Digital reality has, at long last, prevailed over the traditional taciturn nature of law firms with regard to their safeguards for client and firm information. In the wake of several law firm breaches in the past year, there is growing pressure from banks and other financial services clients to shore up their information security. Law firms in collaboration with banks have announced plans to create a forum for the sharing of information about cyber threats and security measures.
The New York Times reported on February 24, 2015 (subscription required) that the new law firm group would affiliate with the Financial Services Information Sharing and Analysis Center, a forum in which banks and other financial services organizations share information about threats, cyber attacks, “online criminals and even nation states.”
The law firm group arose from discussions between some of the largest banks, including Bank of America and JPMorgan Chase and their law firms, in which the banks expressed concern about the state of information security at their law firms. “Over the past year, big banks have required more documentation from law firms about online security measures as a condition for retaining a firm,” the Times reported.
These concerns are not new. Kenneth N. Rashbaum wrote about cybersecurity challenges for law firms, including those servicing financial industry clients, in an article published in the New York Law Journal on December 10, 2014. In January, the New York State Division of Financial Services implemented a cyber component for annual bank examinations in 2015 that would include requests for information on the due diligence practices of banks with regard to the information security safeguards of their law firms.
The law firms will not directly exchange information among themselves but would, instead, send it anonymously to the forum. The firms, in turn, would have access to information safeguard and threat information from the financial services group. It is expected that many firms will join the new forum, some voluntarily and some at the insistence of their financial services clients.
If you would like further information about law firm cybersecurity requirements and safeguards, please contact Kenneth N. Rashbaum.