Cybersecurity for Professional Services

What this service does

Big Law, mid-market law, regional CPA firms, consulting firms. ABA Model Rule 1.6 confidentiality, AICPA TSC, e-discovery security, privilege protection, cyber insurance carrier coordination. 29% of law firms breached in 12 months. Only 40% carry cyber insurance. Mid-law spends $1,500-$3,000 per attorney per year on cybersecurity.

Senior practitioner on every engagement. Quinnlan Varcoe (Founder and CEO) oversees every engagement and reviews every case before findings leave the practice; Jose Santana, Lead Technical Consultant, oversees the practitioner team executing the technical work under her methodology. NDA-protected. No black-box delivery, no off-shoring, no junior staff bait-and-switch.

What we deliver

• ABA Cybersecurity + Model Rule 1.6. Privileged-client-data security program built to ABA Formal Opinion 477R + 483 + 498. Documented reasonable-efforts standard. Counsel-defensible in disciplinary proceedings.
• AICPA TSC + SOC 2 for CPA Firms. AICPA Trust Services Criteria scoping for accounting + advisory firms. SOC 2 Type 2 readiness + audit. Cross-walks to ISO 27001 for international clients.
• E-Discovery Security. ESI hold defensibility, e-discovery vendor risk, data-room access controls, attorney-work-product segregation. Encryption-at-rest with documented chain-of-custody.
• Privileged-Communication Hardening. Email + IM + collaboration tool hardening for attorney-client privilege. Outside-counsel access patterns. Inadvertent-disclosure prevention. ABA-compliant client portal patterns.
• Insider Risk + Lateral-Hire Risk. Pre-onboarding background + OSINT review for partners and senior associates. Departure-protection controls (data exfil, conflict checks). Lateral-firm bring-along risk.
• Insurance Carrier Coordination. Coalition, Beazley, Chubb, Resilience, Travelers carrier liaison. Sub-limit review (only 40% of law firms carry cyber insurance , most are under-covered). Renewal-grade evidence package.
• BEC + Wire-Fraud Defense. Trust-account + IOLTA + escrow protection. Vendor-impersonation detection. Codeword-callback policy for client wires. The #1 mid-law loss event.
• MDR + IR Retainer. 24/7 SOC monitoring tuned for professional-services attack patterns. Counsel-coordinated IR retainer ensures privilege protection from minute one. Pre-vetted breach counsel relationships.

How an engagement begins

1. Confidential consultation. NDA-protected. 30 to 60 minutes. Direct conversation with Quinn, not a sales rep.
2. Scoped engagement. Written proposal with defined deliverables and pricing. Hourly with milestone caps for open scopes; fixed fee where the work is well-defined.
3. Delivery and reporting. Court-admissible methodology where evidence matters. Written deliverables you can hand to counsel, the board, or your auditor.

Why this work runs through Witness

Witness is the parent brand for the practice. The same firm operates a B2B sister brand at varcoe.ai for buyers whose procurement workflow expects a B2B website and a B2B sales motion. Same legal entity (Blueberry Security Global, Inc., Delaware C-corp). Same Quinn. Same delivery team. The split is by audience, not by capability.