Cybersecurity checklist helps protect clients, lawyers

The recent cybersecurity breach that knocked U.S. fuel supplier Colonial Pipeline offline for several days is the latest example of a growing trend of ransomware attacks, in which cyber criminals “lock” computer systems in exchange for money.

Such attacks often target third-party vendors and are hard to detect and recover from. Another notable data breach hit Target in 2016, when hackers gained access to the retailer’s gateway server using credentials stolen from its HVAC vendor, a third-party supplier. The company settled the case for $18.5 million.

But there are steps lawyers can take to protect their clients – and themselves – from costly and destructive cyber intrusions. The American Bar Association Cybersecurity Legal Task Force has released its Vendor Contracting Project: Cybersecurity Checklist, Second Edition, an update to the 2016 version, to assist lawyers negotiating vendor contracts on behalf of clients.

“The updated checklist provides guidance in plain language for those solo and small-firm lawyers advising clients who need to incorporate cybersecurity protections in their contracts with third-party vendors,” said Claudia Rast, co-chair of the task force. “It gives lawyers insight into the potential threats and vulnerabilities when negotiating with third-party suppliers, both on behalf of their clients and themselves.”

The cybersecurity threat landscape is constantly evolving, and it’s crucial for lawyers to stay current on the latest methods used by hackers. The checklist covers vendor selection, including how to conduct a risk management assessment of potential vendors to identify risks and vulnerabilities. It also covers contract preparation with customizable sample contracts and vendor management best practices.

For additional information or to purchase a PDF of the checklist for $25, visit