December 21, 2017

Last Updated on January 17, 2024

The Importance of Cybersecurity for Legal Entities

The American Bar Association (ABA) clearly appreciates cybersecurity as a major concern for law firms and legal entities, and views issues around third-party risk management (TPRM) as particularly crucial for its constituents  
An organization’s security is only as strong as its weakest link, and the increasing reliance on third-party vendors for everything from cloud services to cleaning the office increases information security risk and complicates its management. Indeed, research increasingly points to third-party culpability in the majority of data breaches 

Vendor Management Best Practices, Simplified

To help reduce the likelihood and mitigate the potential impact of cyber attacks through a third-party component of your security perimeter, the ABA’s Legal Task Force has released its Vendor Contracting Project: Cybersecurity Checklist 
This checklist provides guidance for legal entities looking to manage cybersecurity risk in relation to third-party vendors, from the vendor selection process to contract relationships to vendor management. It addresses key issues, including:  

  • How to conduct a risk assessment of a prospective vendor to identify and evaluate relevant security threats 
  • How to review vendor InfoSec practices 
  • How to embody vendor security best practices within the contracting process
  • Critical elements for TPRM and other InfoSec programs 

This Checklist does a solid job of discussing cybersecurity concerns in terms lawyers can relate to. A further benefit of the Checklist is it aligns with industry best-practice guidance; e.g., ISO 27001, SOC 2 and NIST/FISMA.  
In the summary that accompanies the Checklist, the Task Force states: 
The objective of this Checklist is to assist procuring organizations, vendors, and their respective counsel to address information security requirements in their transactions.  The Checklist frames the issues parties should consider consistent with common principles for managing cybersecurity risk. The Checklist contemplates transactions from due diligence and vendor selection through contracting and vendor management.  It suggests that cybersecurity provisions are not “one-size-fits-all,” but should instead be informed by parties’ assessment of risk and strategies to mitigate risk. 
The ABA Cybersecurity Legal Task Force recognizes that cybersecurity is a dynamic subject, and we expect practitioners will modify and supplement the Checklist to reflect the particular regulatory requirements and business needs of their clients.  
The ABA encourages legal professionals to share the Checklist with their respective entities.  

Learn More about Information Security and TPRM

The implications of third-party risk for your firm, including cyber security requirements, could impact your vendor management practices. To learn more from an expert, contact Pivot Point Security. 
For more information: 


ISO 27001

ISO 27001 is manageable and not out of reach for anyone! It’s a process made up of things you already know – and things you may already be doing.
Get your ISO 27001 Roadmap – Downloaded over 4,000 times