Spring Check-Up: Assessing Your Insurance Policy This Season

Spring will be here soon and usually during spring we do what is called spring clean ups or check up.  We look at the lawn mower, the weed whacker and car wash stuff all because Spring is a new start. 

In my world, the same holds true for insurance.  I like to review my policies and make sure I have what I think I have and make any tweaks that I feel are necessary to be properly insured. 

Knowing that most people renew or purchase a policy and stuff it away somewhere for the year, the spring check up might be a good idea for you.  Things I look at during my check up and you should too are:

1. Limits: are they sufficient?  Will there be enough there to protect you in the event of a claim.  Make sure you review both the per claim limit and the aggregate limit.  Aggregate being the total amount available during the policy year.

2. Deductible:  Are you comfortable with the current amount?  Will you be able to pay it when it comes time?  On paper 5 or 10k might not seem like a lot of money but during a claim sometimes money can be a little tight.  

3.  Defense costs:  How are they handled?  Are defense costs/cost of defense  included in your limits of liability or are they in addition to your limits?  If you carry lower limits, say 100k and your defense costs are included in that limit it may not take very long to go through the limit before the case is resolved.

4. Insureds: Make sure you know who actually is insured on your policy – you, your staff, independent contractors, of counsels, former employees.  It always good to know who is covered and who is not

5. Prior acts: Check and make sure that your prior acts coverage is correct.  We all know that claims can and usually do stem from professional services we performed prior to the start of your current policy period.  Make sure your policy contains prior acts coverage.

6. Effective date. Make sure your policy is current and that you didn’t miss the renewal date.  Sounds stupid but it does happen.  People just forget to renew or just put it off until it is too late.

So before you start to cut your grass or use the weed whacker make sure you have a new spark plug in place and give your LPL policy a check up too.  

Unveiling the Risks: How the ‘Of Counsel’ Title Can Impact Your Insurance Coverage

Titles in business are considered very important: President, CEO, VP etc……law firms the same thing…Partner, senior partner, member, associates.  But did you know there is one title in a law firm that can cause confusion and sometimes affect insurance coverage?  The title OF COUNSEL. 

I’ve been told, ask 10 lawyers the definition of OF Counsel and you’ll get 10 different answers.  At some point, we can discuss and try to narrow down a more specific definition of what an OF Counsel is but today I want to point out how the term OF COUNSEL may affect your legal malpractice insurance coverage at retirement.

Most policies provide what is called a free retirement tail endorsement when an attorney from the firm retires.  Usually there are a few requirements that must be met in order to qualify for that free tail.  On some policies OF COUNSEL attorneys are not eligible for the free tail strictly because they are titled OF COUNSEL.  This usually is not an issue for a solo but for firms with 2 or more attorneys it can cause great concern.

I have seen instances where firms with 3 or 4 attorneys give the title OF COUNSEL to the founding member of the firm with no consideration of how this could affect the founding members coverage, his or her estates coverage or the retiring attorneys financial position during retirement.  Usually the change to OF COUNSEL is a result of the attorney working less hours and nothing more.  In this case it seems a shame for the attorney to lose coverage and in some cases not be able to get back because of working less time?  

So before changing anyone’s “title” to OF COUNSEL and printing new letterhead check your legal malpractice policy. Contact your broker/carrier and ask them for an interpretation of the coverage.  Make sure the change to OC won’t affect the retirement tail coverage. OR if it does you know and are ok with any change.  Who knows, maybe it won’t change but then again maybe it will.  Better safe than sorry.

Real-life Cyber Claim Examples: The Importance of Cyber Insurance

It seems as though everyone likes to hear a good war story and it is no different when it comes to cyber claims. Besides price, it may be the most asked question I hear – What kind of claims are being filed? Can you give me an example of a claim to show that this is real and I should be buying a policy? So, let’s delve into this topic and let me tell you a couple of real-life cyber claim scenarios:

War Story 1: The Case of Accidental Data Loss

A small law firm lost all of their data, including backups, from a shared office space when the IT administrator formatted the hard drive on the office equipment. The firm, which had three lawyers, was operating inside unused space at a larger firm. As part of the arrangement, the smaller firm also used the IT systems of the larger firm.

In an effort to segregate the data of the smaller firm, the larger firm gave them access to their own file server, which was normally used for email only. The server began having issues, so the IT administrator backed up the emails on the server, formatted the hard drive, and reinstalled all the software. Unfortunately, the IT administrator did not remember to backup the data from the smaller firm before formatting the hard drive.

