Under pressure from federal regulators, who are concerned about lax cybersecurity at law firms, the Bank of America Merrill Lynch has begun conducting audits on the law firms it does business with, to verify what they are doing to protect sensitive information.
Although experts have been warning for some time that such audits were looming, a number of law firms have been caught flat-footed, assistant B of A general counsel Richard Borden told attendees at a recent conference for top in-house lawyers, Corporate Counsel reports.
"It’s been really interesting dealing with the law firms, because they’re not ready,” said Borden, an in-house cybersecurity lawyer who has been helping the group that's auditing the Bank of America's outside counsel. “Some of them are, I should say, but there are many that aren’t. And it actually does pose a threat.”
Auditors are looking to see if the law firm has a cybersecurity plan, he told Corporate Counsel, and, if so, whether it is followed. Since mobile electronic devices are a likely weak area, one issue is whether confidential information sent to them is encrypted. Additionally, unwary employees clicking on malicious links in email remains a common cause of problems, just as it has been for years.
"Unwary employees clicking on malicious links" has been a problem for businesses of all kinds and sizes, not merely law firms and banks. It's often the root cause of the eventual theft of money from many small business bank accounts, as we've been discussing here for years. Much good would be accomplished by surfing the internet for porn on a different computer that the business uses for banking, but then you have the problem of the sole proprietorship that consists of "one consultant, one laptop." In those cases, using a separate computer solely for banking is likely not a practical solution, anymore than it is to ask people to refrain from clicking on links on their favorite "make love to my wicked shoes" web site.
Getting back to attorneys for banks: how many of you encrypt any firm email sent to your cell phone, tablet, or other portable device? Yeah, that's what I thought.
This isn't going to be a problem merely for the brother-in-law of the chairman who has an office above the corner drug store and gets thrown the occasional foreclosure, lease, or other "bone" by a small-town bank. According to Mr. Borden, this is going to something that firms large and small will have to address.
Welcome to the 21st Century.