It seems like we are getting back to some kind of normalcy with more and more people going back to the office. However, there are still many people working from home.
If you’re in this situation and you have an employee working from home, don’t let your guard down. From a risk management perspective, that person still needs to be supervised, have adequate protection on the computer, printer and scanner that they are using from home.
If they’re remotely accessing your system, make sure their passwords are strong and are changed on a routine basis.
Regular meetings should be conducted by telephone and or zoom type calls. This helps keep everyone connected and on the same page when it comes to the firm’s workflow and processes.
These meetings don’t have to be hours long, nor do they have to be every day, but they should be completed on a consistent and routine basis. So no one gets left behind in the workflow.
Hopefully, this soon will all be a distant memory and we will be back in that office routine. But until then, again, don’t let your guard down when it comes to your offices and your clients’ protection.
With the multitude of ransomware attacks that have been in the news recently, we’ve been receiving various questions surrounding this topic. So, we wanted to clear up any confusion on this topic.
First of all, what is ransomware?
As the name suggests, it is software that can hold your individual computer or your business’ entire system for ransom. A cyber thief will take control of your network and not relinquish control until you have paid the requested amount.
According to Chainanalysis, which is a blockchain research firm, ransomware attacks are up over 340% in the past year. Over $400 million dollars have been paid in ransoms.
The average ransom amount has been on the rise over the past few years. In 2021, the average ransom requested is over $50,000.
Naturally, this leads us to the question of “How does ransomware get on your computer or in your network?”
The most typical way hackers accomplish this is via phishing emails. These emails will pretend to be from an authoritative entity, like your bank or PayPal. In reality, they are just posing as them and hoping to get you to enter your username and password into an online form that they created.
Now, according to security company SecureAuth, more than 50% of people use the same password for multiple accounts. Thus, if a hacker can get one username and password combination from you, there’s a 50% chance that it can be used for all accounts that are associated with you.
Another common way that a ransomware attack occurs is through tricking you or your employees into downloading a piece of malicious software. The download could appear to be a pdf or some other innocuous file type. Once it’s in your system, it works like a virus. It will lock everyone out and demand a payment.
What happens if you refuse to pay?
If you choose not to pay the ransom, there are a few different scenarios that could happen.
Scenario 1 – They move onto the next victim. This is the best-case scenario and leaves you in a position of having to restore your system.
Scenario 2 – They discover that you won’t pay, so they leak private information about you or your clients online. Depending upon what type of data you store, this could prove to be a huge blow to your reputation.
Scenario 3 – They discover that you won’t pay, so they decide to make their money a different way. They sell the private data of you and your clients on the dark web. Again, depending upon what type of data you have, they could make more money this way than if you decided to pay.
So, how can you protect yourself and your business from this type of attack?
There are 5 very clear steps for you to take to accomplish this goal.
Step 1 – Make sure that your entire system is backed up nightly offsite and off-network. You should retain at least 2 weeks of full backups (or a month if you have the digital space). This way, if the code doesn’t attack right away, you have the option of multiple data sets.
Step 2 – Have a plan in place for restoring from a backup in 24 hours or less if possible.
Step 3 – Train your employees to recognize cyber threats in all forms. There are many cyber training programs available that will send tips, tricks and quizzes on a monthly basis.
Step 4 – Keep your antivirus and firewall software up to date. You will see some added protection if you get your employees to use a VPN as well.
Step 5 –No system is impenetrable and many times, human error is the cause. Purchase a standalone cyber insurance policy to guard against this. Most cyber insurance policies cover this type of attack and provide the support to get you back up and running smoothly.
Have questions about any of these steps or how to purchase a cyber policy? Contact INF at 412.563.2106. We can get you a policy in less than a week!
No one likes to report a legal malpractice claim to their carrier. It reminds us that we made a mistake or that very difficult client that is impossible to satisfy.
To make matters worse, legal malpractice policies demand that we also report any potential claims, not just actual claims, but those issues that may develop into an actual claim.
All claims, whether actual claims or potential claims must be reported to the carrier as soon as you become aware of them. Don’t delay this process. Slow reporting to the carrier can and will cost you money in that the carrier can simply deny your claim because the claim wasn’t timely reported. Proper notice must be given to the carrier.
A good tip is to review your policy and make sure you’re familiar with the reporting process. Making that call or writing that letter may be painful and dredge up a few bad memories or two, but it will provide a level of comfort knowing that the report was made and the denial of coverage is not in the cards for late reporting.
Having trouble getting gas recently? I think we’ve been pretty fortunate in Pennsylvania in that the pipeline shutdown did not hit us too badly.
It does, however, drive home the point that if you haven’t purchased a standalone cyber policy, or at least considered it, you should. Cyber attacks have been on the rise in all sizes and types of industries and professions.
Some of the legal malpractice policies, perhaps even yours may include cyber coverage. Although it is a nice feature and benefit to have in the policy, it usually is nowhere near enough coverage. The limits are usually sub limits lower than your aggregate policy limit. The coverage is limited in scope, and it can dilute the insuring agreement.
Don’t get me wrong. Any added benefits in your insurance policy is usually a good thing. But don’t depend on ancillary coverage to protect your firm and your clients data. You should look into obtaining a standalone cyber policy.
