Skip to content
Change industry

You said ·  We just had a breach

Industry ·  Legal

A breach happened. Now we fix the entry point.

Most law firms do not plan for a compromise. They plan for a quiet quarter. When a phishing email gets a password, or a fake invoice redirects a conveyancing deposit, the first hour determines the outcome. Trust accounts are frozen. Client files are encrypted. The phone stops ringing because clients are calling to ask if their data is safe.

See if we're a fit More on legal

What this usually looks like

What a breach looks like in a legal practice.

The immediate damage is financial. A $50,000 wire transfer to a criminal syndicate via Business Email Compromise is common. The secondary damage is regulatory. AML/CTF Tranche 2 requires you to report eligible incidents to AUSTRAC within 72 hours. Missing that window triggers penalties.

The third layer is professional indemnity. Law Mutual will investigate how the breach occurred. If your MFA was optional or your backups were not tested, your claim gets scrutinised. Legal professional privilege is also at risk if client files are exfiltrated. You need to prove containment, not just recovery.

The fourth layer is operational. LEAP or Affinity is offline or locked. You cannot access trust account balances or file metadata. Staff are working from home with no secure access. The firm is bleeding revenue while you try to piece together what the attacker saw.

Where we'd start

What we do in the first forty eight hours.

  1. Step 01

    Contain the active threat

    We isolate compromised endpoints and revoke active sessions for all staff immediately. We reset credentials for high risk accounts, especially those with access to trust accounts or email forwarding rules. We block the attacker's C2 infrastructure at the firewall. This stops the bleeding. You get your trust account access back.

  2. Step 02

    Assess the scope and preserve evidence

    We review Cloudflare or Microsoft 365 audit logs to see what was accessed. We check for lateral movement across your LEAP or NetDocuments environment. We preserve logs for Law Mutual and AUSTRAC reporting. We do not guess. We look at the telemetry. If data was exfiltrated, we know what files and when.

  3. Step 03

    Restore and patch the gap

    We restore clean backups of your practice management database and file shares. We enforce MFA on all email and cloud services. We patch the specific vulnerability the attacker used, whether it was a weak password or a missing update. We then set up monitoring for the same attack vector so it cannot happen again.

CCP's security floor

Every CCP client is covered by the Client Security Baseline.

The CSBO is our contractual security floor. MFA on everything that matters. Application control. Vulnerability management. Backups restored, not just scheduled. Account offboarding the same day someone leaves. Password management staff will adopt. Annual awareness training.

If you won't do the basics, we'd rather decline than take responsibility for an incident you chose to ignore.

  • Multi-factor authentication

    Phish-resistant MFA on everything that matters.

  • Application control

    Allowlisted applications. Nothing else runs.

  • Vulnerability management

    Known vulnerabilities remediated inside thirty days.

  • Tested backups

    Backups that have actually been restored, not just scheduled.

  • Same-day offboarding

    Account access cut the day someone leaves the business.

  • Password management

    A password manager your staff will actually use.

  • Awareness training

    Annual cybersecurity training. No one opts out.

  • The full baseline

    Eleven controls in total. Seven shown here. See what's included in Managed IT Complete.

Track record

Twenty years in. A hundred-plus clients. The numbers are load-bearing.

Years in business
0+
Loved clients
0+
Aussie techs
0%

4.8 average · 46 reviews on Google

“The new investors are making us offshore IT. It sucks. You guys were perfect. I don't want to change.”
Paraphrased. A client forced to leave after an acquisition.

Our clients measure their tenure with us in years, not renewals. When they do have to leave (almost always because they've been acquired), they're sad about it. That's the metric that matters.

“Night and day working with CCP. They came in from day one, spent the time to ensure everything was set up and secure properly, and now everything just works. Due to the success we've had with them, we further engaged them to manage our phone systems and website. If you work with CCP you will never have to worry about your IT systems again.”
Trent Martin Google review
“We have been using CCP since the early 2000s and have always had great service on our 20-plus PCs and server. We recently moved to a managed service and cannot rate the experience highly enough. Well done Lee and team.”
Kelvin Mansfield Flexi Google review
“We have been continually impressed with CCP over the several years we have used them. They are extremely efficient, excellent customer service and well priced. I would recommend Lee and his team.”
ProcessWorx HR consulting, Perth Google review
See if we're a fit

The qualifier

Let's see if we're a fit.

Seven questions, one moment of your time. We'd rather tell you now than three months in.

Step 1 of 7

How big is your team?

Counting everyone: staff, contractors, anyone with an account.
See if we're a fit