THE OKLAHOMA BAR JOURNAL 58 | FEBRUARY 2026 clients that their information is handled with the utmost care. Training and refreshers. Training and refreshers keep everyone alert to evolving threats. Regular, ongoing education helps staff stay up to date on the latest phishing tactics and cybersecurity best practices. Interactive workshops, simulated phishing exercises and periodic reminders reinforce awareness and empower employees to respond appropriately when faced with suspicious messages. By prioritizing continuous training, the firm creates a culture of vigilance where everyone actively contributes to maintaining a secure environment. Incident response plans. Having incident response plans in place is essential for minimizing damage when a security event occurs. Even with robust policies and training, no system is foolproof. Having a clear, actionable plan ensures that the team knows exactly what to do if they suspect a breach, including whom to notify, how to contain the threat and the steps for recovery. Practicing these response protocols through regular drills helps the firm react swiftly and effectively, reducing downtime and protecting sensitive data. THE CONNECTION TO OKLAHOMA’S NEW SECURITY BREACH LAW The new Oklahoma Security Breach Notification Act gives us more to do when it comes to protecting personal information. Yes, it’s about notification and response, but the real message is this: Take reasonable steps to keep sensitive data safe. Stopping a breach before it happens is always easier and cheaper than dealing with the fallout. The scenario I laid out at the beginning of the article is a classic example of how client information, trust account data or confidential messages could all be exposed with one click. A FINAL THOUGHT Cybersecurity failures at law firms rarely kick off with dramatic, TV-style hacking scenes. Nine times out of 10, they start with a regular email on a regular morning. The real question isn’t if your firm will receive one of these messages; it’s whether your team’s habits, training and systems will catch it before it does any harm. If you missed my Courts & More tip about Oklahoma’s new Security Breach Notification Act, now’s a good time to check it out alongside your firm’s protocols. Together, they cover both sides of the story: what the law requires after a breach and what smart practices demand before one ever gets started. Ms. Bays is the OBA Management Assistance Program director. Need a quick answer to a tech problem or help solving a management dilemma? Contact her at 405-416-7031, 800-522-8060 or julieb@okbar.org. It’s a free member benefit. ENDNOTE 1. okcourtsandmore.org/jan-7-2026. Stopping a breach before it happens is always easier and cheaper than dealing with the fallout.
RkJQdWJsaXNoZXIy OTk3MQ==