Mimecast
Mimecast provides cloud-based email management including security, archiving, and continuity. It's an enterprise solution that ensures email availability even when primary email sy…
What is Mimecast?
Mimecast provides cloud-based email management including security, archiving, and continuity. It's an enterprise solution that ensures email availability even when primary email systems experience outages.
Common Use Cases for Law Firms
- Protect firm email from advanced threats and targeted attacks
- Archive all email communications for regulatory compliance and litigation holds
- Ensure email continuity during Microsoft 365 or Google Workspace outages
- Enable secure large file sharing for legal documents and evidence
How We Detect It
Market Overview
Among personal injury law firms, Mimecast has been adopted by 1,026 firms (2.9% adoption rate) as a email security solution. Firms using Mimecast average a 44.8 Sophistication Index, +16.6 points above non-adopters — a meaningful signal of technology-forward operations. The heaviest adoption comes from the Minimalist Tech Users segment (2.2%), followed by Retention Innovators (10.0%). Firms running Mimecast most commonly pair it with Google Analytics (59.7%) and WordPress (58.9%).
Get connected
Request an introduction from Top Dog Law — we'll make the connection on your behalf.
Adoption by State
ME
—
VT
—
NH
—
WA
—
MT
—
ND
—
MN
—
WI
—
MI
—
NY
—
MA
—
RI
—
OR
—
ID
—
WY
—
SD
—
IA
—
IL
—
IN
—
OH
—
PA
—
NJ
—
CT
—
CA
—
NV
—
CO
—
NE
—
MO
—
KY
—
WV
—
VA
—
MD
—
DE
—
DC
—
AZ
—
UT
—
KS
—
AR
—
TN
—
NC
—
SC
—
NM
—
OK
—
LA
—
MS
—
AL
—
GA
—
AK
—
HI
—
TX
—
FL
—
0
—
Adoption by Segment
which segments use Mimecast most
Commonly Paired With
co-occurrence
Mimecast Best Practices
1
Configure Mimecast's Targeted Threat Protection for URL protection AND attachment sandboxing — not just one or the other. Most firms that deploy Mimecast turn on basic inbound spam filtering and call it done. That misses Mimecast's two most valuable features. URL Protect rewrites every link in incoming email and checks it in real time when clicked — catching phishing links that were clean at delivery but turned malicious hours later. Attachment Protect sandboxes suspicious files before delivery, converting unknown executables to safe PDFs. PI firms receive medical records, police reports, and insurance documents from unknown senders constantly; every one of those attachments is a potential ransomware vector. Enable both.
2
Set up Mimecast's email continuity before you need it, not after your Microsoft 365 tenant goes down. Mimecast runs a parallel email spool that activates automatically when your primary email service is unavailable. During a Microsoft 365 outage — which happen several times per year — attorneys can continue sending and receiving email through Mimecast's web interface without interruption. The catch: continuity only works if it's been configured and tested in advance. Schedule a 30-minute continuity test twice a year: disable your primary MX record, verify that mail routes through Mimecast, and confirm your team can access the backup portal. An untested continuity system is not a continuity system.
3
Archive every inbound and outbound email from day one — this is your litigation hold infrastructure. Mimecast's email archive captures a tamper-proof copy of all messages, independent of your mail server. When opposing counsel issues a litigation hold or your firm faces a bar complaint, you can produce a complete, searchable email record in hours instead of days. More importantly, the archive prevents accidental deletion — staff can't purge emails that might later be relevant to a matter. Configure retention policies at deployment and set a minimum retention period that matches your state bar's file retention requirements (typically 5-7 years for closed matters).
4
Use Mimecast's impersonation protection to guard against business email compromise targeting your trust account. Business email compromise (BEC) is the fastest-growing financial fraud affecting law firms — attackers impersonate managing partners or bookkeepers to redirect wire transfers or change payment instructions. Mimecast's Impersonation Protect checks inbound email for display name spoofing, domain look-alikes (like m1mecast.com instead of mimecast.com), and new domain senders. Configure it to flag any email claiming to be from a senior attorney but sent from an external domain. For PI firms handling large settlements, a single BEC attack can cost more than Mimecast's annual subscription many times over.
5
Review Mimecast's Threat Intelligence dashboard monthly and share findings with whoever manages your IT security. Mimecast's dashboard shows you which threats were blocked, which sender domains are actively targeting your firm, and whether any internal accounts have been compromised and are sending spam. Most law firms never open this dashboard — they pay for Mimecast and assume it's working. Monthly review catches two important things: (1) an internal account behaving abnormally, which could indicate credential compromise, and (2) a spike in targeted attacks against your firm or domain, which signals someone is running a campaign against you specifically.
Alternatives to Mimecast
1
Proofpoint Essentials — Proofpoint's SMB-tier product targets the same market as Mimecast but is generally considered stronger on advanced threat detection, particularly for targeted attacks and zero-day exploits. Proofpoint's research team (one of the most cited in the security industry) feeds its detection engine more current threat intelligence. The trade-off: Proofpoint Essentials lacks Mimecast's email continuity and archiving depth at comparable price points — you're buying better threat protection, not an all-in-one email continuity solution. For firms that already have separate archiving (like a legal hold platform), Proofpoint is worth evaluating.
