Business disruption plans weren't made for a pandemic. And neither were law firms' cybersecurity. The transition to a remote workforce last year left many firm scrambling to address their heightened cyber risks and plug vulnerabilities in their IT systems.

Almost two years later, however, it's clear that firms have made great progress closing the gap. They've gotten their employees set up with secure devices, implemented VPNs, and expanded the frequency and scope of cybersecurity training, among other measures, all while tailoring those fixes to a more remote workforce.

But for all their success in meeting the challenge, a few worrisome oversights still remain. And it's possible that some firms don't even know they exist in the first place.