Six Key Questions to Ask Outside Counsel About Their Cyber Security Posture
When you think of your outside counsel, you may think about their legal advisory and the value that brings to your firm, but what you may not be thinking about is the large amount of sensitive data these firms hold and how that makes them an attractive target to hackers and others. When assessing third-party vendors, many organizations exempt outside counsel from traditional due diligence processes. This practice should change, as outside counsel faces the same challenges as other third-party vendors. In fact, 72% of law firms have not conducted a full cyber security assessment, leaving themselves open to and unaware of significant risks.
Data breaches come with investigations, public relations inquiries and fines. Fortunately, there are ways to work with your outside counsel (and other vendors with access to sensitive data) to minimize the likelihood of such a nightmare scenario. Improving the cyber security posture of your outside counsel will require you to clearly communicate what you need them to do and why do you need them to do it. This conversation should be honest and founded in a clear understanding of the shared mission to jointly secure the sensitive data you are entrusting them with.