TLOMA Today

As the curtain closes on the 2025 TLOMA Conference in Niagara-on-the-Lake, I want to extend my heartfelt thanks to everyone who made this year’s event such a success.

To Karen Gerhardt and Courtenay Brodie, your leadership and dedication were instrumental in bringing our vision to life. To the entire Conference Committee, thank you for your tireless work behind the scenes. To the TLOMA Board, your support and guidance continue to elevate our organization. And to our Business Partners, thank you for your continued commitment to our community and for helping us create an engaging and valuable experience for all attendees. A very special thank you to Pace and Purves Redmond for their Elite Sponsorships!

Looking ahead, I’m thrilled to announce that the 2026 TLOMA Conference will be held in Hamilton, Ontario from September 22-24, 2026.

Hamilton’s proximity to Toronto opens up exciting new possibilities. For those who find it difficult to step away from the office for three full days, we’re planning flexible options—whether it’s attending just the Trade Show or joining us for a full day of education, we want to make it easier than ever to participate.

We’re looking forward to welcoming familiar faces and new attendees alike in Hamilton next year. Stay tuned for more details as planning gets underway!

Warm regards,
Michelle Bilboe Chair, 2025 TLOMA Conference
Operations, Rosen Sunshine LLP

If you run a law firm in Ontario or handle the bookkeeping for one, you should be aware of the transaction levy surcharge. These surcharges are a key part of the LSO’S By‑Law 6, which details the professional liability insurance requirements and associated fees for Ontario lawyers and law firms. Here is a breakdown of what they are, when they’re due, and how to be compliant with LAWPRO.

What Are Transaction Levy Surcharges?

Transaction levy surcharges are “pass-through” expenses. Similar to how HST is collected on behalf of the government, these surcharges are collected from clients on certain types of files and then remitted in full to LAWPRO.

They don’t generate revenue or profit for the firm, nor do they provide any direct benefit. Instead, they are a compliance requirement tied to Ontario’s professional liability insurance program.

Once collected, the total amount is reported and remitted to LAWPRO every quarter.

How Much Are Transaction Levy Surcharges?

In Ontario, lawyers must pay surcharges on certain files. At the time of this article the amounts were:

• Real Estate Transactions – $65 per deal
• Civil Litigation Matters – $100 per proceeding

While these surcharges function as part of the lawyer’s insurance obligations, they can be billed back to clients as a disbursement. Because they’re treated as disbursements, HST applies as follows:

• Real Estate Levy: $65 + $8.45 HST = $73.45
• Civil Litigation Levy: $100 + $13 HST = $113

Recording Levies in Legal Bookkeeping Software

A common mistake law firms make is mis-recording transaction levies in their bookkeeping software, especially when entries are left to staff without proper training. The process, however, is straightforward. Most legal practice management systems provide a dedicated module for levies. To avoid errors, always use the levy option in your practice management system rather than entering it as a general disbursement. This ensures the levy is recorded in the correct category and, because the module is designed for this purpose, it also simplifies filing with LAWPRO.

The following steps show how to post transaction levies in three different software platforms.

In CosmoLex, go to: Matters -> Actions ->Transaction Levy

In PCLaw, go to: Data Entry ->Transaction Levy…

     

In PageLightPrime, go to: Settings -> Practice Area

Who Has to File and Exemptions

Not all Ontario lawyers need to worry about transaction levy surcharges. These levies only apply to lawyers who handle real estate transactions or civil litigation matters. Suppose a lawyer doesn’t practice in either of these areas during a given year. In that case, they can avoid quarterly filings altogether by submitting an annual exemption form to LAWPRO by April 30 of the respective year.

The exemption exists to eliminate unnecessary filings for lawyers whose work never triggers the levy. Once submitted, it frees the firm from quarterly reporting for the rest of the year—saving time, effort, and ultimately money.

Filing Deadlines

Quarterly levy filing and payments are due by the last day of the month following the quarter-end.

• Q1 (Jan–Mar)    due    April 30
• Q2 (Apr–Jun)     due   July 31
• Q3 (Jul–Sep)     due   October 31
• Q4 (Oct–Dec)    due   January 31

All submissions, including exemptions, can be filed online at my.lawpro.ca.

Pro Tips for Legal Bookkeepers

If you’re the law firm’s bookkeeper, stay ahead:

• Be proactive – Don’t wait for the lawyer to ask. If quarter-end is near and levies haven’t been entered, give a gentle reminder to whoever is responsible for posting them.
• Use the software correctly – If available, always record levies through the dedicated module in your practice management system.

