Skip to main content
For Legal Professionals
Find a Lawyer
Please enter a legal issue and/or a location
Begin typing to search, use arrow keys to navigate, use enter to select

Find a Lawyer

More Options

Should You Demand Proof of Cybersecurity From Vendors?

By Aditi Mukherji, JD on March 27, 2014 | Last updated on March 21, 2019

A growing number of corporations are asking their law firms to fill out lengthy questionnaires to show proof of cybersecurity measures. Should your small business follow suit?

Major corporate clients are demanding that their law firms ramp up their security and then prove that they did so, The New York Times reports.

This is a cybersecurity tactic small business owners might want to adopt -- particularly with vendors.

Why This May Be a Good Idea

Lest we forget, the massive Target data breach resulted from a compromised vendor. The Target hackers breached the chain's security systems by first using electronic credentials stolen from a vendor.

For business owners, the lesson is that vendor cybersecurity is critical to the security of your own business. Unless you can trust your vendor's security measures, your business can be vulnerable to cyber threats. That, in turn, can expose you and your business to legal liability.

Requiring a vendor to show proof of cybersecurity is one way to try to hold the vendor accountable, as well as to ensure reliability and consistency in your overall online security efforts.

A Cybersecurity Checklist

When asking vendors for proof of cybersecurity measures, there are certain risky practices to immediately address, including:

  • Distribution. Make sure a vendor is not putting sensitive files on portable thumb drives or emailing sensitive documents to nonsecure iPads. Find out if the vendor uses secure email and how much of the information it sends is unencrypted.
  • Networks. Find out whether your vendor works on computers linked to a shared network in countries like China and Russia where hacking is prevalent.
  • Access. Get an idea of how many people have access to sensitive information. The more hands that have access to the data, the greater the security risk -- and therefore, the stronger the security measures needed.

Asking for proof of vendor cybersecurity should be one part of a larger plan to create a robust security system that extends to vendors and other interconnected business relations. Your customers, your peace of mind, and your wallet will thank you for it.

Follow FindLaw for Consumers on Google+.

Related Resources:

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.

Or contact an attorney near you:
Copied to clipboard