Clearly, there’s a good reason that Chief Legal Officers (CLO) rank cybersecurity and data privacy among the top three issues most important to their business. Extending those security concerns to third and fourth parties is more important than ever as outsourcing volume continues to grow. Forty-one percent of CLOs surveyed in the ACC Chief Legal Officers survey anticipate sending more work to law firms this year, and 24 percent expect to increase the amount of work outsourced to other legal service providers.
The good news is that there are highly effective ways to mitigate this risk for companies willing to make doing so a priority.
#1. Develop a set of cybersecurity and data privacy best practices for your CLO to share with all outside counsel.
The 2021 ABA Cybersecurity Tech Report found that clients are focusing more on the cybersecurity programs and policies of the law firms representing them and are more frequently using security requirements documents, questionnaires, and guidelines to enforce standards. However, security preparedness may still fall short, considering that barely one-quarter of law firms reported they had undergone a full security assessment by an independent third party.
In addition to assessing security preparedness, other best practices for law firms include implementing technology- and data-related security policies, training employees on security awareness, and developing an incident response plan. Law firms should also deploy a broad spectrum of security tools, including multi-factor authentication, encryption, firewalls, and intrusion detection and prevention systems.
#2. Set requirements.
A good start would be for legal organizations to begin using a modified version of the contract that requires outside counsel to engage only those vendors that meet enterprise security standards. Entrusting vetting to the outside counsel provides law firms greater flexibility but also forces your company to relinquish some control over security protocols.
#3. Conduct a thorough risk analysis of all vendors (both third and fourth party).
Partnering with a vulnerable legal services provider can quickly compromise a law firm’s carefully executed cybersecurity strategy, putting sensitive client data at risk. If not using a pre-approved provider, outside counsel should conduct their own risk analysis.
Key questions to ask as part of this process include:
Goodbye hidden risk, hello peace of mind
With cyberthreats growing more pervasive, ignoring weak links can imperil even the most robust defenses. Act now to close the gaps in your cybersecurity strategy. Your reputation, customer loyalty and bottom line could depend on it.
Content published on the U.S. Legal Support blog is reviewed by professionals in the legal and litigation support services field to help ensure accurate information.