American Bar Association’s Opinion on Cybersecurity

Business communication is mostly conducted electronically today; between emails, text messages and electronic documents, a business uses numerous outsources vendors, cloud services or tools to conduct their daily business. The multitude end points, services and vendors have created this complex web of communication leading to increased vulnerability to cybersecurity breaches.

Hackers are also becoming increasingly sophisticated with their attacks and typically find ways to emulate your information structure or breach through some weak link. We have recent examples of the DLA Piper hack and WannaCry attacks within the last couple of weeks alone. These attacks manipulated vulnerabilities in the information infrastructure of the companies and leverages that to steal valuable client and business information.

American Bar Association (ABA) has a Cybersecurity Legal Task Force, comprised of ABA members with expertise in cybersecurity as well as government, technical and private sector representation, regularly identifies and compiles resources within the ABA that pertain to cybersecurity, and focuses and coordinates the ABA’s legal and policy analyses and assessments of proposals relating to cybersecurity.

The ABA recently issued a major new ethical statement, Formal Opinion 477, which clarifies law firms’ cybersecurity obligations. The ABA’s lengthy Opinion has two especially significant aspects: i) using “reasonable measures” to assess and mitigate risks; and ii) making “reasonable efforts” to manage vendors. Paul Gupta, Partner at Reed Smith LLP, wrote a clarifying note, with help of Braintrace, on what the ABA Opinion asks of law firms. You can read it here.

In a previous effort, the ABA Cybersecurity Legal Task Force had also issued a “Vendor Contracting Project: Cybersecurity Checklist” to assist law firms with addressing security requirements in their vendor management. In a Soha Systems Survey on Third Party Risk Management, more than 60% of all breaches could be attributed to third-party vendors.

Braintrace can provide law firms with automated vendor management tools that reduce the amount of work necessary to monitor third-party vendors that are providing critical services for the firm for their information architecture. Vendor management tools or the complete process of risk assessment and management for vendors is also taken up by Braintrace in its Managed Services.

Braintrace has also developed custom products specifically for law firms to emulate law firm document storage and provide end point protection and continues to regularly invest in product research and development for tools and products being used by law firms. As an example, Braintrace has developed BreachZero for Relativity, a custom product that provides enhanced cybersecurity protection for kCura’s Relativity product widely used by law firms.

Contact us today to get more information about BreachZero.