American Bar Association checklist offers guidelines to avoid cyber breaches

WASHINGTON, June 27, 2017 — Costly and destructive cybersecurity breaches at companies such as Equifax in 2016 and Target in 2013 that exposed the personal data of millions of consumers were traced back to vulnerabilities unknowingly exposed by third-party vendors rather than the company itself, proving that cybersecurity is only as strong as its weakest link. 

To help avoid and minimize the impact of such breaches, the American Bar Association Cybersecurity Legal Task Force has released its Vendor Contracting Project: Cybersecurity Checklist, which is available at no charge on the ABA website. The checklist is designed to manage cybersecurity risk when working with third-party vendors – from vendor selection, to contracting and vendor management.

The checklist provides guidance on:

• Conducting a risk management assessment of the proposed vendors, to identify relevant threats to security.
• Reviewing vendor security practices and the ability to follow them.
• The contracting process, including setting expectations, mitigating risk and allocating liability.

The document also includes information on critical elements needed in any security program, whether a vendor or the procuring organization.

With more than 400,000 members, the American Bar Association is one of the largest voluntary professional membership organizations in the world. As the national voice of the legal profession, the ABA works to improve the administration of justice, promotes programs that assist lawyers and judges in their work, accredits law schools, provides continuing legal education, and works to build public understanding around the world of the importance of the rule of law. View our privacy statement online. Follow the latest ABA news at www.ambar.org/news and on Twitter @ABANews.