It's what you don't know that you don't know that can get you. That's why a little knowledge about registration spam can go a long way, even if your firm's website does not have and has never had forums or members -- or so you think.
Starting about ten years ago or so, website developers began to realize that blogging software could function as a cheap, easy-to-manage content management system for business websites, including law firms. Fast forward to 2013, and probably the vast majority of law firms, medical practices, government websites, and non-profits are based on blogging software, even though such organizations typically do not offer forum membership on their websites.
However, it is important to know that off-the-shelf blogging software like Drupal, Expression Engine, Wordpress, and others have built-in, full-featured support for member registration and user forums. It is necessary to verify that those features are in fact turned all the way off, and stay off, or else you will start getting registration spam even if you don't have members or forums on your site.
What is registration spam? Those who manage websites with forums know it well, but others may not. The same folks who try to fill your email inbox with spam, are also into registration spam. Registration spam involves finding websites with unsecured membership registration features, where they, or their "bots", will create thousands of phoney member registrations in which the member profile will have the usual spam links to viagra, diet pills, and the like, and they will create backlinks between the various other unsecured forums that they have infested in an effort to elevate their clients' search engine rankings. However, those links will simultaneously drive your own website's Google ranking into the internet equivalent of the Marianas Trench, because when Google crawls your website it will see a spammers' link farm.
Apart from that, these aren't the kind of people you want hanging around your website, trying to break your passwords and thinking of ways to exploit it further.
To avoid this, the first thing is to set up a super strong password for your website. Next, learn how to verify for yourself that those unused member functions are completely disabled. Get your website guy or gal to show you. Also, you should inspect your website reports at least monthly, for unusual traffic to pages of your website relating to member registration, member login, member profiles, etc. If you don't have members you shouldn't have much web traffic of that sort. Finally, you should periodically google your own website's url, to make sure your url is not showing up in spam backlinks.