832-304-1850

Texas Compliance and Cybersecurity for Law Firms

Your duty to protect client confidences, your state safe-harbor protection, and your firm’s cybersecurity are no longer three separate problems — they’re one. Briggs IT helps Texas law firms understand what the rules require and build the written proof that they’ve met it.

The stakes changed.

Your program should too.

For years, protecting client information was a matter of professional courtesy and good practice. That’s over. Texas attorneys are now held to a duty of technological competence — the State Bar’s ethics opinions have made clear that a lawyer must take reasonable steps to safeguard client confidences against foreseeable unauthorized access, including across email, cloud services, and AI tools. The duty is no longer aspirational. It’s an expectation you’re measured against.

At the same time, Texas Senate Bill 2610 (SB 2610) created something new: an affirmative safe harbor against punitive damages for a firm that has implemented and documented a qualifying cybersecurity program. Here’s what that means in plain terms — in the event of a breach, your firm is either able to show, in writing, that it qualified, or it isn’t. That single distinction can be what stands between a manageable incident and your partners’ personal exposure. The program isn’t paperwork for its own sake. It’s the documentation that protects the people who own the firm.

What a Texas law firm

Actually Needs.

A qualifying program isn’t one thing — it’s a set of pieces that work together and, just as important, the written evidence that each one exists. For most firms, that looks like things such as:
Most firms we review have two or three of these in place. A complete program has all of them — implemented, and documented well enough to show someone who asks.

How we work with

law firms

Every engagement is paced to the firm, but a typical first three months looks like this:

The two things every

firm says first

Most firms do, and a good one is worth keeping. But fixing laptops and building a compliance program are different jobs. A compliance program means someone who can write a Written Information Security Program that lines up with the State Bar’s ethics expectations, document an incident response plan, and produce the evidence an examiner — or a plaintiff’s attorney — will ask to see. If your current provider does that, you’re in good shape. If they don’t, Briggs IT can work alongside them on the compliance layer, or take over the IT entirely. Your call, not ours.
Small firms get hit precisely because they’re small. Attackers don’t pick a firm and study it — they run automated campaigns against tens of thousands of firms at once and take whoever’s unprotected. And a small firm holding wire instructions, settlement funds, and client confidences is exactly the kind of target that pays off. Size isn’t cover. Preparation is.

See where your firm stands

The Compliance Readiness Review is a working session built for firms like yours. We walk through where your practice sits against the State Bar’s ethics expectations, SB 2610, and sound security practice. Afterward, once we’ve worked through what we found, you get a written gap report in plain English. No sales pressure — many firms take the report and close the gaps themselves; some ask us to quote. Either way, you finish the meeting knowing more than when you started, whether or not you ever hire Briggs IT.