• Insights

How to Respond to Security Audits: For Small and Mid-Sized Firms

Nina Lukina

2 min read

All Insights

Security Audits Trouble Small Law Firms

As cybersecurity audits from corporate clients become commonplace, smaller firms are feeling the brunt.

“Now they want screenshots.”

“Longtime clients are asking for them.”

“There’s just no way.”

These were some of the things we heard recently in conversations at a conference for leaders of small law firms.

Security audits are nothing new. But as more companies and industries have become concerned about the safety of their data, the scrutiny has become intense.

Shoring up their own defenses to avoid a potentially disastrous, high-profile data breach, corporations are looking to their legal representation to do the same. To continue working with their favorite outside attorneys, companies have to ensure those law firms will not constitute a weak link in their data privacy programs.

Security audits ask for proof that the latest defensive technology has been implemented. The questionnaires, which started appearing within the last five years, have lengthened in that time, often running to sixty pages or more. They now request more evidence, detail, and granularity. On-site inspections are also becoming part of the deal.

Security Audits Intensify Competition

The legal industry’s giants have dedicated entire units to answering security audits, which typically come from Wall Street and healthcare companies, as well as from technology companies concerned about their intellectual property. These security departments provide state-of-the-art security defenses in response to client demands, including certified security analysts tasked with round-the-clock intrusion detection.

The situation has become dire for smaller firms as clients threaten to withdraw work if security requirements aren’t met. Longstanding relationships are on the line. In some cases, clients are also requesting that firms purchase pricey insurance for data breaches to add to their malpractice coverage.

Managed Security Services Offer a Solution

What are smaller firms to do? Their legal work may be stellar, but they simply do not have the resources to build out an on-site security center.

Fortunately, it is now possible to acquire that big-firm security on a small-firm budget.

Solutions such as Kraft Kennedy’s SOC (Security Operations Center) are designed to take the pressure off small and mid-sized firms. For $25 per user per month (package prices vary), Kraft Kennedy provides the technology and human expertise of a dedicated security team, making security audits a breeze. Clients of the SOC are able to answer the questionnaires with affirmative answers as well as draw on our analysts’ knowledge to fill out the technical details.

Taking into account the latest security and recommendations, Kraft Kennedy’s continuously evolving security services include intrusion protection, firewall management, and more.

Certified security analysts and systems engineers are available round-the-clock for both prevention and remediation of data breach incidents.

We are sharing this Security Foundations Checklist to help firms plan their security programs. Think of it as a miniature self-audit. How did you do?

Are there gaps in your security program?
Get in touch to discuss how you can fill them and pass your next security audit with ease.



Security Operations Center