Monday, October 27, 2014

Big Banks Continuing Focus on Law Firm Information Security

A reader sent word of a story in today's Wall Street Journal: "Banks Demand That Law Firms Harden Cyberattack Defenses" --
  • "Big banks are demanding that their law firms do more to protect sensitive information to ensure that they don’t become back doors for hackers. Once given special status as trusted third parties, lawyers, particularly those who get access to sensitive bank information, now are more likely to get full background checks. The number of compliance checklists for law-firm technology systems and security procedures has ballooned. And law firms big and small increasingly are getting on-site audits to check who has access to documents and office servers."
  • "J.P. Morgan Chase & Co., Morgan Stanley , Bank of America Corp. and UBS AG subjected outside lawyers to greater scrutiny even before financial institutions were victims of cyberattacks this summer, people familiar with the matter said."
  • "The demands come as financial regulators are paying more attention to third-party vendors. Benjamin Lawsky , the superintendent of New York state’s Department of Financial Services, last week sent a letter to dozens of banks requesting information on security risks relating to law firms, accounting firms and other third parties."
  • "Big law firms with financial-institution clients were already subject to some security requirements, such as limiting access to certain documents or having policies in place to guard against cyberattacks... Clients often entrust them with everything from valuable trade secrets to market-moving details on mergers and acquisitions."
  • "'It’s a lot more than just checking a box,' said Lorey Hoffman, chief information officer at law firm Goodwin Procter LLP. 'I walk through our data centers into the [server] cage with examiners' sent by clients. The firm also enlists outside auditors to test its defenses and runs internal checks of system strengths and weaknesses."
  • "Such programs don’t come cheap. Banks generally foot the bill for their on-site audits of law firms. But the firms must invest in technology and software upgrades. Another cost: hiring staff to maintain systems and train lawyers and employees on minimizing risk."
  • "Hedge funds, private-equity funds, technology startups and manufacturers also are asking more questions about security, said Jim Darsigny, chief information officer at law firm Brown Rudnick LLP."

No comments:

Post a Comment