Law firms face cybersecurity audits by banking clients; are they a 'weak link'?
Banks are increasingly scrutinizing their law firms’ cybersecurity efforts, including the law firms’ protection of confidential information released to vendors such as word-processing firms and print shops.
The law firms are increasingly facing on-site technology audits by banks, even as the banks themselves face cybersecurity pressures from regulators, the Wall Street Journal (sub. req.) reports. Just last week, New York’s Department of Financial Services sent letters to dozens of banks asking about protections for information sent to third-party vendors such as law firms and accounting firms, according to a separate story by the Wall Street Journal (sub. req.).
“Law firms increasingly are seen as potential weak links,” the Wall Street Journal says. “Clients often entrust them with everything from valuable trade secrets to market-moving details on mergers and acquisitions.”
The story cites information from an American Bar Association technology survey that found 14 percent of the respondents had experienced some type of security breach or theft this year. But only 1 percent said the breach resulted in unauthorized access to sensitive client data.
The Wall Street Journal spoke with Goodwin Procter’s chief information officer, Lorey Hoffman, who works with examiners sent by clients who want to know about data protection. The firm also hires its own auditors to check its cybersecurity. “It’s a lot more than just checking a box,” Hoffman said of the firm’s response to client security questions.