The firm suffered an interruption of operations as a result and incurred significant expense to recover the data manually. In this case, the damages and loss are as follows:

  • Data Restoration Expense: $23,000
  • Loss of Billable Hours: $8,900

War Story 2: The Case of Accidental Data Breach

A law firm handling Qui Tam cases suffered an accidental data breach resulting in legal liability and disciplinary proceedings for alleged ethical violations. The firm used a cloud storage service for all firm data. The cloud storage provider offered two tiers of service to clients, free and premium.

Data in the “free” storage service is searchable and can be downloaded by other customers. The firm neglected to pay their renewal fees for the “premium” service, so the firm’s account reverted to the “free” service and all of the firm’s data was searchable and available online for several months. During that time, numerous parties downloaded the details of a sensitive whistleblower case.

As a result, the firm faced a lawsuit from the former client in the whistleblower case as well as a disciplinary proceeding. Several other suits from other current and former clients are also pending. In this case, the damages and loss are as follows:

  • Notification Expense: $27,000
  • Defense Expense: $305,000
  • Damages: $2,150,000
  • Fines & Penalties: $120,000

Note: pending suits from other clients are not included in loss amounts listed above.

These examples illustrate the real-life implications of not having a robust cyber policy. In today’s digital age, where data breaches and cyber attacks are becoming more common, having a comprehensive cyber insurance policy is not a luxury, but a necessity. It’s time to take a proactive approach to protect your firm and clients from potential cyber threats.

Maximizing Your Cyber Insurance: Understanding the Full Range of Protection

Most of the calls I receive about cyber insurance are for Fraudulent Funds Transfer.  This seems to be what the caller is most interested in and for good reason especially if your profession is in the area of law, real estate, or title/escrow work.  However the cyber policy is much more than just fraud transfer coverage.

The policies are usually what I consider a program or a suite of coverages made up of first and third party benefits and a strong risk management team.  Several of the carriers that write cyber insurance will perform or run an analysis of your website/online presence and identify weakness that exists and exposures that may lead to a cyber attack or event.  The carrier prepares a report that will not only identify the weakness but will also offer suggestions on how to correct or eliminate the exposure.  They also will rank or compare your cyber situation and scan results to other companies of similar size and industry. Allowing you to see if you’re keeping up with others in your industry in keeping your business, your clients and your customers safe from cyber attacks.

Other benefits provided by most cyber policies include: Notification costs.  Did you know that the government requires you to notify your customers in the event you have a cyber attack and personal/confidential data is compromised?  Think of how many files you have.  It won’t be cheap to notify and complete this task.  Ransomware.  Think you’ll never become a victim of this because your office is too small, and you don’t have or keep large amounts of personal confidential information? Think again.  Everyone is a target for this type of claim.  A hacker breaks into your computer system and stops your ability to use it or shuts down the entire system unless you pay XX amount of dollars.  How long can your office run with no access to your computer system?  

Fraudulent transfer of funds, risk management team services, strong claims team, notification costs and Ransomware coverage only scratches the surface of what coverages/benefits are provided in most cyber policies.  Although you may only have interest in one or two of these you need to be aware of all the coverages available to you in your cyber policy.  Rarely in a cyber claim is only one benefit/coverage part triggered.  Usually several parts come into play.  Don’t short yourself by not knowing all of the coverages and assistance that is available to you under your policy.  Read it and call your broker, and or the risk management team of the program with your questions.

Are You Taking Advantage of the Ancillary Benefits That Come With Your Malpractice Insurance Program?

I’m always surprised at the number of people who don’t take full advantage of the ancillary benefits that come with malpractice insurance programs. I know that most of the carrier programs we market have several useful benefits outside of the policy that can help a firm.

Items like: online risk management classes, some of which are eligible for free CE and possible premium discounts, samples of engagement, disengagement, and non engagement letters, as well as suggestions on how to implement a conflict of interest system.

You can also find examples of how to implement a dual calendar system and comments on the latest programs available in the marketplace for calendaring, client intake, and billing. Not all outside the policy benefits have everything we mentioned, but they do have some combination.

Keeping Your Documents Secure and Accessible

As an agency, we’ve developed a client portal with 256-bit encryption for your security. Current clients can use this portal to gain access to the previous applications you’ve submitted to us as well as your past and current legal malpractice insurance policies.

