Cybersecurity checklist will help to protect clients, lawyers

The recent cybersecurity breach that knocked U.S. fuel supplier Colonial Pipeline offline for several days is the latest example of a growing trend of ransomware attacks.

Such attacks often target third-party vendors and are hard to detect and recover from. Another notable data breach hit Target in 2016, when hackers gained access to the retailer’s gateway server using credentials stolen from its HVAC vendor, a third-party supplier. The company settled the case for $18.5 million.

There are steps lawyers can take to protect their clients – and themselves – from costly and destructive cyber intrusions. The American Bar Association Cybersecurity Legal Task Force has released its Vendor Contracting Project: Cybersecurity Checklist, Second Edition, an update to the 2016 version, to assist lawyers negotiating vendor contracts on behalf of clients.

“The updated checklist provides guidance in plain language for those solo and small-firm lawyers advising clients who need to incorporate cybersecurity protections in their contracts with third-party vendors,” said Claudia Rast, co-chair of the task force. “It gives lawyers insight into the potential threats and vulnerabilities when negotiating with third-party suppliers, both on behalf of their clients and themselves.”

 The checklist covers vendor selection, including how to conduct a risk management assessment of potential vendors to identify risks and vulnerabilities. It also covers contract preparation with customizable sample contracts and vendor management best practices.

To purchase a PDF for $25, visit

Subscribe to the Legal News!
Full access to public notices, articles, columns, archives, statistics, calendar and more
Day Pass Only $4.95!
One-County $80/year
Three-County & Full Pass also available