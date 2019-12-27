Getty

Zealous, assertive and dedicated: For some, the connotations associated with these words could be controversial. But when a lawsuit is served, we want counsel who will fight tooth and fin for us and our organizations — attorneys who are diligent and relentless in their representation. We want sharks.

Nowhere is this sharp attitude appreciated more than at the enterprise level. Corporate legal departments, more than any other business, bank on their outside counsel to not only protect them, but also to progress them: to be proactive, explore opportunities and help expand the business. All of this, of course, is with the ever-lingering expectations from firm management and clients to do more with less, including lower costs, faster responses and better service. Some firms that have been watching this looming tsunami approach have taken the initiative to try and improve business efficiency while reducing cost by embracing digital transformation.

And it should pay off, right? Instead of drowning, these newly emerging digital sharks are increasingly appreciated and retained by their clients for their promises of faster and more transparent service. It’s a promise and plan that, if implemented correctly, will strengthen their ability to strike with precision. However, unsurprisingly, more firms rush into the process and barrel into the water headfirst, thus ending up as digital prey instead. They find themselves in unfamiliar waters, vulnerable to cybercriminals and unable to evolve until it’s too late.

My company offers a platform that helps legal teams manage relationships with outside counsel and legal vendors. Through this experience, I’ve seen firsthand the importance of leaders taking the initiative to see if their outside counsel is putting their company at risk for a cybersecurity breach. The first step is understanding why law firms are at risk and how your counsel could turn into digital prey:

Who’s preying on law firms?

The legal industry is a prime target of cybercriminals because of the wealth of sensitive information it has access to, processes and transmits. Cybercriminals know this. They stand to win big if they land their hands on your attorney’s data. It’s a veritable gold mine.

But there are lots of industries that process or store sensitive information, so what makes legal so enticing? A law firm’s reputation lies in its ability to protect and preserve its clients and its business. To protect and maintain their reputation, I’ve observed that some law firms choose not to report cybersecurity breaches and instead pay off hackers, which means hackers have a higher chance of success (not to mention a reason to come back and strike again).

How can it be so easy to go from shark to prey?

The answer is simple: Cybercrime is everywhere. Let’s look at how prevalent it actually is. According to the American Bar Association’s 2019 “Legal Technology Survey Report,” 26% of respondents reported that their firms have experienced some sort of security breach — and that’s only those who know that they have. In the same vein, the American Bar Associate Journal recently released an investigation into more than 100 law firms that have reported data breaches. The investigation shows the incredible breadth of cybercrime and tactics.

Think of it this way: You’re as strong as your weakest link. If you don’t perform regular due diligence and information security compliance checks of your outside counsel and vendors, you’re at risk of being dragged down by the weakest link in their cyber defense.

How can you help your company avoid falling prey to cyberattacks?

Fortunately, there is a lot that general counsel and corporate legal operations professionals can do to protect their legal departments and ensure their outside counsel is not exposing them or their business. Let’s focus on two:

Simply put, doing your due diligence pays off. The Association for Corporate Counsel’s 2018 cybersecurity report highlights the paramount importance of companywide preparation and awareness to minimize risk. To build a fortuitous and dependable vendor risk management program, focus your team’s attention on asking thoughtful and pointed questions to collect and confirm relevant security controls.

Start by looking for implemented cybersecurity policies and procedures that aim at and outline how to prevent, detect, respond to, notify and recover from security incidents such as phishing, malware, human error, natural disasters and insider attacks. As a rule of thumb, ask what you need to confirm your outside counsel would treat your data as zealously as they will their firm’s reputation.

If your company manages many different outside counsel firms and other legal service vendors, streamlining your due diligence and monitoring processes is a big efficiency priority. To embody their value as digital sharks, remember that your outside counsel should be prioritizing your data and attacking all cybersecurity challenges with determination. Ensure they are keenly aware of risks and their client-reaching consequences. If you rely on outside counsel, you should proactively conduct cybersecurity assessments so you can do business with them with confidence that your data will not be breached.

