This blog post contains a summary of practical steps to make your law practice more secure. Most of these steps require technical knowledge to execute on but there should be enough information provided for you to have a conversation with your technical staff.
The best way to secure a firm against hackers stealing money is to use "air gaps". Read more in this blog post.
If you're a sole practitioner or small firm, consider using AES encryption for all of your legal files. My blog post will show you how to set that up on a Mac and where to find information for Windows/Linux.
For a bit of information about the "defence in depth" strategy and how it applies to ACH/trust accounts, read this post.
If you're a sole practitioner or small firm then you may be able to use Gmail to help prevent phishing attacks (and dramatically reduce spam). This blog post explains how.
If you're using an Android phone or iPhone then you should learn how to enable storage encryption to keep your client files safe.
Consider changing your website to be "static". This blog post explains why.
Further Reading
Sources used in Jan. 29th, 2014 presentation on Cybercrime and Law Firms: https://www.cameronhuff.com/blog/sources-for-cybercrime-presentation-law-firms/
A great (albeit somewhat technical) site for cybercrime information is KrebsOnSecurity.com
A good general audience cybercrime publication is Threat Level (WIRED Magazine)