Do you maintain an audit trail for all the times that a document is accessed, transmitted, or modified?
Does your firm have up-to-date endpoint protection (antivirus, anti-malware) installed on every desktop and laptop?
Do members of your firm have access to documents via open share drives or shared folders?
Does your security team perform regular vulnerability assessments on your networks and systems?
Are you currently leveraging multi-factor authentication to gain access to critical firm systems?
If your firm is using cloud services, are you encrypting data in transit and at rest?