Cyber awareness training for law firms
Your firm runs on privileged communications, client funds and confidential instructions. Attackers know it. We train every fee earner and staff member to catch the attacks that filters miss, and we measure the change.
Why law firms get targeted
These are the attack patterns we train against in this sector, drawn from live campaigns rather than textbook examples.
Spoofed client instructions
Fake filing notices, forged client emails and compromised counterparty threads that redirect completion funds or harvest credentials at the worst possible moment.
Payment fraud in conveyancing and M&A
Business email compromise targeting escrow and completion payments, where a single convincing bank-detail change can cost more than a year of fees.
Privilege and data exposure
Global firms have suffered ransomware and data-exposure incidents in recent years. For a firm, leaked matter files are not just a PDPA problem; they are an existential trust problem.
AI-enabled impersonation
Deepfake voice notes and AI-written spear phishing make "the client called to confirm" a dangerous sentence. Your people need to know the verification habits that hold.
The rules your people operate under
Training is the control every one of these frameworks expects, and our engagement report is the evidence they ask for.
Protection and accountability obligations over client personal data, with staff training the first arrangement regulators look for.
Confidentiality duties under the Legal Profession (Professional Conduct) Rules 2015 extend to how your people handle email, devices and files.
Corporate and financial-sector clients increasingly send security questionnaires to their panel firms. Training evidence is a standard ask.
The national baseline certification expects employees to be equipped as the first line of defence. Our report is your evidence.
What we build for law firms
Everything in the core Cyber Safety workshop, live hacking demonstrations included, plus sector-specific depth:
- Phishing analysis drills built from real lures used against law firms: fake court filings, spoofed client instructions and counterfeit counsel correspondence
- Payment fraud scenarios for conveyancing, M&A and client-account teams
- Protecting privileged communications on email, mobile and chat
- Safe use of AI tools in legal work: what can and cannot leave the firm
- Incident reporting and breach-notification duties in a law firm context
- Pre-workshop consultation
- Post-training phishing simulation
- Before-and-after awareness measurement
- Board-ready engagement report
- Certificates for all participants
Measured results
reduction in phishing incidents across recurring yearly workshops
Over the years we have seen a 70% reduction in phishing incidents, thanks to the vigilance these yearly workshops build.
lift in self-rated staff awareness in a single session, NPS +50 with zero detractors
Where to start
Most Singapore firms fit the Essentials annual programme: a firm-wide half-day, a refresher, two phishing simulations and a report your managing partner can table. Multi-office firms typically run one session per office.
Pilot Workshop
Your first engagement, any team size
- Live 2-hour virtual (S$2,800) or half-day on-site workshop (S$5,400)
- Curriculum tailored to your sector in a pre-workshop consultation
- Live hacking demonstrations and hands-on exercises
- Post-training phishing simulation with analytics
- Board-ready engagement report and debrief
The pilot fee is credited in full against any annual programme signed within 90 days.
Essentials
Organisations up to 300 staff
- One on-site half-day workshop plus one virtual refresher
- Two phishing simulations with analytics
- Four quarterly 30-minute virtual threat briefings
- Annual board-ready report for auditors and insurers
Legal questions, answered
Can you train fee earners and support staff together?
Yes, and we recommend it. Attacks enter through secretaries, finance and paralegals as often as through lawyers. We run mixed sessions with role-specific scenarios, or separate sessions per office where headcount suits it.
Do you cover our duties under the Legal Profession rules?
Yes. The compliance module maps everyday behaviour to your confidentiality duties under the Legal Profession (Professional Conduct) Rules 2015 and the PDPA, in plain language rather than legalese.
Our firm has under 50 people. Is this still for us?
Yes. Smaller firms usually start with a single half-day workshop with the phishing simulation and report included, and move to the annual programme if they want year-round reinforcement.
Will this satisfy client security questionnaires?
The engagement report documents what was trained, who attended and how behaviour measured before and after, which is exactly the evidence most client questionnaires and panel reviews ask for.
Not sure where you stand? Take the free two-minute check: Do I need cyber awareness training for my team?
Other industries
Ready to train your legal team?
Book a 30-minute scoping call. We will map your headcount, sites and regulatory context to the right format and give you a clear quote.