Kroll CyberClarity360 and Buying Legal Webinar Series Wrap-up
Privileged Data & Cyber Security
The first was led by Imran Jaswal and Ryan Spelman of CyberClarity360. It focused on the concept of risk identification, aimed at helping the members of Buying Legal Council understand and identify risks in their vendor ecosystem. While the number of cyber risks is myriad, there are specific challenges to legal vendors that require special attention. The sensitivity and volume of data that may be shared with one or more outside counsel make a data breach by a legal vendor a particularly high-risk event. Further, the nature of legal vendor relationships, with their potential for rapid scope change and confidential procurement, make managing this data sharing a particularly challenging activity.
Cyber Security Benchmarking
In the second, led by Shay Colson and Ryan Spelman of CyberClarity360, Kroll analyzed and studied vulnerabilities the same way hackers do and emphasized the data points that should be considered when deciding to engage or avoid specific legal vendors. Shay Colson talked about the critical vulnerabilities of accounts that get compromised due to exposed records. These records may be employee account credentials used on other systems such as payroll providers or travel booking sites. And, if the employees used the same username and password they use on their organization's systems, then it could lead to a data breach. Both Shay and Ryan emphasized that understanding the cyber risk exposure, combined with an understanding of the data that will be shared with the vendor, is critical in deciding how to engage with the legal vendor.
Legal Vendor Cyber Risk Program
Log into your Buying Legal account to access this video recording.
The third was a fireside chat with a significant financial institution's legal vendor cyber risk management team, moderated by Shay Colson. This organization has built a robust legal vendor cyber risk management program that identifies and avoids potential risks and can engage and mitigate the threat. The mitigation comes from careful analysis of risks, leveraging a technology platform, and excellent communication between the financial institution and the firms.
Data Governance and Contract Management
Staff from Duff & Phelps’ Legal Management Consulting practice, Tyler Marion and Derek Mihm, joined us for the final and fourth webinar where they educated the audience on contracts. Contracts represent one method of risk transfer, which often represents the last option for dealing with risk if you cannot avoid it or mitigate it. Tyler and Derek focused particularly on managing clauses and terms across thousands of contracts and how leveraging technology can bring greater clarity to your understanding of what options are available to you in transferring the risks your legal vendors may create.
The Buying Legal Council series on cyber security was an excellent opportunity for attendees to both learn more about cyber risks in general and hear from experts on tactics to deal with these risks in specific. The members of the Buying Legal Council can access and watch all the videos within their member portal. The public can also view many of them, and we encourage anyone interested in understanding how to manage their legal vendor cyber risk to watch them at their convenience. If you wish to learn more about how CyberClarity360 can help you manage the risks in your legal vendor ecosystem, please contact us at [email protected] or visit our page at kroll.com/cyberclarity360.
Global, end-to-end cyber risk solutions.
Efficiently assess and confidently track the security and resilience of third parties with CyberClarity360, a robust third-party cyber risk management solution
Capture the value of contracts through M&A due diligence, acquisition integration and daily contract management.
Optimized Third-Party Cyber Risk Management Programs
Identify and remediate cybersecurity risks inherent in third-party relationships.
Third Party Cyber Audits and Reviews
Objective, expert audits and guidance to ensure third parties adhere to your data security standards.
Data Breach Call Center Services
Call center services provided for breached populations by skilled representatives.