Lessons Learned: Phishing & Ransomware at a California Law Firm