Category Archives: Cyber Security

The $8.5 Million Mistake: How Real Estate Wire Fraud Can Destroy a Closing Overnight

Posted on by

Your client wires $8.5 million to close on their dream property… but the money never reaches the seller.

Instead, it lands in a criminal’s account — and disappears forever.

This isn’t a thriller or a cautionary tale told at legal seminars.
It’s happening to law firms, title companies, and real estate professionals across the country right now.
And if you’re not taking precautions, it could happen to you.

How Real Estate Wire Fraud Works

Wire fraud schemes are disturbingly simple — and brutally effective.

Hackers infiltrate a lawyer’s or real estate agent’s email account, often by exploiting weak passwords or phishing links.
Once inside, they quietly monitor communication for weeks or even months, studying how you and your clients talk about the transaction.

Then, just days before closing, they strike.

They send your client a fake email — nearly identical to yours — with “updated wiring instructions.” The logo matches. The tone matches. Even the signature block looks right.

Except for one tiny detail:
The email address is off by a single letter.

Example:
Real: lawyer@firm.com
Fake: lawyer@firrn.com

Your client, eager to finalize the deal, follows the instructions and wires the funds — straight into the hacker’s account.
By the time anyone notices, it’s too late.

Why Attorneys Are Prime Targets

Real estate closings are a gold mine for cybercriminals:

  • They involve large sums of money
  • They happen under tight deadlines
  • They require constant communication among buyers, sellers, lenders, agents, and attorneys

When stress is high and time is short, mistakes happen — and hackers count on it.
And when millions vanish, the first question everyone asks is:

“Who’s responsible?”

All too often, the finger points at the attorney.

A 3-Step Plan to Stop Wire Fraud Cold

The good news?
You can prevent most wire fraud attempts with three simple steps.

1. Verify Wiring Instructions by Phone

Before any funds are transferred, have your client call a known, trusted phone number to confirm the wiring details.
Not the number in the email — the one you gave them at the start of the engagement.
Even a 30-second phone call can save millions.

2. Educate Your Clients Early

Make it part of your onboarding process to warn clients about wire fraud.
Tell them exactly what to expect — and what not to.
Use this simple script:

“We will never send you wiring instructions by email without verbal confirmation.”

Setting expectations early can eliminate panic and prevent confusion when scammers strike.

3. Use Secure Communication Tools

Whenever possible, send wiring instructions and sensitive details through encrypted portals instead of email.
Think of it as locking the message in a safe instead of dropping it in an open mailbox.

Final Thoughts

Wire fraud isn’t just a technology problem — it’s a people problem.


Hackers rely on trust, urgency, and human error to make their schemes work.
But by slowing down, verifying, and securing your communication, you can protect your clients, your firm, and your reputation.

Bonus Tip: Want to Learn More?

For more real-world stories about cyber risks facing attorneys, check out Don Ivol’s book Game Over? Not Today!
It’s packed with lessons and strategies to help professionals stay one step ahead of cyber threats.

The Hidden Dangers of Public Wi-Fi for Attorneys

Posted on by

Would you hand your briefcase full of confidential client files to a total stranger at Starbucks?
Probably not.

But every time you hop on public Wi-Fi without protection, that’s basically what you’re doing — without even realizing it.

The Illusion of “Free” Wi-Fi

Public Wi-Fi networks at airports, hotels, and coffee shops seem harmless — even convenient. But here’s the truth: these networks are wide-open doors for cybercriminals.

Hackers can launch what’s known as a “man-in-the-middle” attack, which means they slip between you and the internet, secretly watching everything you send — emails, client documents, and even your login credentials.

It’s like passing your case files through a stranger who reads every page before forwarding it along.

Why Attorneys Are Prime Targets

As an attorney, you handle some of the most sensitive information imaginable — from real-estate transactions and business deals to medical records and trust accounts. A single intercepted email could lead to:

  • A breach of client confidentiality
  • Wire fraud involving client trust accounts
  • Or even a malpractice claim

And let’s face it — your reputation is everything. One careless connection on public Wi-Fi could cost you clients, your credibility, and potentially thousands in damages.

How to Protect Yourself (and Your Clients)

The good news? Protecting yourself doesn’t have to be complicated. Here are three quick ways to stay secure when working remotely:

1. Use a VPN (Virtual Private Network)

A VPN encrypts your connection, locking your data in a secure “briefcase” before it travels online. Even if someone intercepts it, they can’t read it.

2. Use Your Phone’s Hotspot

When possible, connect through your mobile data instead of public Wi-Fi. Your phone’s network is far more secure than that “free coffee shop Wi-Fi.”

