IT Insights for Professional Services Firms
Practical advice on cybersecurity, technology planning, and IT best practices for Des Moines professional services firms.
AI Is Changing What CPAs Do. Is Your Tech Stack Ready for What's Left?
The Journal of Accountancy identified five competencies CPAs need as AI handles more routine work. Every one of them depends on technology your firm may not have configured correctly.
3 min readClickFix Went from Bad to Worse. Ransomware Gangs Are Using It Now.
Two months ago we wrote about ClickFix as the top initial access technique. Since then, ransomware groups adopted it, attackers compromised Harvard and Oxford's websites to deliver it, and Apple had to patch macOS to defend against it.
4 min readEveryone's Selling Legal AI. Nobody's Helping You Choose.
Four attorneys just got removed from a case over AI-generated citations. Meanwhile, Anthropic, OpenAI, Microsoft, and Clio are all racing to become your firm's AI platform. Here's how to think about the choice.
3 min readMicrosoft's New Copilot-Bundled Licenses Are Here. What to Know Before You Buy.
Microsoft's new bundled Copilot SKUs make the licensing decision easier. The deployment decision is harder. Here's what to configure before you flip the switch.
4 min readAttackers Hijacked Instagram Accounts by Tricking Meta's AI Support Bot
Attackers used AI-generated videos to fool Meta's automated support into handing over accounts. What happens when AI support becomes the attack surface, and what it means for your firm's account recovery planning.
4 min readShadow AI Got an Upgrade: OAuth Tokens and the Apps You Didn't Approve
Shadow AI isn't just employees using ChatGPT anymore. The real risk is third-party apps with persistent OAuth access to your firm's email, files, and calendar data.
5 min readSession Tokens Are the New Passwords (And MFA Won't Save You)
Attackers have shifted from stealing passwords to stealing session tokens. Here's why MFA alone isn't enough to protect your firm's Microsoft 365 environment in 2026.
4 min readThe IRS Requires a Cybersecurity Plan. Most Tax Preparers Don't Have One.
Every tax preparer is required to maintain a Written Information Security Plan. The FTC Safeguards Rule adds another layer. Here's what's actually required and why it matters now.
4 min readAnthropic Just Connected Claude to Your Entire Legal Tech Stack
Anthropic released 20+ integrations linking Claude directly to iManage, NetDocuments, Relativity, and more. Here's what that means for firms trying to manage AI governance.
4 min readMicrosoft Exchange Has a Zero-Day With No Patch. Here's What That Means.
A high-severity Exchange Server vulnerability is being actively exploited and Microsoft has no fix yet. If you're still running on-premises Exchange, here's what you need to know right now.
3 min readGoogle Just Confirmed the First AI-Generated Zero-Day Exploit. Here's What That Means.
Google's threat intelligence team says a hacker used AI to discover and weaponize a zero-day vulnerability in a web admin tool. This is the first confirmed case, and it changes the math on how fast you need to patch.
3 min readCalifornia Just Proposed Making AI Verification a Competence Requirement. Other States Will Follow.
California's State Bar wants to add language to Rule 1.1 requiring lawyers to independently verify AI output. Here's what the proposal says and why Iowa attorneys should pay attention now.
3 min readTwo Cybersecurity Experts Were Just Sentenced for Ransomware Attacks. Here's Why Vetting Your IT Provider Matters.
Two former incident response professionals were sentenced for running ransomware attacks against U.S. companies. The case is a reminder that trust in IT partnerships should be earned, not assumed.
3 min readAttackers Are Using AI Now Too. Here's What That Looks Like.
New phishing kits are integrating AI assistants to help criminals draft convincing emails and run entire campaigns from a single dashboard. Here's what changed and what it means for your firm.
4 min readSullivan & Cromwell Had an AI Policy. It Didn't Matter.
An Am Law 10 firm with mandatory AI training and a 'trust nothing, verify everything' office manual just admitted to filing AI-hallucinated citations. Here's what that means for your firm.
4 min readMicrosoft Copilot Just Got a Major Upgrade in Word, Excel, and PowerPoint
Copilot now takes action inside your documents instead of offering suggestions from a sidebar. Here's what changed last week and what it means for your business.
3 min readWhat Your Engagement Letter Should Say About AI (and What It Shouldn't)
Courts are stripping privilege from AI-assisted legal work. Major firms are rewriting engagement letters in response. Here's what belongs in yours and what creates more liability than it prevents.
5 min readThe FBI Says This Hacking Group Is Targeting Law Firms. Here's How the Attack Works.
The Silent Ransom Group is targeting U.S. law firms with callback phishing attacks that bypass email filters entirely. The FBI issued a warning. Here's what small firms need to know.
5 min readMicrosoft 365 Prices Go Up in July: Are You Using What You Already Pay For?
Microsoft 365 prices go up in July 2026. Before you absorb the increase, find out which security and compliance features your company is already paying for but not using.
7 min readWhat Your Cyber Insurance Carrier Expects from Your IT (and What Happens If You Can't Prove It)
Cyber insurance applications for law firms now require proof of MFA, EDR, tested backups, and more. If you can't prove your controls are in place, your claim can be denied.
6 min readMost Cyberattacks Start with a Login, Not an Exploit
Most cyberattacks in 2025-2026 used stolen credentials, not software exploits. Learn what credential-based attacks mean for Iowa law firms and how to defend against them.
5 min readWhen Your Meeting AI Becomes a Witness: AI Notetakers and Attorney-Client Privilege
AI meeting notetakers can put attorney-client privilege at risk. Learn how law firms should evaluate AI transcription tools and protect confidential communications.
6 min readA New Phishing Attack Targets Your Microsoft 365 Login (and MFA Won't Stop It)
A new phishing attack called device code phishing bypasses MFA to hijack Microsoft 365 accounts. Iowa law firms need to understand why MFA alone isn't enough.
5 min readWhat to look for when choosing an MSP for your law firm
Choosing an MSP for your law firm? Here's what to look for, from legal workflow expertise to pricing transparency and after-hours support.
6 min readIs your firm's data ready for Microsoft Copilot?
Before deploying Microsoft Copilot, your law firm needs to fix permissions, clean up SharePoint, and classify sensitive data. Here's what that looks like.
5 min readAI acceptable use policies: why every law firm needs one now
Law firms need AI acceptable use policies to protect client data and meet ethical obligations. Learn what to include and why it matters.
6 min read5 cybersecurity threats Iowa law firms are facing right now
Law firms are prime targets for BEC scams, ransomware, and credential theft. Here are 5 real threats and what your firm can do about each one.
5 min readWhat Iowa Law Firms Need to Know About AI in 2026
Iowa law firms face new AI obligations in 2026. Learn what the ISBA AI Training Series, ABA Opinion 512, and emerging tools mean for your practice.
5 min readWelcome to the Artech Solutions Blog
We're launching a new blog to share IT insights for Des Moines law firms and professional services firms.
1 min read