- Email security with AI-powered phishing detection
- Incident response plan development and testing
What it supports
- ABA Rule 1.6(c) compliance
- California State Bar ethics requirements
- Cyber insurance application and renewal documentation
- Client due diligence and security questionnaire responses
What Your Firm Gets
24/7 monitoring
Human analysts at the SOC watch your environment around the clock. Threats are detected and contained before client data is exposed.
Matter-aware security
Security monitoring that understands the sensitivity of legal data. No offshore data exposure, no third-party access to client information.
Compliance documentation
Quarterly evidence packages for bar audits, cyber insurance renewals, and client due diligence requests.
A named security team
Not a ticket queue. People who know your firm, your systems, and your compliance obligations.
28+
Years serving Bay Area businesses
12
Senior technologists on staff
20+
Year longest client relationship
We needed someone who'd respond fast and actually know our systems. Ken and the Bayport team handle our entire IT environment, and when something breaks, we get a real person who already knows the context. That's rare.
We needed someone who'd respond fast and actually know our systems. Ken and the Bayport team handle our entire IT...
Dorothy Dela Cruz
DJM Capital
We evaluated several providers before choosing Bayport. The difference was honesty and depth. They didn't oversell, they explained what we actually needed, and the technical thoroughness has been consistent from day one.
We evaluated several providers before choosing Bayport. The difference was honesty and depth. They didn't oversell,...
Ben L
Spin Memory
Frequently Asked Questions
ABA Model Rule 1.6(c) requires lawyers to make reasonable efforts to prevent unauthorized access to, or disclosure of, client information. In practice, this means endpoint protection, MFA, encrypted communications, access controls, and a documented incident response plan. California State Bar Formal Opinion 2020-203 extends this to all California attorneys. Non-compliance exposes firms to malpractice liability and bar disciplinary action.
Yes. California State Bar Formal Opinion 2020-203 requires attorneys to understand the security risks to client data and implement reasonable safeguards. Net.Protect provides the technical controls, monitoring, and documentation that demonstrate compliance. Our quarterly evidence packages are designed to satisfy both bar ethics requirements and cyber insurance carriers.
Net.Protect monitors and protects endpoints, email, and network traffic without accessing the content of privileged communications. Our SOC analysts see threat indicators and anomalous behavior, not your case files. There is no offshore data exposure and no third-party access to client information.
No. Net.Protect is designed to layer on top of your existing infrastructure, including your document management system, practice management software, and email platform. We work alongside your internal IT person or current provider. Most firms are fully deployed within 2 to 4 weeks with no disruption to daily operations.
Most law firms handling sensitive matters choose Enterprise for its audit-grade logging, dedicated compliance support, and premium EDR. Smaller firms or those just building their security posture often start with Premium, which covers 24/7 SOC monitoring, endpoint protection, and quarterly compliance evidence. We assess fit in the scoping call before recommending a tier.