Law, Lobbying & Consulting Firms

Top companies place tremendous trust in third party firms to consult on critical matters to their business. From legal advice, financial advice, to influencing governmental affairs. In the commission of these partnerships critical information and data is exchanged between the organization and these third party firms to include trade secrets, regulated data, and information that could severely damage an organizations reputation if inadvertently released for public consumption.

A firm, whether practicing in law, communications, human resources, and so on, must ensure they are protecting client information and data with the utmost diligence and possibly the same expectations and standards beholden to the client.

Recently, greater attention has been placed on the cyber security posture of third party firms…

“Law firms are increasingly becoming attractive targets to hackers for the valuable client data on their servers. Attorneys routinely access and communicate confidential information relating to their corporate clients’ businesses, strategies, and proprietary interests. Law firms generally spend less on securing their systems than other businesses, and also tend to gather sensitive data about their clients in a single place on a network. Approximately 80 major law firms were victims of cyber attacks in 2011. Several China-based hackers have broken into law firms’ networks in recent years in attempting to stop a merger or acquisition or interfere with a business deal. When seeking to obtain critical files on corporations, hackers frequently look to law firms’ networks as an easier path to gain access than attacking the corporations directly.”


Additionally, lobbying and other types of consulting firms have been a target for corporate and political espionage. Adversaries see the same potential vault of client sensitive information in these firms that they do with law firms. These threats require a comprehensive security program. CYGRU can work with your firm to identify the liabilities of your firms business, classify the data to meet these ethical and legal responsibilities, and mitigate risk by implementing people, process, and technology.