How To Identify Malicious Email Attachments

Malicious email alert

Do you know that more than 50% of cyber attacks are due to employee error and negligence, and part of that negligence and errors are due to the opening of malicious attachments, and the employee’s inability to identify a malicious attachment? Well, I’m here today to give you a few tips on how you and your employees can identify those malicious attachments. 

One, always listen to your malware alert. If your email service or your antivirus software tells you not to open the attachment, don’t open the attachment, listen to it! 

Two, check out the message. Do you know who actually sent you the attachment? If you don’t know who sent you the attachment, maybe it’s best not to open the attachment. Does the email content actually look normal? Or look like most of the emails that you get? Is it jumbled? Are there misspellings? Is your name misspelled in it? Those are pretty good signs that the attachment is in fact malware. 

Check out the attachment file extension. If it is a .exe, don’t open it. That’s an executable file and you do not want to open it in your email. Other attachment file extensions that are most likely malware are the .docm extension, the .xlsm extension and the .pptm extension. If you see those, I wouldn’t open the attachment. Just be careful and think twice before you open any attachment. 

And lastly, always, always make sure that your antivirus software is up to date and current.

What Factors Influence the Price of Life Insurance?

The first few things that are taken into consideration are your age and your gender. 

Beyond that, the big factor is whether or not you use tobacco. Someone who uses tobacco in any capacity is likely going to pay a higher premium than someone who doesn’t. 

Beyond tobacco use and your age and gender, your health history does play a role. 

If you suffer from any sort of a terminal illness, you likely will not qualify for life insurance. On the other end of the spectrum, if you’re very healthy, you should qualify for a better rate.

What is Privacy Regulatory Claims Coverage and Why is it Important?

What is privacy regulatory claims coverage in a cyber liability policy?

Wow. That’s a mouthful.

The regulatory coverage in a cyber liability policy actually pays for and protects you against the fines and sanctions that may be levied against you from state, local and federal governments for not properly ensuring the data that you’re responsible for.

Don’t get caught, make sure this coverage is in your cyber liability policy.

Does Your Insurance Policy Cover RON services?

Does your business include providing notary services for your clients?

If it does, you may have a potential coverage gap in your errors and omissions insurance policy.

In the times that we live in today with the COVID virus in the state mandated social distancing rules and regulations, the notary industry has come up with what they call RON services, remote online notary services. This basically allows the notary to perform notary reacts without the signer of the documents physically appearing in front of the notary. And while this may be a great thing to do now, during these times, it does pose insurance concerns and coverage issues.

Most errors and omissions policies which cover notary acts contain an exclusion or exclusionary wording that prohibits a notary act without the signer of the documents physically appearing in front of the notary.

Well, if you are notarizing a document online, obviously the signer of the document is not physically in front of you. What do you do?

I suggest that you call your insurance broker that sold you your errors and omissions policy and have him or her confirm with the insurance carrier, that the RON services will in fact be covered under your policy.

We at Integrity First Corporation have called all the carriers that we deal with for the errors and omissions coverage and they all have answered positively with regards to the remote online notary services. They have confirmed that the policies will respond to the RON services provided that those services have been done in accordance with the state approved guidelines and regulations.

So again, you need to do the same. Call your broker and confirm that coverage does exist for these types of services in your policy.

3 Tips on Keeping Your Business Data Safe While Working from Home

Hey, in these crazy times, as employers, we all have employees working from home…and although I’m not going to be able to give you advice on where to go for a good haircut, I am in a position to be able to give you three pretty good tips on how to keep your business information safe when your employees are working from home.

Do They Have a SECURE Internet Connection? TIP 1

First thing you need to do is make sure that your employees actually are working from a secure internet connection from their house. They really should be working with a WPA2 connection. And I think most people have that nowadays at their houses.

But there are some older systems that are still out there being used and they’re using a WEP key, which is not very secure. So, you want to make sure that that they’re not using that.

Do They LOCK Their Computer When They Leave It Unattended? TIP 2

Second thing – Make sure that when your employees are working from home, that they still actually lock their computer when they are done for the day (or even leave the room)…so your business data is safe. The mere fact that they’re working from home and not in your office doesn’t mean that the information that they’re working with can’t be stolen or mistakenly sent to somebody.

I mean, a lot of us have little kids running around and who’s to say you get up and leave, little Johnny comes and starts tapping on the computer keys, and says “Can I get on Facebook?”

Next thing you know all of your business information is sent to little Johnny’s 150 closest friends. You don’t want to get into that situation.

