You as lawyers have several choices when it comes to legal malpractice insurance. My guess is all brokers selling this type of coverage will tell you that their policy or program is a good one. But what exactly makes up a good program?
Let me tell you what I think makes up a good program and distinguishes it from other insurance program or policies in the marketplace:
1. A malpractice helpline or hotline for insureds. This is important as it provides an outlet for the insureds to discuss the disciplinary or claim issue with one of their colleagues.
2. A library of risk management tools. For example, sample copies of engagement letters, disengagement letters, samples of conflicts of interest checks and examples of docket control systems. This can be web site based or hard copies
3. Risk Management classes and or videos that may or may not provide CLE credit
4. Comprehensive policy form that provides: full prior acts coverage, career coverage, broad definition of professional services, unlimited tail coverage endorsement and a free retirement tail when appropriate.
5. An involved and experienced broker. Does your broker look like me, act like me, talk like me? If not they should. A broker is your connection to the carrier. Likewise the broker is the carrier’s connection to you. Education, dedication and commitment is a must. LPL is not a one size fits all, not even a one carrier fits all kind of product.
When searching for or reviewing your legal malpractice insurance program, you may not be able to secure everything I just mentioned but a good program will have most of them.
Well, welcome to July! Hard to believe July is already here. We at INtegrity First Corportation recognize/celebrate the month of July as Legal Malpractice Insurance Awareness month. Similar to September being Life Insurance Awareness Month and October being Cyber Insurance Awareness Month. And what better way to kick off the month than a short discussion on why malpractice insurance is so important. This fourth of July as we celebrate this great nation of ours don’t be red white and blue. Be red white and insured or covered.
I personally believe that there is no better way for lawyers to protect themselves, their practices and perhaps more importantly their clients! Everyone makes mistakes and lawyers are not excluded from this fact. Some mistakes are small and insignificant and can be resolved by the lawyer. Other mistakes however are more severe. They can cause harm to the client, and affect the reputation of the lawyer. These claims/mistakes requires special expertise, legal defense counsel and significant resources to resolve. This is where your legal malpractice insurance coverage/program pays huge dividends.
Your coverage will provide the guidance and assistance throughout the process, provide for defense counsel and settlement funds if needed. It also provides for a vigorous defense of you protecting your reputation from those annoying frivolous claims that often times get filed against you.
A good lawyers professional liability policy is worth its weight in gold! Make sure you have one!
Enter to win two FREE Steelers Tickets!
As we at Integrity First Corporation celebrate the month of July as lawyers legal malpractice insurance Awareness Month, we are honoring you, the lawyer, and offering you a chance to win two free Steelers tickets to an upcoming game during the 2023 2024 season.
Many carriers trying to be innovative or distinguish themselves in the Legal Malpractice marketplace try to add certain coverages to the policy hoping to get your business. While any additional coverage is a good thing, sometimes the advertising and marketing of the additional coverages can cause confusion about the type and extent of the additional coverages offered.
Some of the additional or ancillary coverages that carriers in the Legal Malpractice marketplace are marketing/providing are: Cyber Coverage, D&O Coverage, Fidelity Coverage and even some BOP coverage or business owners. Again, the additional coverages are not bad to have but they should not be thought of as complete coverage for that type of exposure. All of these ancillary coverages are just that – ancillary. Don’t be fooled in thinking that the ancillary coverage is all you need for those exposures. The ancillary coverage will provide minimal coverage in terms of depth and limits.
For a more comprehensive coverage with broad depth and adequate limits, you should consider a standalone or separate policy for each of the exposures that exist in your firm. Although buying separate policies for cyber, business owners, and crime coverage will add to your outlay of cash it should provide adequate protection for you and the firm in the event of a claim or loss. Notice I did not mention D&O coverage, if you sit on a non profit or for profit board you definitely need to check with that entity and confirm that they do have an inforce policy that protects you in your position as board member.
Don’t depend on your Legal Malpractice policy to act as a cover all policy. It’s not! It’s great to have supplemental and ancillary coverages in the legal malpractice policy but it is a mistake to believe these types of coverage will provide the coverage needed in a claim situation. Investigate standalone policies.
Time doesn’t stand still and we are not getting any younger. At least I’m not. Eventually we all will at some point retire. As lawyers in the private practice of law, you need to prepare for retirement from an insurance perspective.