Closing

Transaction levy surcharges are a small but important part of Ontario law firm bookkeeping. Whether you’re a lawyer or a legal bookkeeper, keeping track of deadlines, exemptions, and proper recording is key to staying compliant.

Need Help?

LAWPRO provides direct support:

• Phone: 1-800-410-1013
• Email: service@lawpro.ca
• Guides & FAQs: How to file transaction levies or exemptions

In today’s rapidly evolving workplace, employment contracts that haven’t been reviewed in years are more than just outdated—they’re a liability. As employers navigate shifting legal standards and workplace norms, clauses that once seemed boilerplate may now expose employers to significant risk. In this post, we’ll explore why it’s crucial to revisit your employment agreements regularly, particularly in light of recent legal developments.  

Termination Clauses: A Growing Source of Litigation

Termination clauses have come under increasing judicial scrutiny. A wave of recent employment law decisions has rendered many previously common clauses unenforceable.

For example, last year in Dufault v. Ignace (Township), the Ontario Court of Appeal upheld a decision of the lower court which held that a termination provisions in an employment agreement was deemed unenforceable because, among other reasons, it permitted the employer to terminate the employee’s employment without cause in the employer’s “sole discretion” and “at any time”, which was found to violate the Employment Standards Act, 2000 (“ESA”).

More recently, in De Castro v. Arista Homes Limited, the Ontario Court of Appeal again upheld the lower court’s decision in finding that the “for cause” termination clause in an employment agreement violated the ESA. In this case, the court found that the wording in the agreement was ambiguous enough to render it unenforceable. In addition, the court notes the employer’s intention is irrelevant: it is not whether the employer intended for the contract to comply with the law; it is whether, in fact, the contract actually does comply with the law.

If a termination provision is found to be unenforceable, a court would find that a terminated employee is entitled to common law reasonable notice, which a number of cases have recently found can exceed 24 months in exceptional circumstances – drastically increasing an employer’s liability upon termination of an employee.

Remote Work Agreements: The Need for Clear Arrangements

The COVID-19 pandemic ushered in widespread remote work, and many of those arrangements are still evolving. However, employers that attempt to revert to pre-pandemic work models without a clear agreement and right to recall in place may find themselves facing claims of constructive dismissal.

Such was the case in the recent decision of Byrd v. Welcome Home Children’s Residence Inc. Here, the employee, Byrd, had no written employment agreement in place. In May of 2020, her employer allowed her to work remotely from Europe without a formal remote work agreement in place. Over a year later, her employer recalled her to in-person work. Byrd refused to return in person and claimed that she had been constructively dismissed, amongst other reasons. The Court held that Byrd was constructively dismissed and entitled to common law notice. The Court reasoned that remote work had become an accepted part of the employee’s job and the right to recall the employee back to in-person work was never established nor communicated. This meant that the employer’s requirement that she return to Canada amounted to a repudiation of the employment contract.

This case is a clear warning: changes in working arrangements must be clear, documented and formalized to protect both parties.

Bottom Line

Employment law is constantly evolving, and outdated agreements can expose employers to serious legal and financial risks. Recent decisions from Ontario courts underscore how easily a poorly drafted or antiquated employment contract can be deemed unenforceable.

To mitigate risk and protect your organization, review your employment contracts regularly: what was enforceable five years ago may not pass legal scrutiny today.

Updating your employment agreements isn’t just about compliance—it’s about proactively managing risk in a changing legal and workplace landscape. A small investment in review today could prevent significant liability tomorrow.

The partners at your Ontario law firm graduated summa cum laude. Many associates passed the bar on their first try. Your support staff handle complex cases every day. So why did someone just wire $50,000 to a fraudster pretending to be a client? Or click on a link that installed ransomware across your network?

The uncomfortable truth is that intelligence doesn't protect against cybercrime: in some cases, it can make you more vulnerable. Yet many Ontario law firms still approach security training as if knowledge alone will solve the problem.

It won't.

The Confidence Trap: How Intelligence Becomes a Liability

The overconfidence bias is particularly dangerous in legal environments. When someone has spent years successfully identifying weak arguments and spotting inconsistencies in contracts, they naturally assume they can detect fraudulent emails or suspicious phone calls. This confidence leads to faster decision-making with less scrutiny: exactly what attackers count on.