Do They Have a Separate Work Computer? TIP 3

Lastly, make sure that you give your employees their own computer to work from home.  Don’t expect or ask your employees to use their personal computer to do your work. You want to keep church and state separated, so to speak. When they’re working on your business, you want to make sure that they’re using your computer. You don’t want them paying their personal bills on your computer or your business bills on their personal computer…it just doesn’t mix. Not a good thing. We at INF hope these tips help you out.

‘Tis the Season for Cyber Security

02J68283

As the holiday season draws near, so do cyber criminals.  With more and more people shopping online, the number of potential cyber breach victims increases every day.  In fact, Adobe is predicting that Black Friday 2017 will see the highest sales ever on record.

So, without completely withdrawing from the online world, how can you protect yourself and your business online?  Try applying the following tips:

Make sure that you are on the website that you think that you are on

One of the most common ways to scam your username and password or credit card information from you is to send you to a fake website that looks very similar to the website that you are expecting.  An example of this is paypal.com versus paypa1.com.  Note that the only difference is the “L” at the end of the first one and there is a “1” at the end of the second one.

To get you to these fake sites, scammers will send you an email that directs you with a bogus link.  One way to see where the link is taking you is to hover over it with your mouse.  The website address will popup.  If the link is bad, block the email sender and move the email to your “SPAM” folder to prevent receiving emails from that person in the future.

One way to confirm that you are visiting the website that you want is for you to type the website into the address bar.  This way, you know that you are not following any false links and you arrive at the correct website.

Don’t fall for holiday phishing schemes

On Black Friday 2017, retailers sent over 3 BILLION emails to consumers, advertising their best deals and sales.  This day was also filled with scammers sending out tons of emails, pretending to be a retailer.  They were taking advantage of the fact that consumers were expecting to receive these emails and may not have questioned them as much.  This is known as phishing and its main purpose is to collect as much personal information about you as possible.

Commonly, phishing emails will try to direct you to a login page or a payment page.  They want to get your information as quickly as possible without you questioning the validity of the site.

A few ways to identify phishing schemes:

  • The “From” field display name is a store or bank.  However, when you click into it to reveal the full email address, it’s an address not related to that entity.
  • The email has graphics that look “off” or “fuzzy”.  Sometimes, to make the fake email look more legitimate, a scammer will copy the graphics from a store or bank from their website, which are not a high resolution.  As a result, when they are placed into an email, they look wrong.
  • When you hover over the link that the email wants you to visit, it is not pointing to the website that it claims to be sending you to.
  • Check for spelling mistakes and bad grammar.  Legitimate companies are sticklers when it comes to spelling and grammar.  If the email sounds poorly written, there is a good chance that the email is not legitimate

Check for an SSL certificate upon checkout

When you check out online, you want to make sure that there is an SSL certificate in the address bar.  You should see that the web address starts with “https://”.  Normally, there will be a lock image next to the address or the whole bar will turn green.

An SSL is important any time that you are entering financial information or passwords.  This encrypts that information and keeps it private from anyone that may be watching your transaction.

Create a strong password (and don’t use the same one) for your customer (and business) accounts

Your customer accounts for stores and banks should be protected by a strong password.  The company can have the best security measures and encryption in place, but if your account has an easily guessed password, none of that matters.

A strong password is 12 characters or more and contains at least one of each of the following:

  • Uppercase letter
  • Lowercase letter
  • Number
  • Symbol

You also do not want to use the same password for all of your accounts.  This is because if one of the accounts is hacked, the hacker now has the login information for all of your other accounts and they WILL check this immediately.

The average American has over 60 online accounts that they have to remember, so look into a good password manager to help you maintain the information.  Not only will the password manager help you remember all of your login information, but it will help you create secure passwords.

Some highly rated password managers include KeePass, Dashlane and LastPass.  Check out this article from PC mag for more information on the top password managers of 2017: https://www.pcmag.com/article2/0,2817,2407168,00.asp

BONUS: Turn on two factor authentication where possible

Two factor authentication (TFA) is becoming more prevalent as hackers become more savvy and have access to greater computing power.  TFA uses not only your username/password, but one other means of verification before you have access to your account.

This is now commonly available with banking and credit card websites.  When you turn this on, after you sign in with your username and password, they will ask if you want to receive a text or email for secondary verification of the account.  Once you make your selection, they will send a one-time only code to the phone number or email associated with that account, which you then have to enter to gain access.

This is helpful because even if someone had your password, they would still need access to your email or phone to be able to access your account.  If TFA is available to you, INF recommends turning it on to better protect yourself.

Have a safe and secure holiday season from INF!