When you retire, you want to make sure that you take the proper steps to maintain the coverage you paid for in all the years prior. You do this by securing what is known as tail coverage referred to as an Extended Reporting Provision. Tail coverage will allow you to report future claims filed against you stemming from professional services you provided to clients prior to your retirement. Hence the term tail coverage.
Tail coverage is an essential piece of your retirement plan and it is not inexpensive (cheap). The cost of tail coverage is usually based upon a percentage of the last premium you paid prior to retirement. Cost can be upwards of 300% of the last premium paid. For example if the last premium you paid for your policy prior to retirement was $2000, your tail coverage could cost as much as $6000.
It is important to note and to plan for that most carriers will offer a free retirement tail providing that you satisfy certain requirements. Different carriers have different requirements however most stipulate that you must have been insured with the carrier for three consecutive years to be eligible for a free retirement tail. Therefore you need to check with your broker and confirm what the requirements are in order to obtain a free retirement tail.
Do not wait until the last minute to check as we are talking time requirements of at least three years and be careful as to not change carriers when you are within that three year time frame. And if you do have to change carriers when in that retirement time frame, consult with your broker on what you will need to do to obtain a free tail with the new carrier. There may be options where you won’t have to start over at year 1 of being continuously insured.
Remember, when you’re getting close to retirement, ask questions, get answers and confirm that you qualify for a free tail or at a minimum can purchase a tail. It will help provide for a secure retirement and possibly add a little more cash to your retirement savings.
Professional Services On Behalf of the Named Insured, that term or similar term is in most, not all, but most lawyers malpractice insurance policies. It is intended to limit the policy coverage to lawyers in the law firm that are providing legal services to clients of the law firm only. Keep in mind that the name of the law firm is usually the name of the Named Insured listed on the policy.
This term usually is a good thing for the law firm in that it does limit the exposure and coverage to the law firm business. It can however be quite a surprise to any firm lawyers working outside the law firm in a “side” venture and moonlighting situation. The policy will not cover professional services performed for anyone that is not a client of the Named Insured/Law Firm.
There are instances where lawyers have worked in a law firm and also maintain a solo part time law practice away from the law firm. Thinking that they had malpractice insurance coverage with the law firm, did not bother to purchase a separate policy for their part time solo work. They did not realize they had no coverage until they were sued for work performed in their part time solo capacity. Ouch! That is a hard lesson.
This situation can also occur if when working in a firm the lawyer agrees to provide legal service for a friend or family member and doesn’t run the business through the firm or sign the client up as a client of the firm.
So check who is the Named Insured on your legal malpractice policy. Make sure it is correct, again it is usually the name of the law firm. Be certain that all lawyers in the firm know that they are NOT or may not be covered by the law firm policy for legal services they perform for others who are not client’s of the firm.
I was recently at a malpractice program given by a carrier we use and they were talking about where their claims are coming from. One of the top 3 causes they presented was conflict of interest. I can’t say that this shocked me but I was a little bit surprised this was in the top 3!
Back in the 90’s conflicts of interest was a huge risk management topic and was on everyone’s radar. For the past several years however the topic seemed to cool when discussing legal malpractice, so to hear it was in the top 3 did catch my attention. It should also catch your attention too!
Conflicts of interest are easy to get caught up in if you’re not careful. They come in many different disguises right? Representing both parties in the same case be it divorce or accident, representing a new client against a former client, having an ownership interest in your client, managing and or directing a clients business. The list can go on and on.
Be careful to not get caught up in the friends and family plan either. You may have had this happen to you when a family member might say “My wife and I want a quick divorce, here is what we agreed to. Can you draw up the paperwork and we’ll both sign and be done?” or a similar situation where you are asked to help save your friends money by representing both sides in any transaction. Friends and Family can and do sue.
So just a heads up to stay vigilant with COI checks so you don’t become part of the top 3.
“Amateurs hack systems, professionals hack people.” – Bruce Schneier
What is social engineering?
Social engineering occurs when somebody acts like something that they’re not to get information from you so they can better themselves. We’ve heard a lot of stories that involve law firms and wire transfer fraud.