The availability heuristic also plays a role. When lawyers hear about cyberattacks, they typically think of obvious phishing emails with poor grammar and suspicious attachments. This makes them underestimate attacks that use perfect language, familiar branding, and contextually relevant information harvested from social media or previous data breaches.

Stress: The Silent Security Killer

Looming deadlines, demanding clients, and high-stakes cases create an environment where speed often trumps caution. This chronic stress impacts not only decision-making but also security awareness.

In practical terms, this means a stressed associate receiving an urgent email about a deadline is far more likely to click suspicious links or download questionable attachments. The psychological pressure to respond immediately overwhelms normal security instincts. The mental bandwidth required for good security hygiene simply isn't available during high-stress periods.

The Competitive Environment Factor

The "hero complex," where professionals pride themselves on solving difficult problems independently, is a common issue at many law offices. When faced with a suspicious email or unusual system behaviour, this mindset encourages individual troubleshooting rather than seeking help from IT support. The result? Compromised systems that could have been contained with a simple phone call.

Case Study: The Perfect Storm

To illustrate how cyber attacks begin and eventually escalate, let’s look at a hypothetical scenario, in which a mid-sized Toronto firm falls victim to an attack that exploits several vulnerabilities simultaneously.

The incident begins on a Friday afternoon during a major trial preparation, when stress levels are exceptionally high. The attacker, who had researched the firm extensively, sends a carefully crafted email to a junior associate, one that appears to come from a senior partner in court that day.

The email references a real case and requests urgent wire instructions for a settlement that needed to be completed before the weekend. The language, tone, and legal references are perfect - because the attacker had harvested them from the firm's own marketing materials and previous court documents.

The associate, under extreme time pressure and reluctant to interrupt the senior partner during trial, processes the wire transfer. The authority bias discourages questioning, the time pressure eliminates careful verification, and the presentation overcomes natural suspicion.

The result? The firm loses $85,000 and faces additional costs for forensic investigation, client notification, and reputation management. More importantly, they learn that their security training focusing on "obviously suspicious" emails was inadequate against more sophisticated attacks.

Building Psychological Defences

For cyber security in law firms to be effective, you need to address the human element. Start by acknowledging that intelligence and training alone aren't sufficient: you need systems that work even when people are stressed, rushed, or overconfident. Recommended steps include:

• Implement verification protocols that feel natural rather than burdensome. For example, require verbal confirmation for any wire transfer over $10,000, regardless of the source. Make this a standard business process so compliance doesn't feel like questioning someone's judgement.
• Create psychological safety around security reporting. Staff should feel comfortable asking "stupid" questions or reporting potential incidents without fear of criticism. Consider implementing anonymous reporting systems and regularly celebrating people who identify potential threats.
• Design security measures that account for cognitive load. Multi-factor authentication should be simple and fast. Password managers should integrate seamlessly with daily workflows. Security prompts should appear at moments when users have mental bandwidth to process them properly.

Regular stress testing through simulated phishing exercises is valuable, but make sure they're educational rather than punitive. Focus on understanding why people clicked rather than simply identifying who failed. Use results to refine training and adjust security controls.

Training That Actually Works

Traditional cyber security training often fails because it doesn't address the psychological realities of legal practice. Instead of generic presentations about password security, focus on scenario-based training that reflects actual situations at the office.

Here are some tips:

• Role-play exercises work particularly well. Practice scenarios where "senior partners" make urgent requests, "clients" demand immediate action, or "court clerks" request sensitive information. Let staff experience the psychological pressure in a safe environment.
• Microlearning approaches are more effective than lengthy training sessions. Brief, weekly security tips that address specific situations, like verifying client instructions during deal closings, are more likely to be retained and applied.
• Consider bringing in reformed social engineers or ethical hackers to demonstrate real attack techniques. When everyone sees how advanced modern attacks have become, they're more likely to appreciate the need for verification procedures and security controls.

The Path Forward

Protecting your law firm from cyber threats requires more than technology alone: you need to address the human factor. By acknowledging cognitive biases, addressing stress-related vulnerabilities, and building security measures that work with human nature rather than against it, you can create stronger protection for your firm and clients.

Cyber security isn't about making people paranoid: it's about making good security practices feel natural and sustainable. Start with small changes, measure their impact, and gradually build a security-conscious environment that doesn't sacrifice the edge that drives your success.