I get calls, some urgent, from insureds asking if I can resend the policy as they cannot locate it in their office. Imagine how convenient it would be if you could just go to the client portal and see all the information you needed online!

So if you’re one of the insureds that are using the additional benefits available to you from your legal malpractice insurance program, good for you. It can and will make your law practice better and maybe even reduce the chances of being sued. If you’re not, I would encourage you to at least take a look at what is available; you might be surprised. Oh, and did I tell you it is usually free?

Does a Legal Malpractice Policy Cover a Cyberattack, Data Breach or Wire Transfer Fraud Claim?

At INf, we just finished recognizing the month of October as Cybersecurity Awareness Month. I hope you enjoyed the few educational videos that we were able to send your way.

Since then, a few of our clients have asked me to talk a little bit about whether a legal malpractice policy would cover a claim that was based on a cyberattack, data breach, or wire transfer fraud. So as a bonus to our October series, we’ll go over a few of these issues.

Cyberattack and Data Breach Claims

Let’s take a look at the cyberattack and data breach issues. My answer is going to be a pretty typical insurance answer in this situation—maybe. It might be covered based on the claim circumstances. My best guess is that if you submit a legal malpractice claim based on a cyberattack or data breach, it will trigger the coverage.

The carrier will review the claim issues and decide which issues are going to be covered and which issues are not going to be covered. I would believe that those issues that are typically considered legal malpractice issues are going to be covered, and those issues that are strictly considered cyber issues will not be covered. Now, your policy may have certain language that will provide a very limited amount and scope of coverage for some cyber events. So you might be able to glean a little bit of coverage out of your legal malpractice policy in that event.

Wire Transfer Fraud Claims

On the other issue of wire transfer fraud, my answer is going to be a little bit different. I don’t believe that most legal malpractice claims or most legal malpractice carriers are going to cover claims for wire transfer fraud. Most of the carriers and carrier personnel that I have spoken to believe that wire transfer fraud is theft. And a legal malpractice policy is not theft protection.

Perhaps a fidelity bond, maybe crime coverage, or a standalone cyber liability policy would be the better policy from which your coverage would come. Some legal malpractice policies even specifically exclude theft, wire transfer fraud, and bank transfer fraud.

Consider a Cyber Liability Policy

If you’re looking for coverage to replace the physical funds that are lost from a wire transfer fraud, my suggestion to you is to not depend on your legal malpractice policy to do so. I think you’ll be very disappointed. Which brings me to my last and final point: you need to seriously consider the purchase of a standalone cyber liability policy. It’s going to protect you against a host of exposures, like cyberattacks, data breaches, ransomware, phishing schemes, and so much more.

So if you really want to protect yourself, the office, and your client, the purchase of a cyber liability policy is the way to go.

These policies help protect you from the threat of hackers, data dumps, stolen passwords, ransomware attacks and more.  

It takes less than 5 minutes to fill out the application for this insurance.  Contact INF to get started at 412.563.2106.

Be prepared against cyber attacks

In the past 4 weeks, we have covered multiple cyber security exposures that are common to law firms, including:

We have also covered how to minimize the risk associated with them.

However, they all have one thing in common…a human element, which is almost impossible to safeguard 100%.  About half of all data breaches happen due to some type of human error.

This is why we recommend purchasing cyber liability insurance.

Cyber liability insurance provides a combination of coverage options and services to help protect businesses against data breaches and other cyber events as well as help to recover quickly if an attack does take place.

This insurance can help cover the costs associated with an attack or breach, such as:

  • Lost income due to cyber event
  • Customer notification 
  • Data recovery
  • Damaged computer repair
  • And more!

Law firms use multiple types of technology that face cyber risk.  As this tech becomes more complex, so does the risk that comes with it.  This is why every business should be prepared with a cyber security plan/training as well as cyber liability insurance to help mitigate the risk.

Let INF help place you with the best cyber liability carrier for your firm’s needs.  To get started, give us a call at 412.563.2106 today.

Do you have multi factor authentication to verify your identity…because 44% of businesses don’t

Because October is Cyber Security Awareness Month, we thought that we would take the next few weeks to highlight cyber security exposures that are common to law firms.

Did you know that 44% of businesses don’t use multifactor authentication?

Your question back to me might be – What is multifactor authentication and why would I need it?