Common Social Engineering Schemes Aimed At Attorneys
There was a firm in North Carolina and they received a phone call, supposedly, from the bank saying, “We noticed some interesting activity on your account. I just want to verify we’re talking to the right person, what’s your username and password?” That firm gave the person on the phone their bank username and password. The bank said, “We’re gonna send you a code. We just want to make sure that you are who you are – let us know what the code is and then we’re going to talk about the issues with your account.” So instead, unbeknownst to the law firm, the people on the phone actually signed into their bank, initiated a wire transfer, and sent them the code needed for the wire transfer. So the law firm received the code and provided it to the people on the phone, they put it in, and then they went on to just have a fake conversation about what was wrong with their account. At the end, they said it just turned out to be an internal error and everything was fine. And 30 minutes later, the firm finds out that there was a wire transfer that they didn’t know about that they didn’t authorize. And in fact, it ended up being the person on the phone that allowed it all to happen.
This is a very common thing that we’ve been hearing more and more lately and it is a very common social engineering scheme aimed at attorneys.
Another one is, they’ll call you and appear like they are from a nonprofit, and they’ll try to, again, get some sort of wire transfer normally.
And then the final one that’s really, really common is they’ll send emails to you as your client. So it’s actually quite easy to appear to send an email as somebody else. It’s called email spoofing. An eight year old could do it, it’s so easy. They’ll send emails to you as your client, and they’ll say, “Hey, are you at the office? Can we send a wire out today? I’m busy, just go ahead and do it and email me when it’s done.” Anytime you get anything like that from your clients, you will need to put something in place where there’s some sort of two factor authentication. Something as simple as if they email you, you have to talk to them on the phone before proceeding. Having processes in place to combat social engineering is, again, part of that knowledge that needs to happen.
Social engineering is definitely an issue, and attorneys are one of the main people that they’ll go after because you have access to such important information.
Is This Really Happening?
I can tell you that, obviously, there have been claims, and whether they’re funds, transfer funds, transfers, or just hacks into the system to try to get information such as social security numbers, ein numbers, birth date health records of clients, it’s happening all the time, and it happens everywhere. The smaller law firms that don’t have a ton of money to spend on high priced security systems out there, they’re considered low hanging fruit or as I said, the easy targets for cyber criminals so be careful.
In the past five years, banks have spent about $90 billion on guarding against social engineering. They’re making it a lot harder to get into their information.
In 2022, cyber criminals have sent about 3.3 billion phishing messages and caused over 4000 data breaches. This exposed about 22 billion personal records.
What is Phishing?
Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legit institution to lure individuals into providing sensitive info. And such as PII banking and credit card details and passwords. The information is then used to access important accounts and can result in identity theft and financial loss.
How do we fight phishing?
Humans are the number one cause of phishing schemes to succeed. So knowledge is definitely going to be one of your big tools. Make your employees knowledgeable about phishing attacks, the common phishing attacks that are happening now and answer any questions that they might have about these different security issues.
Over 50% of the attacks were caused by humans, but that other 40 something percent was caused by issues in the system. So having safeguards in place, such as a really good spam filter, can help fight against phishing.
And what’s interesting is, Google actually has better safeguards in place than Microsoft Office. So organizations that use Office 365, are more than three times as likely to experience a business email compromise when compared to Google Gmail for business.
One reason that’s probably true is because Microsoft only has access to their small amount of data that is Microsoft specific, whereas Google has access to 90% of the world’s data on the internet. So it would make sense that the Google spam filter and their email filters are much, much stronger, because they have access to so much more data.
Ways to spot phishing schemes
It contains an offer, that’s, that’s too good to be true
If you’ve ever received an email that said “click here to claim your $500 reward”, they want you to go to a website and put in your name and your bank account so they can deposit that $500 reward.
Language that’s urgent, alarming or threatening
In one week, we had three different clients send an email that says the subject line is urgent, your site has been hacked. And the email goes on to say, deliver $3,000 in Bitcoin, or we will take your website offline, and put something else up in its place. So anytime you receive anything like that, that’s definitely a big key to spotting phishing.
Poorly crafted writing with misspellings and bad grammar
Now, this next one, it’s not as prevalent anymore with AI becoming a lot more in tune. More of, you know, chat, GBT, stuff like that. You and I know that no financial institution and no attorney is going to send out anything that has bad grammar. So that’s definitely a way to spot a phishing email.
Greetings that are ambiguous or very generic
You may receive an email that says hello gentleman, or welcome lady. Ignore these.
Requests to send personal information.