Artificial intelligence is impacting how lawyers market themselves and grow their practice. However, it’s wise to first consider if and how AI tactics can fulfill business development strategies that convert to achieving a measurable growth objective.

 The hype around artificial intelligence is stimulating a fear factor bordering almost on hysteria for many lawyers and their law firms who are fixating on it more than any other concern in the modern global legal services market. While fear can be understandable, mostly because for many the benefits of AI remain somewhat murky, we need to grasp the reality that AI is a tool that, right now, is within our control.

Many law firms and lawyers have been employing AI to execute rote, task-based legal work that traditionally has fallen within a practitioner’s working domain. While off-loading rote work and tasks to artificial intelligence tools opens capacity to higher level work that is more meaningful and valuable to both the client and legal practitioner, AI does not replace valuable human traits – the three E’s: expertise, experience, and empathy – that help earn a professional, legal or otherwise, a reputation as a trusted advisor.

This is why before using AI as a tactical tool, we’re smart to consider the strategy-to-objective components that enable measurable business growth.

The AI Fear Factor

Anyone who has worked extensively with lawyers knows that to get their attention, all you have to do is scare them with risk. This is because risk is more than a four-letter word; it’s a perceived threat and a major component of the fear frenzy around AI.

But here’s the thing: AI is a tool best employed as and when needed to execute a tactic.

A tactic is an action that when executed within a specific time frame supports a strategy. A strategy is one of a series of interlocking decisions that support a measurable objective. Think Objective-Strategies-Tactics tiered as a pyramid.*

Most lawyers I know tend to be tactic or task oriented, ticking off to-do items with a goal of getting things done. While this is all well and good, being task-oriented – and often control-oriented – can lead to treating AI as though it’s an assistant or tackling it like an opponent. It’s neither. It’s a tool. It doesn’t care what you think or how you feel. It can help get things done and best of all, if or until AI takes on a life of its own as Dr. Geoffrey Hinton, a Professor Emeritus of computer science at the University of Toronto warned in his acceptance speech for the 2024 Nobel Prize in Physics, you can tell it what to do.

Tooling Around

Once upon a time, tools of legal and many other businesses, included telephones, dictaphones, and typewriters. Then along came photocopiers, which manifested in a cottage industry of eye-wateringly priced, so called business-related disbursements that in my opinion qualified as extortion. The advent of the fax machine that enabled speed, trimmed some but not all of the fat from those juicy disbursements.

Fast-forward to our digital world where we can work wirelessly from anywhere using a computer that often fits in our pocket. While this can be beneficial to both a practitioner and client, oftentimes digital assets designed to enable convenience and delegation can result in hit-and-miss consequences.

The Hit and Miss of AI

Take, for example, AI-enabled chatbots used for client intake. Chatbots can triage prospective clients, collect preliminary information, and route inquiries to appropriate legal talent. Chatbots are allegedly designed to do two things: 1. Improve a client’s experience; and 2. Accelerate a law firm’s response time while weeding out timewasters and tire-kickers.

But let’s call a spade a shovel: A chatbot is a lawyer-oriented tactic because it’s geared to support the strategy of handling only those matters that sit dead-centre within one’s professional wheelhouse with work supplied by targeted clients qualified to pay for it, and cull everything and everyone else. Doing so supports a growth objective of increasing revenue and annual profit by fill-in-the-blank per cent.

There is absolutely nothing wrong with this as a tactic supporting a strategy that converts to an objective for a lawyer or law firm. In fact, I endorse it.

However, using a chatbot as a business development tactic can backfire and even cause reputational damage because it provides precious little benefit to a prospective client since, due to its artificiality, a chatbot is cold, imperfect, not nuanced, often frustrating, and makes a potential client do all the work from the outset.

Silence of the Chatbot

This was the finding of a few testers who I asked to try out chatbots on websites of a handful of law firms some time ago. They filled in forms, hit send, received confirmation that their query was accepted, and then were met with silence. The upshot was that these testers who were prospective clients with work relevant to these firms were disappointed, made disparaging remarks about them solely on the basis on the non-response, and took their business elsewhere.

While this may have been the best solution for these prospective clients, it may not have been the best outcome for the firms. But we’ll never know because they didn’t respond or take the time to learn more about the nuances of these clients’ needs.

This is an instance where silence isn’t always golden and AI-delegation can cause extrapolated and even compounded loss, including: 1. Loss of potential business that may or may not be within your wheelhouse, and 2. Losing an opportunity to be a valuable connector who introduces a client in the time-proven pay-it-forward tactic of a referral that supports a rising-tide-lifts-all-boats strategy that tends to convert to the objective of business growth, which due to reciprocity usually includes one’s own.

