When it comes to cyber security threats, due diligence is a common exercise that clients use when it comes to selecting law firms. While there's no common framework upon which you can build your cyber security policies and practices, I do recommend that you use the six pillars that are laid out in the American Bar Association's cyber security handbook.

The first one is cyber security governance. When they're talking about governance, they're talking about you understanding your legal obligations. The second pillar is risk assessment. This means profiling the various assets you have. The third pillar focuses on protection of your network and data. You should start by inventorying that technical ecosystem you have, your servers, and your switches, and your access points. The fourth pillar is the detection of unauthorized activity and response. This is probably the hardest one of all. This can be achieved in many, many, ways. Ultimately, what were talking about here is detecting unauthorized activity. The faster you do that, the less the chances that is metastasized over time throughout your network and becomes one of those headline writing types of data breaches that nobody wants to read about in their morning paper.

When it comes to cyber security, everyone plays a role. That's why the fifth pillar focuses on user training. It's crucial that you run frequent security awareness training. The final pillar of the ABA cyber security handbook is number six, the risks associated with third-party vendors. You need to consider third party vendors as an extension of your network, an extension of the data that you manage, and you need to hold them to the same stringent security practices that you hold yourself to.

Again, you can find all of these tips in the American Bar Association's cyber security handbook. This book should be the foundation of all of your cyber security policies and practices in your law firm.

6 cybersecurity practices law firms should follow.

Due diligence is an exercise clients use to assess the cybersecurity practices of different law firms. To build your own cybersecurity policies and practices, we recommend following the six pillars laid out in the American Bar Association's Cybersecurity Handbook. 

These pillars include cybersecurity governance, risk assessments, network protection, detection of unauthorized activity, user training and risk associated with vendors and third-parties. The objective of these pillars is to help you understand your legal obligations, as well as to help you prepare for and respond to security threats in real time. 

Ultimately, the last thing you (and your clients) want is for your law firm to experience a data breach of any kind. For this reason, this handbook should be the foundation for all your law firm's cybersecurity policies and practices. 

In this video, Industry Security Strategist, Mark Sangster provides an overview of the six pillars in the ABA’s Cybersecurity Handbook.