.png?height=120&name=Lex_Mundi_Marque_White_RGB%20(003).png)
Things your firm should have
From State of Cybersecurity Report (2018) "a study of more than 600 in-house counsel published by the Association of Corporate Counsel (ACC) Foundation (for the Executive summary: https://www.acc.com/sites/default/files/resources/vl/public/Surveys/1482499_2.pdf
General
- Conducts a cybersecurity audit of the entire organization at least annually IT and/or legal
- Firm audits legal service providers
- Has a data incident response team
- Incident response plan was updated in past 12 months
- Has cybersecurity insurance
- Has mandatory training on cybersecurity for all employees
- Collaborates proactively with law enforcement or other governmental agencies to address cybersecurity risks
- New vendor contracts contain termination right in case of security issues
- Has rights to audit subvendors
- Requires third parties to notify of cybersecurity risk issues
- Retains a forensic company to assist should a breach occur
- Has data map
- Tracks mandatory training requirement and participation by all lawyers and allied professional staff
- Tests employees' knowledge of mandatory training
- Conducts mock security event
- Conducts tabletop exercises
Policies
- Password policy
- Social media policy
- Document retention policy
- Website privacy policy
- Internet privacy policy
- Identity and access management [bring-your-own-device] BYOD policy
- Encryption policy
Confidence
- You have high confidence third-party affiliates and vendors protect you from cybersecurity risks