Legal Service Remains a People Business

I expect this issue is symptomatic of my observation that “growth mindset” is evoking a narrow scope pertaining to growth of an individual or firm rather than growth for the greater legal community and good.

This behaviour may be due to fearfulness referred to earlier, which can morph into a notion that AI will replace lawyers – it will replace some, for sure – and cause an acceleration of production speed that will undermine the billable hour – fingers crossed. Still, I don’t think efficiency pertaining to AI and its adoption should be an all-encompassing fret factor as long as legal service remains a people business.

Yes, AI can help lawyers to be perceived as knowledge experts by generating marketing content for blog posts, newsletters, and social media platforms. However, AI has its own voice, and its voice is not yours.

This is why it’s best to use AI to research and support your ideas and write in your own words to retain and project your own voice, thoughts, tone, and personality.

The Personal Touch

Marketing is about continuing to build profile within your chosen market. Business development is about nurturing relationships with people in your chosen market whether or not they have work for you, support your endeavours, or applaud your contributions.

Both marketing and business development enable market positioning that provides a foundation for growth within your chosen field by honouring relationships that are crucial elements of your community, both professional and personal.

And all of it hinges on human values of thoughtful listening, insightful questioning, understanding, and empathy.

While AI may have computational “thinking type” functions, it comes by its name honestly. It has an ever-increasing degree of intelligence as a result of learning by human input, but it remains artificial and has yet to have a heart.

Until it does, the curses and blessings of our humanity and enormous range of distinctive and individualized personality traits that span from curiosity and compassion to humour and perspective, and intuition and imagination remain our superpowers.

* My Objective-Strategies-Tactics Pyramid is a no-fail business, markets, and management tool that I have used in many circumstances and industries over the last 30 years because it works every time. I will be writing about it shortly.

Meta Description:
Discover why Business Email Compromise (BEC) has become the most dangerous cyber threat in 2025. Learn how it works, who it targets, and what your business can do to stay protected.

Introduction

In 2025, one of the most financially devastating cyber threats isn’t ransomware — it’s Business Email Compromise (BEC).

While ransomware may still dominate headlines, BEC is quietly draining billions from businesses worldwide through sophisticated social engineering and email-based deception. Unlike attacks that rely on malware or encryption, BEC preys on human trust — impersonating executives, hijacking vendor threads, and slipping into financial workflows undetected.

Cybercriminals are going straight for the inbox, bypassing technical defenses and exploiting gaps in awareness and process.

So what exactly is BEC — and why has it become one of the most dangerous and costly cyber threats today?

What Is Business Email Compromise (BEC)?

Business Email Compromise is a type of cyberattack where threat actors impersonate a trusted person or entity via email to manipulate victims into transferring money or sensitive data.

BEC isn’t just spam — it’s highly targeted social engineering. And it works because it looks like business as usual.

Types of BEC attacks include:

• CEO fraud: Impersonating an executive requesting urgent wire transfers.
• Vendor email compromise: Hijacking a vendor's inbox to send altered invoices.
• Payroll redirection scams: Posing as employees requesting changes to bank deposit info.
• Attorney impersonation: Sending fake legal or settlement demands.

Why BEC Is One of the Top Threats in 2025

• It’s low-tech, high-reward.
  BEC attacks require no malware, so they often bypass traditional antivirus and firewall systems.
• It’s skyrocketing in cost.
  According to the 2024 FBI IC3 Report, BEC losses exceeded $2.9 billion, surpassing ransomware, phishing, and crypto scams combined. Early 2025 figures suggest this trend is accelerating.
• It’s evolving fast.
  Modern BEC uses AI to clone writing styles, spoof email threads, and even generate fake voice messages.
• It’s targeting your finance team and executives.
  Unlike bulk phishing, BEC goes after the people who move money — CFOs, accounting, HR, and executive assistants.

1. Reconnaissance: Attackers study your company’s structure, vendor relationships, and email habits via social media, past breaches, and open-source intelligence.

2. Spoofing or Compromise: They create lookalike domains or hijack a real email account via credential theft or session hijacking.

3.Execution: A perfectly timed, urgent-sounding email is sent to a target — often right before a weekend, holiday, or executive travel.

