The first time I called a new firm’s IT consultant, I showed up with a printed spreadsheet of our software licenses — the one from two years ago that still listed Westlaw 2018 and a fax server we’d decommissioned. The consultant spent the first forty minutes just trying to understand what we actually had running. We wasted a billed hour on orientation that should have been five minutes of pre-work.
Nobody warns you that a poorly prepared IT consulting session is basically lighting money on fire while a very patient professional watches.
The Short Version: Before your legal IT consultant arrives, spend one to two weeks gathering a software and hardware inventory, documenting your current security setup, reviewing ABA Rule 1.1 obligations, and assembling a clear list of pain points. Walk in prepared and you’ll get a roadmap. Walk in empty-handed and you’ll get a discovery meeting — billed at consulting rates.
Key Takeaways:
- 100% of surveyed law firms have prioritized cybersecurity in digital plans, yet most arrive at IT sessions without documented breach response protocols
- ABA Rule 1.1 Comment 8 requires lawyers to stay current on technology — your consultant will ask about this
- A single secure communication channel, established before the session, prevents weeks of follow-up confusion
- Fragmented prep leads to fragmented recommendations; the checklist below fixes that
The Problem Isn’t the Consultant
Here’s what most people miss: legal IT consultants aren’t magicians. They work with what you give them. Show up with a clear picture of your environment and you get a tailored technology roadmap, a security risk report, actionable migration steps. Show up vague and you get vague back — plus an invoice for the discovery work you could have done yourself.
The legal sector has a well-documented technology adoption lag. Law firms are handling exponentially more electronically stored information (ESI), but the processes protecting that data often haven’t kept pace. Your consultant is going to surface that gap. The question is whether you want to spend session time finding the gap, or closing it.
Reality Check: Small firms without structured IT plans report a 20–30% increase in vulnerability exposure during compliance audits. That number doesn’t shrink by avoiding the conversation — it grows.
The Full Preparation Checklist
1–2 Weeks Before: Internal Audit
The goal here is to show up with a complete picture, not a perfect one.
- Inventory every piece of software — practice management (Clio, MyCase, Filevine), document management, billing, email, collaboration tools, client portals. Include version numbers if you can get them.
- Log your hardware — workstations, laptops, printers, servers, NAS drives, any BYOD policies.
- Document user count and access tiers — who has admin rights, who accesses what from outside the office, how remote access is configured.
- Map your current security stack — email filters, web filters, endpoint protection, MFA status, VPN setup. Don’t know what you have? That’s valuable information too — write it down as a gap.
- Note your current cybersecurity tools and their last update date — outdated endpoint protection is often worse than none because it creates false confidence.
This is your baseline. It’s not about impressing anyone. It’s about not wasting the first forty minutes like I did.
1 Week Before: Compliance and Security Prep
- Review ABA Rule 1.1 — Competence under Comment 8 means demonstrating you understand the benefits and risks of legal technology. Your consultant will assume you’ve thought about this. Have talking points ready.
- Pull your ESI handling protocols — or document that you don’t have them. Either answer moves the session forward.
- Identify who’s on your breach response team — IT rep, legal counsel, data privacy lead, HR, PR. If you don’t have a named team, that’s the first agenda item.
- Note any recent incidents — phishing attempts, credential resets, suspicious login alerts. Even minor events are data points.
Pro Tip: If your firm has handled any HIPAA-adjacent work — personal injury, medical malpractice, healthcare clients — flag it explicitly. Legal IT consultants with healthcare exposure will immediately adjust their security recommendations.
3–5 Days Before: Session Logistics
The mechanics matter as much as the content.
- Draft an agenda and share it — goals, scope, timeline, milestones, decision points. Plain language. No jargon. This forces you to clarify what you actually want from the session.
- Establish a single secure communication channel — a client portal, encrypted email, or CMS-integrated messaging. Not Slack, not a forwarded Gmail chain, not text messages. Set response windows and notification preferences before the session, not after.
- Prepare your authorizations — engagement letters, fee terms, any e-signatures that need to happen. Get these done in advance so the session is about IT, not paperwork.
- Gather credentials for key systems — not passwords, but admin contact info, vendor support numbers, license keys. You’d be surprised how often a session stalls because nobody knows who manages the firm’s Microsoft 365 tenant.
What to Bring to the Session Itself
| Item | Why It Matters |
|---|---|
| Software inventory (with versions) | Consultant needs to assess integration compatibility |
| Hardware list + age | Identifies refresh candidates and EOL risks |
| Current security stack documentation | Baseline for gap analysis |
| Named breach response team | Signals operational maturity; drives response planning |
| ESI handling protocol (or gap note) | ABA Rule 1.1 compliance starting point |
| Recent incident log | Context for threat prioritization |
| Signed engagement letter | Clears the administrative runway |
| Open questions list | Prevents scope creep; keeps the session on track |
Common Mistakes (and Why They’re Expensive)
Mistake 1: Showing up to discuss cybersecurity without a named team. The consultant will recommend you build one. You’ll spend session time on org design instead of technical architecture.
Mistake 2: Using multiple communication channels during the engagement. Email here, portal there, a Slack message at 11pm. Documents get lost, context evaporates, and your consultant spends unpaid time reconstructing threads. One channel, agreed in advance, eliminates this entirely.
Mistake 3: Treating the session as a vendor pitch. Legal IT consultants — especially MSPs with documented law firm clients — are evaluating your environment, not selling to you. The more honest your self-assessment, the more useful their output.
Mistake 4: Skipping the internal audit because it feels tedious. The audit surfaces the gaps. The session closes them. Skip the audit and you’ve paid for advice that doesn’t fit your actual environment.
Reality Check: AI-driven threats are the dominant 2024–2026 concern for legal sector IT. Every firm surveyed has made cybersecurity the top priority in its digital plans. The question your consultant will ask is: what have you actually done about it? Have an answer.
After the Session: Locking In the Work
A session without follow-through is just an expensive conversation.
- Calendar every milestone the consultant identifies — don’t let them live in meeting notes
- Book a follow-up at the end of the session — schedule it while you’re still in the room
- Verify recommendations against ABA resources before signing any MSP contract — the State Bar tech resources are free and often more current than vendor white papers
- Request a written summary within five business days — if the consultant doesn’t offer one, ask for it explicitly
Practical Bottom Line
A legal IT consulting session is an investment. The return on that investment scales directly with how well you prepared for it. One to two weeks of internal work — software inventory, security documentation, compliance review, team identification — transforms a billable discovery session into a billable strategy session.
The short checklist: inventory everything, name your breach team, review Rule 1.1, pick one communication channel, send an agenda, get signatures done in advance.
For a deeper look at what legal IT consultants actually do and how to evaluate them, start with The Complete Guide to Legal IT Consultants. If you’re specifically assessing managed service providers for your firm, the vendor evaluation framework there will save you several rounds of bad calls.
The technology gap in the legal sector is real. Your preparation for this session is one of the few parts of closing it that you control entirely.
Find A Legal IT Consultant Near You
Search curated legal IT consultant providers nationwide. Request quotes directly — it's free.
Search Providers →Popular cities:
Nick built this directory to help law firms find independent legal IT consultants without wading through resellers who mostly want to push a specific software platform — a conflict of interest he encountered firsthand when evaluating practice management systems for a small litigation firm.