This happens a lot with people pretending to be banks, or pretending to be PayPal. They’ll say, oh, there’s an issue with your account, click here to sign in and put in your financial information so we can verify it. Don’t do that. PayPal and banks have come out and said, we will never send you an email that’s like that, so that’s definitely an email to ignore.
Urgency to click on unfamiliar hyperlinks or an attachment
A real website for a bank, credit card company, or other business won’t look or feel like it’s trying too hard. You won’t find important messages spread all over these sites. If you go to a site and it seems to have a lot of urgent messages that don’t seem to fit, you should check the URL to make sure you’re in the right place. Phishers use this kind of urgency to make it more likely that people will share sensitive information quickly and willingly.
Strange or erupt business requests
In this type of phishing attack, the victim is sent an email from an address they know, like the CEO, the Human Resources Manager, or the IT support department. The email tells the victim that they need to act quickly and transfer money, update information about their employees, or install a new app on their computer.
Fuzzy or low resolution images
A company will never send you an email where their logo looks bad. If their logo looks bad or fuzzy, whoever sent it didn’t have access to the high resolution version of it. So it’s not from them.
The sending email address doesn’t match the company where it’s coming from
So if they say, Hi, this is PayPal, but the address says PayPal1234@outlook.com, those two don’t mesh. And so, you know it’s not from PayPal.
What does a phishing email look like?
As an example, we have this email where you can see this isn’t the actual PayPal logo, it’s a little bit different. It’s missing a few features. And then it says response required. Then you can see here it says firstname.lastname@example.org. The purpose of this email is they want you to click this login and put in your username and password, so they have your paypal username and password.
Common phishing schemes
Compromised credit card
Social media requests
Google Docs fake login
IT support request
Questions about anything in this article? Contact Stacey Ivol at 412-563-2106 or email her at email@example.com
When it comes time to purchase or renew a legal malpractice policy, most people focus on price, which is not a bad thing. If it’s not the top priority, it is certainly in the top five. There are, however, other items that should be included on that list. Today, I want to give you my top items on my list in no order of importance.
1. Prior acts coverage. Why is that important? Most claims filed against lawyers stem from professional services they provided five or more years ago. You don’t want a policy that excludes that type of claim.
2. Definition of professional services. Many lawyers wear many hats when providing professional services, acting as an arbitrator, mediator, trustee, Guardian, and title agent, just to name a few. Make sure that these services are not excluded in the policy that you purchase.
3. Speaking of exclusions, number three is exclusions. I’ve long said that if you’re going to read only one section of the policy, read the exclusion section. At least this gives you some idea of what is not going to be covered under the policy. I have seen policies that have less than 10 exclusions. I’ve seen policies that have more than 25 exclusions. I’m not saying that the policy with 25 exclusions is any worse than the one that has 10 exclusions, but you need to read them and make sure if any of them apply to you.
4. Extended reporting periods or extended reporting coverages. It’s commonly referred to as tail coverage. In the event that you quit practicing law, or you retire from the private practice of law, this provision will allow you to purchase an endorsement that allows you to report future claims that are filed against you for services that you performed in the past that would have been covered under your last policy.
5. We’re going to come full circle and back to price. Price is important. Nobody wants to overpay for a policy. But please remember your objective when you first started the process. Your objective should have been to find a policy that provides the coverage you need and protects both you and your client all at a reasonable cost.
If you don’t have any writing about what work you did, it’s pretty difficult to justify the work that you did perform.
I suggest this to everybody. Even if you’re not billing hourly it’s easier to write down what you did because if you get in that situation later, it’s a lot easier to say this is the work I did and I earned that fee; I know that because I wrote it down.
And you don’t need to, but if you write down and send the work that you are doing to your client periodically, it’s even better.
Scott Eberle is on several insurance carriers defense panels. He’s been doing this type of work for many years. In my opinion, he’s one of the best presenters of legal malpractice and how to prevent it. So I think you’re in for a treat in terms of taking back some good information that you can implement in your firms.
Meet Scott Eberle
“My name is Scott Eberle, I am an attorney at Burns White in Pittsburgh where my practice focuses on representation of professionals, lawsuits and ethics matters. I’m focused on representation of lawyers in legal malpractice lawsuits, as well as ethics issues either in front of the office of disciplinary Council, or just general ethics consultation. I help attorneys navigate the issues that come up in their practice and I’m able to provide guidance on what you need to do to follow the rules of professional conduct to not get yourself in potential trouble with the disciplinary council.”