4. Exfiltration: Funds are wired to a fraudulent account, usually overseas. By the time it's discovered, it’s too late. 

The Real Cost of BEC

The average cost of a BEC attack in 2025 is $50,000, contributing to an estimated $6.3 billion in global losses, according to the 2024 Verizon DBIR. Unlike ransomware — where data can often be restored from backups — BEC attacks involve real-time financial fraud. Once funds are transferred, recovery is complex and time-sensitive.

While some organizations have been able to recover stolen funds through rapid banking intervention or with the help of cyber insurance, success is never guaranteed — and in many cases, the money is permanently lost.

Why Cyber Insurance May Not Cover BEC Losses

Many businesses assume cyber insurance will cover all types of digital threats. But when it comes to Business Email Compromise, the reality is more complicated.

In recent years, cyber insurance claims related to BEC have faced increased scrutiny and, in some cases, denial, particularly when policies exclude social engineering or require strict internal controls. BEC remains one of the more complex scenarios for insurers to evaluate.

• The fraud is classified as a voluntary transfer of funds rather than a technical breach
• The company fails to follow the required verification procedures
• There’s a lack of documentation showing that protocols (like dual approval or callback verification) were followed

Several high-profile lawsuits have emerged in the past year where insurers refused to pay out on BEC claims, citing exclusions or procedural gaps.

What Can You Do?

1. Review your cyber policy — Understand what is and isn't covered regarding BEC and social engineering fraud.
2. Check for social engineering endorsements — Many policies require add-ons to cover BEC and invoice fraud specifically.
3. Document your controls — Insurers often require proof that best practices (dual authorization, training, verification steps) were followed.
4. Train your finance and HR teams — These are the most common points of failure — and scrutiny — in BEC-related claims.

BEC and the Role of Awareness Culture

Technology alone won’t stop BEC. Attackers exploit human behaviour, not just systems.

That’s why cyber awareness training — especially for finance, HR, and executives — is more critical than ever. When employees pause, report, and verify instead of reacting, the BEC chain is broken.

BEC success depends on silence. Reporting suspicious emails loudly and early gives your team the power to stop it in its tracks.

Final Thoughts

1. Business Email Compromise may not make flashy headlines, but it’s draining businesses of billions, one email at a time. It’s silent, it’s personal, and it’s on the rise.

2. The good news? With the right mix of awareness, controls, and communication, BEC can be stopped before the damage is done.

3. Don’t wait for the fake invoice to hit your inbox.

4. Build a response. Build awareness. Build resilience.

BEC in 2025: What Your Business Needs to Know | Q&A

Q&A with Cybersecurity Experts

Q1: Why are so many businesses suddenly worried about BEC?

A: Because it's no longer a fringe scam — it’s mainstream, and it’s working. The most successful attacks don’t rely on technical trickery but on human psychology, timing, and just enough research to seem legitimate. If you're not already thinking about BEC, you're behind the curve.

Q2: Isn’t this just another phishing attempt?

A: Not even close. Traditional phishing casts a wide net. BEC is surgical — it knows who cuts the checks, who approves them, and when they're out of office. It's more impersonation than intrusion.

Q3: Our finance team is trained… isn't that enough?

A: Training helps, but BEC threats evolve faster than most internal programs can keep up. Real protection comes from combining behavioural analytics, email security layers, and real-time verification protocols — all tailored to your business.

Q4: What's the most common mistake businesses make when it comes to BEC?

A: Assuming someone else will catch it. Most victims had some controls in place — they just weren’t followed, or they weren’t enough. BEC slips through the cracks between departments. It thrives on assumptions.

Q5: Can’t we just rely on cyber insurance?

A: If only it were that simple. More than half of BEC-related claims are now disputed or denied. Why? Because insurers are tightening definitions, requiring proof of protocols, or citing exclusions you may not even know exist. If you're not sure your policy covers BEC, you should be talking to someone who is.

Q6: So what should a business do next?

A: The best next step isn’t more software — it’s a conversation. A short call with our team can:

• Identify the most significant BEC risks in your current workflows
• Show you how leading companies structure controls that actually get followed
• Clarify what’s really covered under your cyber insurance

Let's Make This Simple

You don’t need a 40-page security audit to stay ahead of BEC — you need the proper guidance, the right protections, and a team that’s already done this across industries.

➡️ Schedule a call to explore how our managed services can help you stop BEC before it starts. 

