Holidays may be a popular time for bad cyber actors looking to capitalize on empty offices and vulnerable infrastructures, but while a law firm’s breach response team may see a little extra traffic, the IT department seems unlikely to break a sweat.

The good news is that aside from the way that software updates or new system rollouts are scheduled, the holidays don’t seem to present any significant new curveballs to law firm cybersecurity personnel. However, that level of confidence doesn’t come without strings: Many law offices have learned to operate under the assumption that an attack can happen at any time, 365 days a year.