Monday, June 10, 2013

Law Firm Information Security -- Bank of America is Serious, Scrutinizing (and Auditing)

Corporate Counsel shines a spotlight on information security, sharing highlights from its recent General Counsel Conference: "Outside Law Firm Cybersecurity Under Scrutiny" --
  • "Bank of America Merrill Lynch is auditing the cybersecurity policies at its outside law firms, partly under pressure from government regulators to do so, according to the bank’s assistant general counsel Richard Borden."
  • Borden says that law firms are "considered one of the biggest vectors that the hackers, or others, are going to go at to try to get to our information."
  • "Regulators at the Office of the Comptroller of the Currency, which oversees BofA and other financial services companies, 'have focused on law firms,' Borden said. "They are coming down on us about security at law firms. So we have no choice but to check the information security and to audit—to actually audit—the information security of our law firms that have confidential information. We spend a lot of money and use a lot of law firms, so this is casting a very wide net.'"
  • "It’s been really interesting dealing with the law firms, because they’re not ready,' said Borden, who is the bank’s in-house cybersecurity lawyer and is assisting the group that’s reviewing BofA’s outside counsel. 'Some of them are, I should say, but there are many that aren’t. And it actually does pose a threat.'"
  • "And the bank isn’t simply relying on the law firms’ own audits of their information security practices. 'We’re really looking at their whole structure and focus on information security, and we test it. We send in people to test it,' Borden said."

No comments:

Post a Comment