When a prospective client looks for legal representation today, they’re almost certainly not flipping through a phone book. Instead, they’re searching online. In fact, 74% of clients visit a law firm’s website before ever reaching out. That makes your digital presence, not your handshake, your office, or even your reputation in the community, the true “first impression” that determines whether someone chooses to contact you.

The challenge for firms is twofold: first, to ensure their websites convey trust, authority, and credibility; and second, to make sure people can actually find those websites in the first place. This is where search engine optimization (SEO) and digital advertising come in.

Together, they form the backbone of a modern law firm’s growth strategy.

Why SEO Matters for Law Firms

For most people, Google is the starting point when they need a lawyer but prospective clients rarely scroll past the first page of results. If your firm isn’t ranking highly, you’re effectively invisible to the majority of people searching for legal help.

A strong SEO strategy solves this. By investing in website optimization, content creation, and authority-building, firms can steadily climb the rankings and stay there. Unlike paid ads, which disappear as soon as you stop spending, SEO delivers long-term, compounding results.

Importantly, SEO also ensures the time your lawyers spend creating content, whether writing blogs, FAQs, or thought-leadership articles, actually pays off. Without SEO, even the best content risks going unseen. With it, your lawyers’ expertise becomes a magnet for relevant, high-value leads.

Digital Ads vs. SEO: Playing the Short Game and the Long Game

Think of SEO as a long game. It takes time to build, but once in place, it provides sustainable visibility and authority. Digital advertising, on the other hand, is the short game, immediate visibility at the top of Google search results or across social platforms.

But there’s a catch: legal keywords are among the most expensive in digital advertising. Paying for “personal injury lawyer” or “family lawyer near me” can quickly add up. Ads are best reserved for highly competitive practice areas or urgent campaigns where speed matters more than sustainability.

However, the smartest approach isn’t one or the other, it’s both. SEO provides staying power, while ads give you quick wins. A balanced strategy ensures your firm is seen both today and tomorrow.

SEO Best Practices for Law Firms

• Optimize your website: Make sure it’s secure, mobile-friendly, fast, and easy to navigate. Use clear Calls to Action (CTAs).
• Local SEO: Claim and update your Google Business Profile; encourage client reviews to boost trust.
• Content strategy: Create blogs, FAQs, and practice area pages that directly answer client questions.
• Attorney profiles: Optimize lawyer bios - these pages are often the most-visited and most-trusted on your site.
• Backlinks & PR: Build authority by being featured in reputable publications, local directories, and legal associations.

Digital Ads Best Practices for Law Firms

• Target intent: Focus on high-value, high-intent search keywords. Use both short-tail keywords (“personal injury lawyer”) and long-tail phrases (“best personal injury lawyer in Toronto for car accidents”).
• Use landing pages: Send ad traffic to tailored pages per service, not your homepage.
• Track results: Measure outcomes that matter: calls, form fills, consultations booked.
• Budget wisely: Balance ad spend with long-term SEO investment, since legal keywords are costly.

Getting Buy-In at Your Firm

One of the biggest hurdles in digital marketing for law firms isn’t technical, it’s cultural. Partners often want to see results fast, without wading through jargon. Here’s how to make the case:

• Report outcomes, not metrics: Focus on leads, consultations, and cases opened rather than impressions or clicks.
• Show ROI clearly: Compare ad spend to client revenue. When the numbers line up, the value becomes obvious.
• Highlight the competition: Tools like Google’s Auction Insights reveal exactly which competitors’ ads are appearing more often than yours. Nothing motivates others like falling behind.
• Keep it simple: A clear monthly ranking table or lead report often tells the story better than a dashboard full of charts.
  
  

The bottom line is that a strong digital presence is no longer optional for law firms, it’s fundamental for growth. SEO builds authority, trust, and long-term visibility. Digital ads capture immediate demand and drive fast results. Together, they make sure your firm is found when it matters most: at the moment a prospective client is searching for help.

Don’t wait until your competitors outrank you.

Start building your digital presence today. Download our SEO Starter Kit for Law Firms and take the first step toward being the firm clients choose first.

We are experiencing an AI tsunami. Not a day goes by without AI inundating us through our devices, advertising, social media, and our workplace. For law firms, the pressure to adopt AI tools is mounting, with legal industry voices warning of massive change and disruption.

In fear of being left behind, there is pressure to just dive in. Partners may be pushing for quick adoption, staff may be experimenting with AI on their own, and the sheer volume of options can leave office managers feeling like they’re hanging on to a useless floatie to survive a catastrophic wave.