3. Double-Check the Network Name

Hackers often set up fake Wi-Fi networks with names like “Free Hotel Wi-Fi” or “Airport Guest.” Always verify the exact network name before connecting — or ask an employee to confirm it.

These small steps make it dramatically harder for cybercriminals to snoop on your information.

Cybersecurity Is Client Protection

Cybersecurity isn’t just about safeguarding your computer — it’s about protecting your clients, your firm, and your reputation.

So the next time you’re working outside the office, take a moment before you connect. A little caution now can save you a massive headache later.

Optional Add-On (for Don’s Book Mention)

For even more cybersecurity tips tailored to law firms, check out Don Ivol’s book, Game Over? Not Today! — your guide to understanding the cyber risks every attorney needs to know.

Trust Your Systems

Posted on by

I just got back from playing a round of golf, and while I had a great time thanks to my playing partner, my actual game was pretty lousy. Like most golfers, on the drive home I caught myself thinking: maybe it’s time for a new putter, a different set of clubs, or a new brand of golf balls.

But then it hit me — my clubs didn’t suddenly get worse in the past two weeks. My golf balls didn’t change. And my putter didn’t lose its magic. The truth was simple: it wasn’t the equipment, it was me.

My tempo was off. I was swinging too fast. I wasn’t focused. And that got me thinking: the same thing happens in business — especially in law firms.

The “Equipment” Problem in Law Firms

When something goes wrong in a firm — a missed statute of limitations, a conflict of interest issue, or a client complaint — our first instinct is often to blame the system.

  • “The calendaring program let us down.”
  • “The conflict checker didn’t catch it.”
  • “We need a better case management tool.”

That knee-jerk reaction leads many attorneys to shop for the “latest and greatest” software. But just like with golf, buying new equipment doesn’t always solve the problem.

It’s Not the Tools, It’s the Process

Before rushing out to invest in new programs, it’s worth asking: Are we using the systems we already have, properly and consistently?

A few examples to consider:

  • Calendaring systems: Are you and your staff updating them daily without fail?
  • Conflict of interest checks: Are all clients, former clients, and ownership interests properly logged?
  • Client documentation: Are you recording every conversation, every update, in the system right away — or are you telling yourself you’ll “do it later” and never getting back to it?

When these steps slip, it’s not the software that failed. It’s the process.

A Weekly (or Bi-Weekly) Check-In

The fix isn’t shiny new tools. It’s discipline. Take a few minutes each week — or at least every two weeks — to sit down with your team and review:

  • Are we updating systems the way we should?
  • Are we putting in accurate, complete information?
  • Are we letting bad habits slide?

Your systems are only as good as the information you feed into them. If you don’t use them consistently, even the most expensive software won’t save you.

Back to the Golf Course

Golf taught me this: you don’t need a brand-new set of clubs every time you have a bad round. You need to slow down, adjust your swing, and focus on the fundamentals.

In the same way, law firms don’t always need new programs when mistakes happen. They need to look inward, review processes, and make sure the team is disciplined in using the systems already in place.

Remember: success isn’t about the latest equipment — it’s about how you use it.

Real-Life Cyber Claim Examples With Don Ivol

Posted on by

Lawyers often ask for proof that cyber events and data mistakes really hit small firms—and what those losses look like in dollars. Below are two real-world claim scenarios to help you see how quickly costs add up and which safeguards (and coverages) matter most.

#1: Shared Office, Shared IT… Total Data Loss

The setup:


A three-lawyer firm subleased space from a larger firm and piggy-backed on the larger firm’s IT. To “separate” data, the small firm was given its own file server (originally used for email).

What went wrong:


The larger firm’s IT admin backed up email, formatted the shared server, and reinstalled software—but forgot to back up the small firm’s files. Result: complete data loss and an operational shutdown while the firm tried to rebuild.

Documented impact:

  • Data restoration expenses: $23,000
  • Lost billable hours: roughly $98,900 (about “$99k” in the narrative)

Why this matters:


Not every disaster is a hacker. Plain old human error and poor segregation of systems can be just as destructive.

How to prevent this (practical steps):

  • Own your backups (don’t rely solely on a landlord’s/host firm’s IT). Use a 3-2-1 backup strategy and test restores.
  • Put clear, written data-segregation and change-management terms in your office/IT agreement.
  • Keep off-network backups (immutable/cloud snapshots) and run recovery drills twice a year.
  • Maintain a simple RPO/RTO target (how much data you can afford to lose/how fast you must be back).

Where insurance can help (policy-dependent):
 Cyber policies with data restoration and business interruption coverage can respond to accidental data loss; some tech E&O or malpractice policies may also come into play depending on facts. Terms vary—review your policy.

