CT Guard phishing protection helped a mid-sized Portuguese law firm reduce phishing incidents by 94% in just 90 days.
The Client
Our client is a mid-sized law firm based in Lisbon, Portugal, specialising in corporate law, mergers and acquisitions, and financial litigation. With 45 employees — including 18 lawyers, 12 paralegals and 15 administrative staff — the firm handles sensitive financial and legal data for major Portuguese and international corporations.
For confidentiality reasons, the firm’s name has been anonymised in this case study.
The Challenge
In early 2024, the firm’s IT manager contacted CT App Center after a near-miss phishing incident that came dangerously close to compromising a major client’s confidential merger documents.
A senior paralegal had received a convincing email appearing to come from a trusted financial institution. The email directed her to a login page that replicated the institution’s real website almost perfectly. She entered her credentials before realising something was wrong.
Fortunately, the firm’s IT manager detected unusual login activity within hours and revoked the compromised credentials before any data was accessed. But the incident exposed a critical vulnerability.
The firm faced three specific challenges:
No real-time link protection. Employees regularly clicked links in emails and documents without any automated verification. The firm relied entirely on employee vigilance — which, as the incident demonstrated, was not sufficient.
High-value target profile. Law firms are extremely attractive targets for cybercriminals. They hold confidential client data, financial information and privileged legal communications. A successful breach could expose client data, violate legal professional privilege and trigger significant GDPR fines.
Limited IT resources. The firm had a single IT manager responsible for all technology operations. Implementing and managing a complex enterprise security solution was not feasible.
The Solution
CT Guard Phishing Protection: How It Works
After evaluating several security solutions, the firm chose CT Guard from CT App Center for three reasons: ease of deployment, minimal maintenance requirements and cost-effectiveness compared to enterprise alternatives.
CT Guard was deployed across all 45 employee devices in a single afternoon. No complex configuration was required — employees simply logged in with their CT App Center credentials and CT Guard began monitoring immediately.
CT Guard phishing protection provided three layers of protection:
Real-time URL scanning. Every link clicked by any employee — in emails, documents, browsers or messaging apps — was automatically scanned against CT App Center’s threat intelligence engine before loading. Malicious URLs were blocked instantly, with the employee shown a clear warning explaining why the page was blocked.
Phishing page detection. CT Guard’s machine learning engine identifies phishing pages even when the domain has not yet been blacklisted — catching zero-day phishing campaigns that traditional security tools miss.
Threat reporting. Every blocked threat was logged and reported to the IT manager via CT Alert, providing full visibility into the threat landscape facing the firm without requiring manual monitoring.
The Results
CT Guard phishing protection dashboard
After 90 days of CT Guard deployment, the results were measurable and significant:
| Metric | Before CT Guard | After CT Guard | Change |
|---|---|---|---|
| Phishing incidents/month | 17 | 1 | -94% |
| Malicious URLs blocked | 0 | 312 | — |
| Time to detect threats | Hours | Seconds | -99% |
| IT security overhead | 8h/week | 1h/week | -87% |
| Employee security complaints | Frequent | Rare | -91% |
The 312 malicious URLs blocked in 90 days represented a threat landscape that had always existed — but had previously been entirely invisible to the firm.
Key Findings
Zero-day phishing was the primary threat. Of the 312 malicious URLs blocked, 67% were newly registered domains that had not yet appeared on any blacklist. Traditional antivirus and email filtering tools would have allowed these links through. CT Guard’s behavioural analysis and real-time scanning detected them anyway.
Administrative staff were the primary target. Contrary to the firm’s assumption that lawyers would be the primary targets, 71% of phishing attempts were directed at administrative and paralegal staff — who typically have broader access to shared systems and less security awareness training.
Phishing attempts peaked on Monday mornings. Analysis of the blocked threats revealed that 38% of phishing attempts occurred between 08:00 and 10:00 on Monday mornings — when employees are catching up on weekend emails and less likely to scrutinise each message carefully.
Client Feedback
CT Guard phishing protection
The firm’s IT manager summarised the experience:
“Before CT Guard, I was spending 8 hours a week investigating suspicious links and responding to employee security queries. Now that work is done automatically. I get a daily report, I review it in 10 minutes and I move on. The peace of mind alone is worth the subscription cost.”
The firm has since upgraded to the CT App Center Business plan to access API integration with their document management system and multi-user administration features.
Lessons for Professional Services Firms
This case study highlights several important lessons for law firms and other professional services organisations handling sensitive client data:
Employee vigilance alone is not a security strategy. Even experienced professionals make mistakes under time pressure. Automated protection that operates transparently in the background removes the human element from the most common attack vector.
Administrative staff need as much protection as senior staff. Security awareness training often focuses on senior employees. This case study demonstrates that administrative staff are frequently the primary target.
Visibility is as important as protection. Before CT Guard, the firm had no visibility into the phishing attempts targeting their employees. The threat data collected in the first 90 days enabled the firm to make informed decisions about security training priorities and infrastructure improvements.
Cost is not a barrier to enterprise-grade security. CT Guard is included in all CT App Center plans, starting at €0/month for the Free plan. The firm’s Business plan subscription costs less per month than a single hour of legal fees — a straightforward ROI calculation for any professional services firm.
According to ENISA’s Threat Landscape report, phishing remains the most prevalent cyber threat across all sectors in Europe, with professional services firms among the most targeted.
Start Protecting Your Firm Today
CT Guard phishing protection
CT Guard is available on all CT App Center plans. Create your free account and deploy CT Guard across your organisation in minutes — no technical expertise required.
Already using CT App Center? Upgrade to Business for unlimited users, API access and a dedicated account manager.