Bringing a growing law firm’s security posture in line with its scaled-up business

Immediate fixes for urgent security matters and a phased migration to MS365

The KG team knew it would be too disruptive to immediately transition everyone over to a Microsoft 365 (M365) business or enterprise subscription. While creating a roadmap for eventual migration to M365, Kalles Group implemented a number of urgent fixes to address major vulnerabilities.

Kalles Group’s roadmap to M365 adoption included a phased migration approach designed to minimize operational disruptions. Upon learning that some of the firm’s contracted employees were using Google Workspace for tasks like document sharing and email communication, the consultants conducted a security analysis and made risk mitigation recommendations.

The phases in Kalles Group’s work with the law firm can be summarized as follows.

Phase 1: Taking care of urgent security needs

These initial measures mitigated some immediate risks and laid the groundwork for a more permanent and scalable solution.

• Enforcing MFA on individual accounts. While employees continued to use personal Microsoft family accounts for the time being, Kalles Group enforced MFA on them to prevent unauthorized access and protect sensitive client data.
• Basic security awareness and training. Kalles Group provided recommendations and resources to educate employees on phishing attacks, strong password practices, and suspicious activity reporting to reduce the risk of human error leading to potential breaches.
• Asset inventory cataloging. As a foundation for their broader migration roadmap, the KG team began cataloging their existing IT assets, including identifying all personal Microsoft accounts being used, devices connecting to their systems, and the key tools and services in use.

Phase 2: Creating a migration roadmap to the Microsoft 365 ecosystem

Steps in this transition allowed the firm to adopt a centralized, corporate-grade IT environment that aligned with their operational needs and budget constraints.

• Making licensing recommendations. Kalles Group outlined a cost-effective licensing strategy that included Microsoft 365 Business Premium or Enterprise licenses.
• Strengthening identity and access management. The consultants transitioned the law firm over to a centralized directory structure using Microsoft Entra ID (formerly Azure Active Directory) to unify identity management and enable seamless conditional access and role-based security.
• Implementing centralized device management. Kalles Group configured Microsoft Intune to enforce device compliance, roll out security policies, and restrict unapproved applications.
• Ensuring advanced threat protection. The team enabled Microsoft Defender for Office 365 to enhance anti-phishing, anti-malware, and safe link protections for emails and collaboration tools.

Phase 3: Evaluating the use of Google Workspace with respect to security

The use of Google Workspace raised additional concerns about inconsistent security standards and the absence of centralized visibility into activities occurring on Google-owned systems. The team took the following measures.

• Assessing the security posture. Kalles Group identified gaps in foundational security configurations, such as the absence of enforced MFA for Google accounts and inconsistencies in sharing permissions.
• Identifying cross-environment integration risks. Kalles Group documented potential risks associated with maintaining two separate collaboration ecosystems (Microsoft vs. Google), including difficulties in consolidating audit logs and controlling data flow between systems.
• Making risk mitigation recommendations. The consultants suggested foundational security improvements for Google Workspace, including enforcing MFA, restricting external file sharing, and integrating logging with a Security Information and Event Management (SIEM) system for unified monitoring.