Smart Risk Management for Law Firms: Be Prepared – not just for boy scouts anymore

Businessman using mobile phone outside courthouseI don’t know any attorneys that want to get sued by their client.  However, not all law firms are taking the proper steps to prevent this situation from happening.  In order to protect both your firm AND your client, you should employ multiple risk management techniques.

What is risk management?

Risk management is a set of policies and procedures that a law firm should have in place to reduce or eliminate risk issues.  Not only will you be protecting yourself and your clients, but you should receive a credit from your lawyers professional liability insurance carrier for employing these techniques.

How should risk management be taught?

Frequently, firms hold seminars for their employees to review office procedures and information specific to the firm.  Outside training can also be implemented in the form of webinars or guest speakers.

Your staff may interact with your clients as much or more than you do.  Don’t forget to train everyone!  According to the latest Verizon security report, 51% of data breaches are caused by the people within a company.  Make sure that they are familiar with your policies and procedures that you have in place.

Business team in the office

Important risk management policies for law firms #1 – Take the right cases

A common cause of malpractice is taking a case that your law firm is not qualified for or does not have the resources to handle.  You have to look past the dollar signs of a case and ask yourself, “Is this the best case for me and the firm?”  Create a policy that helps you walk through the details of a case to ensure that you are well-versed in the area of law it concerns as well as having the resources that it may require.

Important risk management policies for law firms #2 –Dealing with Departing Attorneys

Redundant Businesswoman Leaving Office With Box

If an attorney is departing your firm, make sure that an exit interview is conducted and that the proper steps are taken to remove them from your firm.  Make sure that you are aware of all cases that he/she was working on and any open issues.  Create a policy that outlines the following:

  • What are the important questions to ask in the exit interview for my firm?
  • Who should be assigned any work that is not completed?
  • What materials can the departing attorney take if they are allowed to take clients with them?
  • How can they be removed from your letterhead?
  • How can their access to your computer system be eliminated?
  • How does your firm contact your professional liability insurance carrier to let them know the date of attorney departure?

 

Important risk management policies for law firms #3 – Hiring a New Attorney

When you hire a new attorney, make sure that they go through your complete hiring process.  Make sure that they are everything that they claim to be.  Create a policy that outlines the following:

  • Ensure the new attorney is proficient in your firm’s areas of practice.
  • Why are they leaving their current firm? Was there a performance issue, were they a product of downsizing or are they looking for more opportunity?
  • Complete a conflict of interest check with the new attorney and all of the firm’s existing clients. The last thing that you want to do is to bring on a new lawyer and find out a few months later that they have a conflict with one of your biggest clients!
  • Make sure that they are comfortable with your firm’s risk management procedures.

 

Important risk management policies for law firms #4 – Dealing with Unhappy Clients

Clients are the lifeblood of any business.  An unhappy client can lead to bad reviews online, refuse to pay their bill, sue you for malpractice and many other things that can negatively impact your business.

One telltale sign that a client is unhappy is if they ask for a complete copy of their file after services have been rendered.  Another is if they tell you that they are unhappy with you or with the result of their case.

If you notice signs that your client seems to be dissatisfied, sit down and have a conversation with them to try to resolve the issue.  Sometimes, it is just a matter of explaining a legal process that they may not be familiar with.  Once they know why you chose to handle a situation in a certain way, it tends to alleviate their fears.

A common source of client dissatisfaction is lack of communication from the attorney to the client.  This can be solved by the attorney and the client setting up a communication timetable and sticking with it.  If you, as the attorney cannot meet the timetable during the representation, have your assistant or paralegal contact the client with an update.

Confused businessman with a calculatorAnother source of client unhappiness may stem from billing issues.  You are much better off to bill frequently instead of sending one large bill at the end of a case.  Smaller bills with detail help explain to the client what you did and act as an update to the case.  If you wait and send one “final bill” a client may forget how much work you performed and feel the bill is unreasonable.  Additionally, sending incremental invoices will help you get paid quicker.

Important risk management policies for law firms #5 – Docket Systems are CRITICAL

Agenda

If you look at claims that arise against lawyers, one of the most common alleged mistakes is a blown statute.  This is a result from your calendaring system not being used on a regular basis or not being used correctly.  Generally, LPL insurance carriers require that a firm have at least two docket systems with one of them being computerized.  Back up of this system should be on a daily basis.  Create a policy for your firm that details what type of docket systems your firm will use, how often they should be updated, how often they should be backed up, and who in the firm is responsible for maintaining the systems.

For more information on risk management or help creating/implementing these policies and procedures in your law firm, contact Donald Ivol at INtegrity First Corporation today!