Do you know that more than 50% of cyber attacks are due to employee error and negligence, and part of that negligence and errors are due to the opening of malicious attachments, and the employee’s inability to identify a malicious attachment? Well, I’m here today to give you a few tips on how you and your employees can identify those malicious attachments.
One, always listen to your malware alert. If your email service or your antivirus software tells you not to open the attachment, don’t open the attachment, listen to it!
Two, check out the message. Do you know who actually sent you the attachment? If you don’t know who sent you the attachment, maybe it’s best not to open the attachment. Does the email content actually look normal? Or look like most of the emails that you get? Is it jumbled? Are there misspellings? Is your name misspelled in it? Those are pretty good signs that the attachment is in fact malware.
Check out the attachment file extension. If it is a .exe, don’t open it. That’s an executable file and you do not want to open it in your email. Other attachment file extensions that are most likely malware are the .docm extension, the .xlsm extension and the .pptm extension. If you see those, I wouldn’t open the attachment. Just be careful and think twice before you open any attachment.
And lastly, always, always make sure that your antivirus software is up to date and current.
I’m starting a small business. What insurance do I need?
When starting a small business, most of the time, money is pretty tight and price is a major consideration when deciding to buy anything. Usually, and unfortunately, insurance is pretty much always close to the bottom of the list.
At a bare minimum, you do need to consider the purchase of any insurances that are mandated or required by the state that you’re in, and the industry that you’re practicing in.
In my opinion, the most common required insurance in Pennsylvania is workers compensation. If you have employees, you need a workers compensation policy to cover them in the event that they are injured on the job. You should have this in place on the day you open up shop.
Next, you should think about protecting yourself and the assets of your business. This can usually be accomplished with the purchase of a business owners package, which would include general liability coverage and coverage on the business personal property.
General Liability protects you against negligence claims, and the business personal property actually protects the property of the business. Depending on the amount in your specific industry, these small business packages can be purchased starting at $500.
Again, a lot goes into pricing and the pricing will vary. There are several other coverages that you need to consider and review, such as employee benefits, health insurance, professional liability insurance, cyber insurance, bonds, and crime policies, just to name a few.
But if you’re just starting out, you need to make sure you address the first three items that we talked about – workers compensation and a small business owners package which protects in general liability, and business personal property.
Are you looking for ways to lower your legal malpractice insurance premiums and help turn prospects into firm clients? Look no further than your firm’s website and online presence.
Insurance carriers now review your firm’s website in an effort to try and get a better picture of you. They are looking at the site content describing your areas of practice, the type and size of your clients, risk management procedures, articles in the firm newsletter, blog, your Google My Business profile and social media feeds.
They are trying to determine if your law firm’s site conforms with the ABA and or state bar association rules and guidelines on advertising and e-platforms. What the underwriter sees and interprets from your site will impact on how he or she views the exposure your firm creates and will influence the pricing up or down.
One of the content items that seems to regularly raise a red flag is the listing of the firm’s practice areas on the site. Firms will often boast several areas of practice on the site, some of which they haven’t had a case in that area for years.
I realize that it may seem like a good idea to list as many areas as possible to try and draw in clients. I have even spoken to firms that have told me that they want the web site to project the firm as having that “large firm” appeal or sophistication impact.
From an underwriting and pricing standpoint, know that it can have a negative impact. Especially if several of the areas of practice are considered higher risk areas such as: Oil and Gas, Securities, Intellectual Property (copyright patent trademark), Class Action and some Employment law.
Additionally, from a marketing standpoint, listing areas of practice that you do not typically deal in can have negative effects on your search engine optimization as well. Google wants to know what your firm does well and they want to show your website to people searching for that skill.
When you list many areas of practice and don’t have a concentration on a particular niche, your website is less likely to show up in the organic search results for what you do best!
Please know, I am not trying to tell you how to advertise or practice. That obviously is up to you. I am telling you that you should be as accurate as you can with the content on your website, Google My Business listing and social media profiles.
Know that people other than prospects are looking at your website including insurance carriers and even your competition. Keep your online presence updated, relevant and interactive.
It will give the insurance carriers an accurate picture of your firm, coordinate and confirm the information you list on the malpractice application and help drive the type of prospects to your website the firm wants to have as new clients.
A loss only deductible, which is also commonly referred to as first dollar defense, is a deductible type that will only apply in the event that there is a settlement of a claim.
This means that if you are sued, and there are defense costs and other types of incidental costs, they’re not going to apply to your deductible. Your deductible is only going to apply in the event that there is some type of loss, i.e. settlement.
Is there a minimum limit that you need to carry on your legal malpractice policy as an attorney in Pennsylvania?
There is no limit that is required. As a matter of fact, you don’t have to carry legal malpractice insurance at all. However, keep in mind, if you do not carry at least $100,000 per claim, and $300,000 aggregate limit, you do have to disclose that fact to your clients that you do not carry the minimum of 100/300. On a side note, 100/300 limits is really not sufficient either.
It is recommended that if you are going to carry legal malpractice insurance, you need at least half a million dollars per claim. Don’t get caught uninsured or underinsured.
Contact us at INtegrity First Corporation and we will be glad to answer any questions regarding legal malpractice insurance.