2
Microsoft Defender for Office 365 Plan 2 (bundled with Microsoft 365 E3/E5) — If your firm already runs Microsoft 365, Defender for Office 365 Plan 2 is included in higher-tier Microsoft licenses and covers many of the same threat categories: Safe Links, Safe Attachments, anti-phishing policies, and threat investigation. For firms on Microsoft 365 Business Premium ($22/user/month), this coverage is already included — paying separately for Mimecast on top of it creates redundant spend. The limitation: Microsoft's own threat protection is inherently less independent than a third-party gateway. If Microsoft's infrastructure is the attack vector, Defender can't catch it.
3
Barracuda Email Security Gateway — Barracuda competes directly with Mimecast on feature set (filtering, archiving, continuity) with pricing that tends to run lower. Barracuda is particularly common among firms that already use Barracuda's network security or backup products — the bundled pricing creates real cost advantages. The trade-off: Barracuda's brand cachet in enterprise security circles is lower than Mimecast's, and its threat intelligence network is smaller. For mid-size PI firms buying email security for the first time, Barracuda's all-in-one value proposition deserves a quote.
4
Google Workspace with third-party spam filtering — Some firms skip dedicated email security gateways entirely, relying on Google Workspace's built-in spam and malware filtering. Google's detection is genuinely solid for commodity threats (bulk spam, known malware signatures). Where it falls short is targeted attacks — phishing emails crafted specifically for your firm, BEC attacks using executive name spoofing, and malicious attachments that haven't yet been flagged by Google's reputation databases. For high-volume PI firms where a single successful phishing attack could compromise client data or trust accounts, Google's built-in protection is insufficient.
Mimecast Power Moves
1
Set up Mimecast's Large File Send as a branded secure document portal for sharing medical records and evidence. Mimecast allows you to configure large file sending so that instead of emailing a 50MB medical record file directly (which fails most email size limits), your attorneys send a Mimecast-hosted download link that expires after a set period. Brand the portal with your firm's name and logo. Now every document exchange with clients, adjusters, and opposing counsel goes through an encrypted, tracked channel. You know when the file was downloaded, by whom, and whether the link expired unused — which is more than you know about any email attachment.
2
Use Mimecast's email awareness training content immediately after your first security incident — not before. Mimecast includes phishing simulation and security awareness training. The mistake most firms make is deploying training as a one-time compliance exercise when they sign up. The right move is to use your first real phishing attempt (which Mimecast's dashboard will surface) as a teaching moment: show staff the actual blocked phishing email, explain what made it suspicious, and run a simulated test of the same type. Real incidents followed by contextual training create lasting behavioral change. Generic training videos don't.
3
Configure Mimecast's 'Managed Sender' list with every insurance company, court, and medical provider your firm regularly receives mail from. Mimecast's spam scoring occasionally catches legitimate high-volume senders — insurance adjusters sending automated claim notifications, courts sending e-filing confirmations, medical record companies sending large attachments. Pre-approve these senders by adding them to your Managed Sender list before you deploy. An attorney missing a court filing deadline because a Mimecast false positive quarantined the notification is a malpractice vector. The 30-minute setup of your approved sender list prevents this entirely.
4
Export your Mimecast threat data quarterly and use it in any cyber insurance renewal conversation. Cyber insurance underwriters want evidence that you're actively managing email security. Mimecast's dashboard can export a summary of threats blocked, phishing attempts detected, and malware stopped over any time period. Bring this report to your insurance renewal — it demonstrates active threat management and can influence your premium and coverage terms. Firms that show documented security activity get treated differently than firms that say "we have email security" without evidence.
Is your firm using Mimecast?
Claim your firm profile to verify your tech stack and access premium competitive intelligence. Not listed yet? Apply to get added.
Top Firms Using Mimecast
by sophistication index
| # | Firm | Segment | Attorneys | SI Score | Grade |
|---|---|---|---|---|---|
| 1 |
|
Conversion-Focused Firms | 1 | 95.095 | A+ |
| 2 |
|
Conversion-Focused Firms | 31 | 94.895 | A+ |
| 3 |
|
Conversion-Focused Firms | 21 | 93.894 | A+ |
| 4 |
|
Conversion-Focused Firms | 23 | 93.093 | A+ |
| 5 |
|
Retention Innovators | 213 | 93.093 | A+ |
| 6 |
|
Retention Innovators | 11 | 93.093 | A+ |
| 7 |
|
Retention Innovators | 12 | 92.893 | A+ |
| 8 |
|
Retention Innovators | 1 | 92.893 | A+ |
| 9 |
|
Retention Innovators | 72 | 92.893 | A+ |
| 10 |
|
Retention Innovators | 27 | 92.092 | A+ |
| 11 |
|
Retention Innovators | 1 | 92.092 | A+ |
| 12 |
|
Retention Innovators | 1 | 91.892 | A+ |
| 13 |
|
Retention Innovators | 1 | 91.892 | A+ |
| 14 |
|
Retention Innovators | 6 | 91.892 | A+ |
| 15 |
|
Conversion-Focused Firms | 388 | 91.091 | A+ |
| 16 |
|
Retention Innovators | 9 | 91.091 | A+ |
| 17 |
|
Retention Innovators | 1 | 91.091 | A+ |
| 18 |
|
Conversion-Focused Firms | 139 | 91.091 | A+ |
| 19 |
|
Conversion-Focused Firms | 19 | 90.090 | A+ |
| 20 |
|
Retention Innovators | 1 | 90.090 | A+ |
