Request Demo

ABA, CyberStrong, NIST Cybersecurity Framework

The ABA Handbook's One Important Takeaway: Your Law Firm Might Be Lagging On Cyber


Although an increasing number of businesses across the United States have taken up the project of adopting the NIST Cybersecurity Framework for their vendors and suppliers, the legal community is lagging on adopting this set of best practices. Under the Obama administration, and a 2014 executive order, the NIST Cybersecurity Framework or “The Framework” was developed with collaborative input across industries focusing on critical infrastructure security.

The ABA states that “The Framework is arguably one of the most significant documents released by NIST in the recent past, maybe ever. It already has had a definite impact on the private sector and the supply chain that currently services the nation’s critical infrastructure.”

Although the ABA is in full support, it seems that the legal sector is less than proactive about protecting its data. According to the ABA handbook released just last week, that “The value of efficient supply chains is well recognized in the business world, but law firms have been slow to recognize the trend and are catching up with their clients by viewing their work as a piece of the whole, and altering their legal service models to become value-added partners to their clients for whom supply chain management is a key profitability component.” The ABA’s “Cybersecurity Handbook: A Resource for Attorneys, Law Firms, and Business Professionals” is available online, and recommends the best practices for the legal sector related to cybersecurity.

Ultimately, the ABA handbooks notes, failure to recognize and act on these threats could threaten the viability of law firms themselves, in the case of data breach and a high probability that would result in lawsuits indicating negligence.

The law firm would experience “loss of client communication; loss of clients, revenue, and competitiveness; loss of data and unintentional disclosures; and claims for damages due to negligent acts and omissions arising from cyber incidents” according to the ABA.

Interested in Implementing The NIST Framework in Your Organization? Read the FREE NIST Cybersecurity Framework Guide for a List of Benefits and Strategies.

The call to action for these firms? “all law firms need to be prepared for a cyber disaster by having a robust and secure network in place and recognizing and implementing best practices”.

The NIST Cybersecurity Framework is held in high regard within the handbook and the ABA, as it is highly encouraged that legal entities begin adopting these cyber best practices seeing as they align with many of the cyber-related issues that can arise in a legal organization - including incident response, due diligence, and negligence. The ABA recommends its use to reduce cyber risk and also for legal entities to avoid legal issues themselves.

The Framework is a catalyst for cybersecurity strength in the organizations that choose to integrate it into their existing or growing program. It is time for organizations across all sectors to be proactive about managing and strengthening their cyber programs. 

The CyberStrong™ PowerControls™ can now give visibility in your organization, both visually and through metrics, on all 5 NIST Cybersecurity Framework Functions: Identify, Protect, Detect, Respond, and Recover, in just a few hours. Not only can you see where your existing program stands, but you can also view your goals and objectives for remediation and improvement on the same report. In addition, you will receive AI-powered intelligent recommendations based on your cost-impact preferences on how to begin or continue implementing the Framework, and similar recommendations based on the top threats in your landscape. A project that used to take months, or even an entire calendar year in some cases, just became a three hour process from beginning to end.

Learn How CyberStrong Streamlines the NIST Cybersecurity Framework Adoption

You may also like

Why GRC Needs IRM
on February 15, 2019

Today, every organization strives to optimize the speed with which they access information. Data is being stored, processed, transmitted and utilized in almost every day-to-day ...

Alison Furneaux
Government Shutdown Cybersecurity ...
on February 12, 2019

In January, CyberSaint CEO George Wrenn penned his thoughts on the impact of the government shutdown. In his post, George foresaw the outcome of the shutdown not being a future ...

The Cybersecurity Skills Gap: The ...
on February 7, 2019

The cybersecurity skills gap is nothing new to the seasoned cyber professional. It has been widely discussed in cyber and information security circles for some time. The main flag ...

George Wrenn
The Post-Digitization CISO
on February 5, 2019

Information leaders in digital businesses, whether focusing on optimization or a full transformation, are inherently altering their position among the executive leadership. As ...

Integrated Risk Management and ...
on January 31, 2019

With technology permeating every aspect of a business, one begins to wonder what technology is reserved for digital risk management rather than the other facets of integrated risk ...

Department of Defense Launches ...
on January 29, 2019

The Defense Federal Acquisition Regulation Supplement (DFARS) mandate, specifically Clause 252.204-7012 requiring all members of the Department of Defense’s supply chain to comply ...