Why Does My Company Need Cyber Liability Insurance?

Gadgets-In-Business-Vacation-Shopping-Banners-[Converted]Today’s businesses are more reliant than ever on technology.  Whether it’s an app, a device, or a piece of software, a business can save time and money.  However, this technology may expose them to multiple cyber risks that need to be addressed.  An unhappy ex-employee, a lost cell phone, an insecure password, an out-of-date computer system – these may all be a possible source of a data breach.

What is a data breach?
According to the Ponemon Institute, a breach is defined as an event in which an individual’s name and a medical record and/or a financial record or debit card is potentially put at risk—either in electronic or paper format.

Verizon found in their 2015 Data Breach Investigations report that about 50% of all security incidents are caused by people within your organization!  The other 50% are caused by hackers, viruses, malware, etc.  The people in your organization may not have caused the breach maliciously, but through human error or some other negligence.

Amazing Data Breach Facts

According to Ofcom’s “Adults’ Media Use and Attitudes Report 2013”, 55% of adults use the same password for everything.  Therefore, when one data breach occurs, about 55% of the passwords and information recovered can possibly lead to another breach, which can lead to another, etc. It’s easy to see how you can have a secure system, but if it’s not protected by secure employees, a data breach could easily occur.

login with email and password

The average cost per lost or stolen record in a data breach is $141 dollars according to the 2017 Ponemon Institute Data Breach study.

How many records is your company responsible for?  

When there is a breach in Pennsylvania, you are responsible for notifying each owner of those records that their data has been compromised.  Not only have you lost or diminished the trust of your clients, but you will spend a large amount of money informing them of this fact.

Because your clients can reasonably expect that you will protect their data, failing to do so can also result in federal and/or state fines.  Make sure that you are taking all reasonable steps to protect your data.

How can you protect your company from a data breach?

The first step that you can take is to purchase a cyber liability insurance policy. This allows you to transfer the risk to the insurance company and know that you are covered in the event of a data breach.  For the cost of a nice laptop (under $1500), you can purchase a standalone cyber liability policy.

This policy will help with a number of things when it comes to a data breach.  Most policies will cover the cost of notification, finding the breach source, fixing the source, restoring your clients’ trust, fines and more.  Before you purchase a policy, review the coverage available and ensure that you are fully covered.

The second step that you can take is to train your employees well and make sure that you have office procedures in place to ensure your security.

TOP 5 FREQUENTLY ASKED LIFE INSURANCE QUESTIONS

marriedcouple

The main concept of life insurance is well known and, for the most part, understood by those who purchase it.  Essentially, if you are covered by a life insurance policy and you pass away, a certain amount of money is paid by your life insurance company to the beneficiary you have designated.  While the general concept is easy to grasp, there are several other things to keep in mind,

 

Why should I buy life insurance?

There are many reasons why a person should buy life insurance.  A short list of popular reasons would include: (1) the cost of your own funeral/burial, (2) replacement income for your spouse and/or children as they can no longer rely on you to earn income, (3) mortgage/debt payoff.  Other valid reasons that should be considered include tax-free distribution of your wealth to your heirs/beneficiaries, children’s education expenses and buy/sell agreements for business partners.

 

Do I need to review my life insurance policy after I purchase it?

Yes, it is very important that you take the time to review your life insurance policy every few years.  Although not the case for all, most people undergo some significant changes in their life over a two or three-year time period.  Here are a few examples.

Got married? (Not the same as Got Milk?!)  If so, a review of the policy beneficiary and the value of the death benefit is in order.  No changes have to be made but common sense dictates a modification may be needed.  Got Divorced?  (Again, not the same as Got Milk?!)  The same holds true in this case as when you get married; death benefits and beneficiary should be reviewed for changes.

Purchasing a new home will also trigger the need to review your life insurance policy.  Suddenly, your $50,000 policy becomes insufficient when you consider your new $250,000 mortgage.

Have you gone on a health kick and lost a bunch of weight?  Good for you!  Not only will you be healthier, you may qualify for a preferred insurance rate and obtain more coverage for the same price or pay less premium for more coverage!

Life changes are happening all the time.  Make sure your life insurance policy keeps pace with your life style.

 

 

What is the difference between whole life insurance and term life insurance?

