What is cyber due diligence? It’s a phrase that is often associated with mergers and acquisitions (M&A), in particular when it comes to the risk assessment of an organization. Cyber due diligence is a necessary practice to determine the risk level of a company’s data security before an investment is made. It’s becoming just as critical of a step as analyzing the business and legal risks that may come from a merger or acquisition.
However, cyber due diligence extends to all other forms of business actions beyond M&A. Cyber due diligence can’t be defined by technology alone. It’s also defined by how an organization establishes cyber governance and controls across its people, processes, procedures, and information assets.
For legal professionals, practicing cyber due diligence is a necessity given the non-negotiable ethical standards they must meet relating to client representation. Their ethical duty has been clearly defined by the American Bar Association (ABA).
From a legal standpoint, law firms face stringent regulatory, contractual, and statutory data protection requirements. Personally identifiable information (PII) that is transmitted over the Internet typically demands encryption. Law firms that haven’t adjusted their cybersecurity posture to align with their digital information management strategy are placing themselves behind the eight ball for compliance. In turn, they are placing their clients in jeopardy of corporate or personal reputational harm.
As Jordan McQuown, Chief Information Officer at LogicForce Consulting explained, “The vulnerabilities that this [approach] creates for corporations are law firms being a weak link in data security posture. Security is only as strong as its weakest links, and with law firms maintain contracts, business agreements, PHI, PII, and other intellectual property they have the same data as their corporate clients.”
What steps can law firms take to improve their cybersecurity posture and practice cyber due diligence?
In our latest white paper, Cyber Due Diligence: Taking Steps to Reduce Your Risk Against Cyber Threats, we discuss how law firms can lessen the impact of malicious attacks by employing a comprehensive cybersecurity program that accounts for inventories, policies, technologies, and insurance.
Delta Risk VP Leads Incident Response Tabletop Exercise at LegalSEC 2016
Delta Risk LLC VP of Commercial Services Joseph Abrenio will lead a live incident response tabletop exercise and debrief discussion at the ILTA LegalSEC Summit 2016.
Follow us on Twitter @DeltaRisk for the latest updates on this presentation and additional highlights from the conference.