PGH Networks is a Pittsburgh-based managed services provider supporting small and mid-market organizations across the Pittsburgh metro, including Allegheny, Butler, Washington, and Westmoreland counties. This Pittsburgh law firm IT case study describes an anonymized engagement with a mid-sized litigation and transactional practice that needed to modernize its document management, tighten identity controls, and prove security maturity to insurance carriers and corporate clients — without disrupting billable work.
The firm — roughly 40 attorneys plus paralegals and administrative staff across two offices in the city and the South Hills — had grown faster than its IT had. Outlook was the de facto filing system, a single on-premises file server held two decades of matter files, and partners were fielding security questionnaires from banking and healthcare clients that the existing setup could not honestly answer. Cyber insurance renewal was 90 days out and the carrier had flagged missing MFA, no documented incident response plan, and no email phishing controls.
The challenge
The firm's leadership came to us with three concrete pressures. First, a managing partner had received a client security addendum requiring MFA on all remote access, encryption at rest, and a tested incident response plan — language increasingly common in engagement letters from regulated clients. Second, the cyber insurance application now required attestation to controls aligned with the ABA's Formal Opinion 483 on lawyers' obligations after a data breach, plus the reasonable-efforts standard in Model Rule 1.6(c). Third, a peer firm in Western Pennsylvania had taken a ransomware hit the prior quarter, and the partners wanted a tabletop exercise, not a sales pitch.
Underneath those pressures sat the usual technical debt: shared local admin passwords, a document management approach that was really just nested folders, inconsistent laptop encryption, and a backup that had never been test-restored. The firm also ran a mix of practice-management and document tools — matter management in one system, time and billing in another, and email-as-DMS for everything else — which meant conflicts checks and matter handoffs depended on tribal knowledge.
A law firm's security posture is now part of its client-facing work product, not a back-office concern.
How Pittsburgh law firm IT was solved
TL;DR: We sequenced the work so the controls the insurance carrier and client questionnaires asked about landed first, then migrated the document and email environment onto a defensible legal-software stack.
The first 30 days focused on identity and email. We rolled out conditional-access MFA across Microsoft 365 for every user, retired shared mailboxes used as ad-hoc filing, deployed advanced phishing and impersonation protection on inbound mail, and enforced BitLocker and mobile device management on every laptop and firm-issued phone. Local admin rights came off workstations. Privileged access for IT moved into a separate, monitored admin tier.
In parallel, we mapped the firm's matter lifecycle and selected a cloud document management platform appropriate for legal work — the practical choices in this market are iManage, NetDocuments, or a tightly governed SharePoint tenant, and we have migrated firms onto each depending on size, integrations, and budget. For this engagement, the firm chose a cloud DMS that integrated with its existing practice-management and time-and-billing tools (Clio-class workflow, with email filing directly from Outlook). We migrated roughly 1.6 TB of historical matter content with metadata preserved, ran ethical-wall configurations for the litigation group, and decommissioned the legacy file server.
Month two added the response side. We wrote an incident response plan that mapped to ABA Formal Opinion 483 notification duties and Pennsylvania's breach notification statute (73 P.S. § 2303), then ran a two-hour ransomware tabletop with the managing partner, COO, IT lead, and outside breach counsel. The exercise surfaced two gaps — no out-of-band communication channel if email was down, and no pre-negotiated forensics retainer — both of which we closed before the insurance renewal.
Backups moved to an immutable, offsite-replicated configuration with quarterly test restores documented for the carrier. Endpoint detection and response went on every workstation and server, with 24×7 monitoring through our SOC partner.
Outcomes
Within the first six months the firm saw measurable, defensible improvements. Unplanned downtime tied to IT issues dropped from an internal estimate of roughly 14 hours per month across the firm to under 2 hours. The cyber insurance renewal closed at a lower premium than the prior year despite a hardening market, because every control on the application was now attestable with evidence. The firm passed three client security questionnaires — including one from a publicly traded client — without exception findings.
Operationally, attorneys stopped emailing documents to themselves to find them later. Matter intake time dropped because conflicts checks and new-matter setup were now a single workflow inside the DMS. The litigation group could honestly tell opposing counsel that privileged material sat behind ethical walls and MFA, not in a shared folder.
The renewal underwriter's note on the file read "controls materially improved" — that single phrase is worth more than any marketing page.
Takeaway for other Pittsburgh-area firms
If your firm is anywhere between 10 and 150 timekeepers in the Pittsburgh region — downtown, the North Shore, Cranberry, Southpointe, Greensburg — the pattern in this Pittsburgh law firm IT case study is the one we see repeatedly. The triggers are almost always the same: a client security addendum, a cyber insurance renewal, a peer firm's incident, or a partner who has read enough about ABA Model Rule 1.1 Comment 8 to know "technological competence" is no longer aspirational.
The work is sequenceable. Identity, email, and endpoint controls come first because they answer the questions carriers and clients are actually asking. Document management modernization — onto iManage, NetDocuments, or a properly governed Microsoft 365 tenant — comes next, because that is where the firm's actual product lives. Incident response planning and a tabletop exercise close the loop, because the ABA's guidance is explicit that reasonable efforts include preparation for the breach you hope never happens.
If you are a Pittsburgh-area firm working through any of those triggers, that is the conversation we are set up to have.