Can law firms do more to protect themselves from cyber attack - or are they just sitting ducks?