I like simple explanations of things and “simply put” the main difference between term and whole life lies in the name of the type of coverage.  A “whole life” insurance policy is designed to cover you for your entire lifetime. Term life (for this purpose) can be considered short for the word “terminates”.   Term policies are typically designed for a specific period of time and then expire. (i.e. 10 years, 20 years, 30 years).   Because whole life polices usually last longer and have some sort of investment return included in the contract, whole life costs more than term life policies. Because of their specified length of coverage, term life policies are recommended to insure agreements that have timelines ie.mortgages, business arrangements.  As with most products, term life and whole life polices can be designed with a variety of features and benefits.

 

How much life insurance should I have?

A tough question and I am not sure there is one “correct” answer. 

Everyone’s situation is different and there are many variables that come into play: Married, Single, Children, Income, Age, Health. Many professionals advise that the amount of life insurance should be a multiple of your earnings…..perhaps.  I think a better approach is to discuss your specific situation with an insurance professional and agree on an amount that you are comfortable with knowing the reasons why you agreed on that certain amount.

 

Is it hard to apply for life insurance?

No, as the saying goes, it is relatively painless!  An application will be required.  These applications will ask for your personal demographics along with your health history.  Depending on your circumstances, a completed application may be all that is required. In certain circumstances you may be required to have tests performed i.e. blood test, blood pressure, EKG.  Again, the amount of information required and tests performed will depend on your individual circumstances and amounts of life insurance you are seeking.  Remember that your Agent can assist you with the application process and with any questions that you may have.

 

 

 

 

 

ShareFile Portal Perks for INF Clients – 24/7/365 Access for YOU!

As an INF client, you have access to the INF ShareFile Portal 24/7/365! This is a huge perk of working with INF. You have all of your data at your fingertips.
However, we have received multiple questions regarding the portal. We hope to clear up any confusion with this post.
Why does INF use ShareFile?
We wanted our clients to have access to their current lawyers professional liability insurance application and policy securely from anywhere at any time. We use our ShareFile portal to make that happen!
ShareFile has the following security features:

  • Third-party validated application and datacenter controls from SOC 2 and SSAE 16 audits.
  • Bank-level encryption in transit and at rest.
  • Two-factor authentication and single sign-on for added security.
  • Multiple data storage locations around the globe.
  • 99.9 percent uptime and disaster recovery centers in the United States and Europe.

In other words, ShareFile is very secure! INF is highly concerned with protecting your data.
How do I get to the portal?
Go to https://integrityfirstins.sharefile.com and you will be presented with the following screen:

SharefilePerksPic1
What username should I use?
Your username for the portal is the email address that you have on file with INF. If your email address changes, just let us know and we can change the username for you.
What if I don’t know my password?
Click on the “Forgot Password?” link on the Sign In page.

SharefilePerksPic2

This will take you to the “Forgot Password” page. It will ask you to enter your email address and to fulfill a CAPTCHA request to prove that you are human.
SharefilePerksPic3

Once you click “Send”, it will email you a “Password Reset” email from “Sharefile Support”.

SharefilePerksPic4

Click on the “Reset your password now” link. This will open a browser with the “Reset Password” instructions.

SharefilePerksPic5

Fill in the required fields and click the “Reset Password” button. This will officially reset your ShareFile password.
What is contained in the portal?
Your portal contains your current lawyers professional liability policy as well as your original application. Additionally, if you have been a customer of INF for more than one year, the portal contains all of your LPL policies and applications since 2015. You can download these pdfs whenever you would like.

I want multiple people in my office to have access to my files. Is that possible?
Yes, it is. Email sivol@integrityfirstins.biz with the person’s name and email address that you would like to add to your portal. They will be added within 48 hours. This can be done with multiple people as well.

Can I access the portal on my mobile device?
Yes, you have TWO ways to access it:
1 – You can get to the portal via the browser on your mobile device
2 – You can download the “Citrix ShareFile for iPhone and iPad” (https://itunes.apple.com/us/app/citrix-sharefile-for-ipad/id440596621?mt=8) app and sign in with your credentials. This app is also available from the Google Play Store (https://play.google.com/store/apps/details?id=com.sharefile.mobile&hl=en) and the Windows Store (http://apps.microsoft.com/windows/en-us/app/sharefile/b7940fda-b088-4af4-869b-e21a737bb26f).
You now can have a copy of your LPL insurance policy with you wherever you go!

Once I’m signed in, how do I download my policy?
Click on “Shared Folders” on the left-hand side menu to bring up your folder structure. Your folder name should contain your LPL expiration date and your firm name. Click on the folder to reveal the contents. This is where your policy is stored. To download the policy (or any document), click on the name of the document. This takes you to a preview screen, where you can see the document. It also gives you a few options on the right-hand side of the screen.

SharefilePerksPic6

You can download, copy or print the document from here.