The safekeeping of privileged client information is a must for law firms, especially those who have access to key corporate data. Firms have both ethical and legal obligations to protect privileged client data—if not they weaponize hackers with opportunities for blackmail, insider trading, and other nefarious deeds. And, as recent breaches have raised third-party due diligence to a top-of-mind consideration, corporate clients now hold law firms to ever-higher standards concerning their outside counsel’s security posture and ability to monitor, detect, and respond to threats.
Today, answering client security questionnaires has become a routine, but time-consuming task for law firm IT departments. Included in this new era of accountability, firms must abide by corporate clients’ regulatory obligations, which can include FINRA, HIPAA, PCI DSS, and more. And law firms often focus so intently on client defense that they overlook holes in their own cyber protection. There has to be a better way.