The U.S. government's move to ban the use of antivirus platform Kaspersky Lab in its agencies or adding telecom giant Huawei to its list of entities that have been involved in activities "contrary to the national security," may give some law firms pause when considering whether to use the same technology.

But that doesn't mean such tech providers or platforms are completely blacklisted. Law firms, like corporations, will weigh the potential risk of storing sensitive client data on such platforms and consider alternative tech developed in countries with less-intrusive governments.

Philadelphia-headquartered law firm Fox Rothschild, for instance, doesn't have an "outright prohibition" against using software developed in China or Russia, said the firm's chief privacy officer and co-chair of its privacy and data security practice Mark McCreary.

Instead, the firm deploys third-party experts to perform an extensive vetting process of all software the law firm is considering. The process includes checking for any cybersecurity or data-sharing risks and ensuring client's data is stored in jurisdictions clients are comfortable with, he noted.

"If you take a software vendor that is based in France, we would still do the same due diligence we would do with any company," he said. Many clients are apprehensive about storing their data outside of the U.S. or losing control of their data, McCreary said, adding that nation-states Russia and China aren't ideal places to store data because lawyers can't ensure the government won't access their data. 

But after noting Fox Rothschild represents many Russian and Chinese companies, McCreary said an outright ban of tech from Russia or Chinese isn't necessary given the firm's thorough evaluations. Still, the heightened cybersecurity concerns aren't lost on the firm.

"We are mindful of it, especially with Huawei and Kaspersky Lab, there's a reason why people in cyber defense are concerned about it," McCreary said.

He also noted the firm has declined to purchase Huawei equipment and hasn't needed any software that was exclusively produced in Russia or China.

For the law firms that do decide to leverage tech made in Russia or China, if client data is hacked, they could be held liable, one lawyer noted.

"If it comes out there are issues raised by hiring a Russian software or Chinese software company for example and it leads to illegal acquisition of data, I think there's serious questions of liability, given the concern presently with using tech from those countries," said Peter Toren, an IP solo practitioner and former prosecutor for the U.S. Department of Justice's computer crime and intellectual property section.

However, if a law firm rigorously evaluates a platform's cybersecurity risks and precautions, if a hack occurs, the firm could have a strong argument that they did their due diligence, Toren added.

For CI Security founder and CISO Mike Hamilton, even if the probability of a cyber intrusion is low, the firm should err on the side of caution.

"Even if the likelihood is very small but the impact is so high it could put you out of business, you should make the decision to buy something else," Hamilton advised.