There is no doubt that AI is a productivity superpower. The benefits it promises are real and should not be ignored. But how can you ride the wave and not feel like you’re just being tossed about? The key lies in a systematic approach to integrating AI into your firm’s workflow. Three essential steps are 1) upskilling every team member, 2) selecting appropriate AI tools, and 3) integrating these tools wisely.

Upskill Without The Overwhelm

AI isn’t just for ‘tech savvy’ team members. One of AI’s greatest strengths is making complex tasks accessible through simple prompts.

“The fact that AI is going to eat up specific legal tasks does not necessarily mean that it's going to eat up any legal jobs if people are adequately upskilled”. (With GenAI, legal industry on brink of ‘massive change and disruption,’ says Al Hounsell | Canadian Lawyer). For office managers, this means learning how to delegate the right tasks to AI while empowering your team to focus on what humans do best: judgment, empathy, and strategic thinking.

This is particularly true regarding more experienced team members. While younger staff may be adopting AI tools with ease, more experienced team members might quietly worry about losing relevance. But here’s the truth: AI only amplifies what’s already there. Your seasoned staff bring invaluable experience, context, and wisdom. When they are empowered to use AI to tap into these vital skills, their value is supercharged. And remind your team: AI is the co-pilot, not the captain. Your expertise still leads the way. And your more senior staff have the bulk of the expertise.

Investing time in guided learning sessions and hands-on coaching can build confidence across your team. Create peer user groups where staff can share how they are using AI in their workflow. Make sure that no one gets left behind. In collaborative settings, pair digital natives with staff who are less familiar with AI. A patient, open and practical approach will lead to an AI empowered culture.

Choose The Right Tools

With so many AI-powered tools flooding the market, it’s tempting to grab whatever promises the biggest productivity boost. But more isn’t always better. “While legal tech companies are pushing tools into the market, lawyers are still in the dark about how to use generative AI, let alone the best ways.” (National - Generative AI in law: The good, the bad and the ugly).

The key is not more AI, but the right AI. Law offices need to select tools that align with their firm’s workflows, values, and goals.

The power of AI is that it accelerates and enhances current productivity. If current efforts are effective, the AI result can be exponential productivity. In contrast, if a tool is enhancing something that is flawed or unnecessary, AI simply amplifies something that doesn’t work. AI is not a magic wand. It’s a powerful accelerator—but only when paired with a solid foundation.

First, assess your workflow carefully and make necessary adjustments to streamline processes. Then, allow your workflow and current platforms to inform your choice. Identify time-consuming tasks that can be automated. This will highlight a specific productivity opportunity and clarify the type of tool required to achieve it.

Still, the choices can be overwhelming. This is where you can consult an IT partner that you trust for advice. It is best if this partner is not a vendor “selling AI”. Instead, a guide who understands both your unique law office and the complexities of AI products is in the best position to assist. They can help you navigate the pros and cons of different tools and avoid common traps or overspending - empowering you to choose the right AI for your firm.  

 Integrate Wisely

Adopting AI in the workplace can be challenging because it causes immediate disruption before delivering long term benefits. Productivity may dip before it accelerates. That’s normal. What matters is managing the team’s expectations, empowering them through education and ensuring proper policies are in place before launching new tools.

Start small. It’s better to use 100% of one great tool than to juggle ten tools you barely understand. Build a sustainable integration pathway that the entire team can grow into. Taking the time to allow every staff member to adopt the new tool will create a culture of AI integrated workflow.

Thoughtful, gradual integration of AI tools facilitates proper risk management. Canadian courts, while expressing a positive outlook towards AI in the legal industry, caution that “vigilance and education will remain key” (Generative AI in the Courts: The Canadian Response Thus Far - Toronto Lawyers Association News). A robust AI policy is important.

 Beyond policy, proper data management is vital for every law office adopting AI. “AI needs to be paired with existing data best practices” and law firms should “conduct regular due diligence on vendors” (Canadian Lawyer - April 2025). It is essential that your IT partner audits your data to ensure proper labelling and prevent oversharing. This requires ongoing diligence.

Surfing the AI wave

Standing on the shore of powerful change can be unnerving. Leading your team through this change requires courage. Still, you can have confidence to, not just ride the wave, but unlock your law firm’s true potential. The key lies in empowering team members through skill acquisition, selecting appropriate AI tools and thoughtful AI integration.