top of page
  • Writer's pictureAIM

AIM’s Cyber Security Checklist for Small to Medium-Sized Firms

Updated: Dec 29, 2023

Law firms are the perfect target for cybercrime attacks. If you and your employees haven’t been educated on the types of security breaches that expose you and your firm’s data to cybercriminals, consider this a crash course.

Of all the potential cyber threats to law firms, ransomware and cyber fraud are among the most dangerous.


How do cybercriminals get into your firm by phishing or using ransomware, and how do you avoid it? Cybercriminals can sneak in when your desktop is exposed when there are vulnerabilities in your VPN software, or cyber criminals can infect your computer with malware through remote access.

Here are five smart cyber strategies to avoid these exposures:


1. Use Spam Filters & Email Configuration.

Activate filters to prevent phishing emails and quarantine suspicious emails before they are opened. Train your employees to never click on links.

2. Use Next Generation Anti-Virus (NGAV) & Endpoint Detection and Response (EDR).

Cybercriminals find ways around traditional anti-virus detection methods to infect firms with malware. NGAV and EDR use artificial intelligence, behavioral detection, and machine-learning algorithms to better protect you against new or unknown zero-day threats compared to traditional, signature-based threats. Crowdstrike is one available option.

3. Use Remote Desktop Protocol (RDP).

The easiest way to avoid access to your network is to simply disable RDP. If you use RDP, you should place RDP access behind your VPN (virtual private network), which is protected by two-factor authentication.

4. Use Two-Factor Authentication.

This is one of the best steps to protect against a data breach. Passwords alone are not good enough. Two-factor notifications, such as push notifications and authenticator apps, add another layer of security to password-protected accounts. If you are not using two-factor authentication, you should immediately implement it. Authy, Duo, and Microsoft Authenticator are good options.

5. Use Offline Backups. These backups are extra copies of important data. Onsite and offsite backups of your critical data and systems are necessary to protect you from dangerous cyberattacks, including ransomware. Having a robust backup strategy that includes practicing to ensure you can restore systems from backups is critical to reduce any business disruption you suffer during a security incident.


In addition, employees themselves often unwittingly expose the firm to cyber threats due to carelessness or lack of training.

  • Do you and your employees know how to recognize phishing and potential ransomware threats?

  • Do you hover over email addresses to verify legitimacy?

  • Has anyone at your firm received fake emails or texts with impatient requests that you or your staff have fallen for?

  • Do your employees know never to click on any link in any email or text until they have scrutinized the email for anything suspicious?

  • Do your employees know only to click on a link when they are absolutely sure it is genuine, which means they may need to walk down the hall or pick up the phone and call the supposed sender directly to ask about it?



As an AIM policyholder with cybersecurity coverage, you can access our cyber risk management portal with educational and training resources provided by Tokio Marine Houston Casualty Company (TMHCC). TMHCC handles claims under the Cyber Liability Endorsement on your AIM policy.

The Cyber Security portal can be accessed here on our website. You will need the following username and password to access the portal:


Password: PeaceofMind100%!


Your AIM lawyer professional liability policy offers cyber coverage for first-party exposures like ransomware attacks and can help with the direct financial impact of the cyberattack, including the fees associated with restoring data, income loss, downtime, crisis management, and client communications. Third-party coverage protects against claims alleging liability for the data breach and the regulatory fees that follow.



For a more in-depth look at AIM’s cyber coverage product offerings, visit us here online.

Insureds who purchase AIM’s cyber protection receive minimum limits of $50,000 of cyber coverage, including a Cyber Crime sub limit for loss of money or securities due to financial, telecommunication, and phishing fraud, subject to a $2,500 per claim deductible.  Higher limits are available.


If you’re asking yourself, “so how much coverage do I really need?", consider the following:

  • What type of law do you practice?

  • What money changes hands? (Do you close real estate loans, and if so, what is the typical transaction size? Do you settle large cases? Do you frequently wire money or receive wired money?)

  • What is considered the most critical data of your firm (the “crown jewels”)?

  • Do you handle a lot of Personal Identifiable Information (PII)?


Please refer to your cyber endorsement to determine coverage applicability and availability. If you have any questions about the cyber liability insurance offerings or for more information on potential higher limits, please contact Vice President & Underwriter Wilma Fields at or Senior Underwriter Ben Parks at


62 views0 comments


bottom of page