Multi Factor authentication or MFA is a security method that needs a user to use two or more authentication factors to prove who they are before they can use an organization’s network, check their email from a remote location, or use privileged or administrative accounts.  It helps make sure that you are who you say you are.

The most common use of MFA is when banks or credit cards require you to input a password as well as a code that they email/text/call you with.

MFA should be used by law firms with email accounts as well as accessing any network remotely.

In fact, according to Microsoft, 99.9% of account compromise attacks can be blocked by MFA!

Most email products as well as system access software have MFA built in, so be sure to enable and protect your data!

Questions about risk mitigation for this exposure?  Call us at 412.563.2106.

Next week, we will talk about how to protect your firm against multiple exposures!

Check to see if your email/password combination has been exposed in a recent data breach

Because October is Cyber Security Awareness Month, we thought that we would take the next few weeks to highlight cyber security exposures that are common to law firms.

This week’s topic – Passwords!

Did you know that there is a website that you can go to check to see if your email/password combination has been a part of a data breach?  It’s called “Have I Been Pwned?” and you can access it here: https://haveibeenpwned.com/

It contains over 12 BILLION username/password combos that have been exposed in recent hacks.

Go to the site and enter your email address to see if you have been exposed.  If so – change your password immediately for the account that was hacked.

Want to create a good password?

Try using these 7 criteria:

  • 12 characters or more in length
  • Contains an uppercase letter
  • Contains a lowercase letter
  • Contains a number
  • Contains a symbol
  • Does not contain real words that could easily guessed by a dictionary attack
  • Hasn’t been used before as a password by your email address

Need help remembering each unique password?  Invest in a password manager, like 1Password or KeePass.

Questions about risk mitigation for this exposure? Call us at 412.563.2106

Next week, we will discuss multi factor authentication!

Do you know about the email wire fraud scam affecting lawyers and law firms?

Because October is Cyber Security Awareness Month, we thought that we would take the next few weeks to highlight cyber security exposures that are common to law firms.

This week we wanted to talk about wire fraud.  Despite the fact that wire fraud scams target a wide range of professionals, attorneys who handle real estate transactions and/or wire money are particularly at risk.

Lawyers should be aware of any fraud schemes that could cost them and/or their clients hundreds of thousands of dollars if they transfer money to or on behalf of clients. The Federal Bureau of Investigation (FBI) estimates that scammers have stolen up to $1.33 billion just in the United States.

Here’s how the scheme normally works:

  • The scammer will gain control of an email account from at least one of the parties in a transaction.  Typically that transaction will be in real estate.  They will use this access to gain details.
  • The scammer will send a set of emails that appear to be legitimate discussing the details of the deal to build trust
  • Then, the scammer will send wire instructions OR make changes to a previously supplied set of instructions
  • The scammer will say this matter is “urgent” and that everything “needs to be done today”.  This is so the normal set of checks and balances will be bypassed, thus eliminating the normal scrutiny requests like these should get
  • Then, the attorney would unknowingly wire the money to the scammer’s account and the scammer will typically move that money immediately to an overseas account so it cannot be stopped

There are a few ways that attorneys can prevent wire fraud – 

#1 – Be hyper-vigilant

First, attorneys should be on the lookout for wire fraud scams and be skeptical whenever money is being wired to finish any kind of transaction. Wire fraud scams that use emails can involve anyone in a transaction, from someone the attorney has worked with for 40 years to someone they have only met briefly for one transaction. Because of how email works, it is much easier to hide a person’s true name through email than over the phone or in person.

#2 – Use a second authentication factor

Use a phone call as the second authentication factor to easily check on all wire transfer requests.

Before any money is moved out of the law firm for a transaction, an attorney can find out about most possible fraud scams by calling the person who is supposedly sending the email. Attorneys should always use the contact information they already have for the person instead of the information in the email, which could be fake. Lawyers can also call someone else at the company. The main point is to do something outside of the email chain that could be hacked.

#3 – Be skeptical of last minute changes

Be careful when a party in a deal suddenly changes how they usually do things. This could mean moving money to a different account, using a personal email address instead of a work one, or talking to someone else at the company. All of these things could be signs of a possible scam. 

Questions about risk mitigation for this exposure?  Call us at 412.563.2106

Stay tuned for next week where we will send you a website where you can check to see if your email/password combination has been exposed in any major hack.