In a recent article in the ABA Journal, noted cybersecurity expert and RiskRecon Advisor, Yong-Gon Chon, shared his thoughts on what law firms can do to bolster their cybersecurity. In particular, Chon suggests learning from other industries. For example, law firms can look to financial institutions, which have long struggled with protecting data as required under the Gramm-Leach-Bliley Act, he said. Data protection is key.

This is particularly important for law firms, which can be viewed as the ultimate third-party target. All you need to do is look at the Panama Papers data breach to recognize that compromising one target can lead to compromising thousands of other companies, VIPs, clients, and their associates.

Problematically, data breaches jeopardize attorney-client privilege much like data breaches in health care compromise patient-provider confidentiality required by HIPAA. So what can you do?
Law firms, just like every other organization that relies on third parties, should look to mitigate third-party cyber risk with automated solutions that prioritize risk, not just by severity of issue, but also by the value of the asset in which those issues reside. After all, a brochureware site is simply not as important as a server harboring all of your precious client data, right? That's why it's important to prioritize risk according to both issue severity and asset value.
RiskRecon provides the world’s easiest and fastest path to understanding and solving third-party cyber risk, and is the only continuous monitoring solution that delivers risk-prioritized action plans enabling precise, efficient elimination of customers’ most critical third-party security gaps. Want to learn more? Register for a demo today!