#2: Cloud Downgrade → Confidential Case Exposed

The setup:


A firm used a cloud storage provider with two tiers: free and premium. The premium tier kept data private; the free tier made content searchable/downloadable by others.

What went wrong:


The firm missed the renewal. The account reverted to the free tier, quietly exposing the firm’s files online for months. During that window, third parties downloaded details of a sensitive whistleblower matter.

Documented impact (one case):

  • Notification costs: $27,000
  • Defense expenses: $35,000
  • Damages: $2,150,000
  • Fines & penalties: $120,000
  • (Additional client lawsuits were pending and not included in these totals.)

Why this matters:


Most breaches aren’t Hollywood hacks—they’re misconfigurations, missed renewals, or lax vendor settings.

How to prevent this (practical steps):

  • Use auto-renew with multiple payment methods and billing alerts for critical SaaS tools.
  • Enforce least-privilege access, MFA, and default private sharing settings; require approvals for any public link.
  • Turn on configuration monitoring and data-loss prevention (DLP) alerts for exposure of sensitive matter names/IDs.
  • Keep a data map: what you store, where it lives, who can access it, and how long you keep it.

Where insurance can help (policy-dependent):


Cyber policies commonly address privacy liability, regulatory investigations (where insurable), breach response (forensics, notifications, PR), and defense. Coverage for fines/penalties depends on jurisdiction and policy language. Some professional liability (LPL) policies may also respond to alleged ethical violations—review both with your broker.

What These Stories Prove

  • It’s not just “hackers.” Human error and billing lapses can trigger seven-figure exposure.
  • Shared or “free” is risky. If you don’t control the system, you don’t control the risk.
  • Time is money. Even “small” incidents bleed billable hours and momentum.

Insurance is a backstop, not a substitute for sound IT practices.

10-Point Cyber Hygiene Checklist for Small & Mid-Size Firms

  1. 3-2-1 backups with quarterly restore tests
  2. Vendor billing safeguards (auto-pay + backup card + calendar reminders)
  3. MFA everywhere (email, practice management, cloud storage, VPN)
  4. Least-privilege access and quarterly access reviews
  5. Encrypted, private-by-default cloud repositories; ban public links
  6. Patch/update cadence for OS, apps, and network devices
  7. Incident Response Plan with breach-coach contact and a tabletop twice a year
  8. Data map & retention policy (limit what you store; purge on schedule)
  9. Security awareness training (phishing, sharing, and file-handling)
  10. Annual policy review (cyber + LPL) to close obvious gaps

These aren’t edge cases—they’re everyday risks for modern law practices. A few process tweaks plus the right blend of cyber and malpractice coverage can be the difference between an expensive lesson and a swiftly managed incident.

If They Can Breach an Insurance Giant, What’s Stopping Them from Hitting Your Law Firm?

Posted on by

I recently read something eye-opening in an insurance journal — a reminder that cybercrime isn’t just evolving, it’s organizing.

There are now cybercriminal groups that no longer just pick off random companies with weak cybersecurity. Instead, they target entire industries, strategically identifying and exploiting vulnerabilities across the sector. 

One such group is known as Scattered Spider, and their newest target? The insurance industry.

In recent months alone, major players like Philadelphia Insurance Company, Erie Insurance, and Aflac have been hit with significant cyberattacks. These breaches not only disrupted their operations, but in Erie’s case, have already led to multiple class action lawsuits.

Let’s think about that…

These are companies that:

  • Handle sensitive data every day
  • Have risk management baked into their company DNA
  • Invest hundreds of thousands of dollars (if not millions) into cybersecurity infrastructure

… and they still got breached.

So here’s the question every law firm should be asking:

If these highly protected insurance companies aren’t safe, what makes you think your firm is?

The Ugly Truth – Law Firms Are Prime Targets

You might be thinking, “We’re a law firm — not an insurance company. Why would hackers bother with us?”

Here’s why:

  • You store the same type of sensitive data: personal information, financial records, privileged communications.
  • You likely don’t have the same kind of IT budget or internal safeguards that large insurers do.
  • And from a hacker’s perspective, that makes you low-hanging fruit.

Whether you’re a solo practitioner in Pittsburgh or part of a mid-sized firm in Cleveland, you’re exposed — and attackers know it.

The Smart Next Step For Your Firm: Cyber Liability Insurance

Even if you have antivirus software, firewalls, and employee training in place (and you should), there’s another essential layer of protection… 

A tailored cyber liability insurance policy.

This isn’t just about protecting your firm — it’s about protecting your clients and your reputation. A single breach can take down your operations, cost tens of thousands in recovery, and damage your trust with clients.

Cyber policies are more affordable than most firms realize, especially compared to the cost of recovering from an attack.

Want to Learn More?

I go deeper into these risks and solutions in my book, Game Over? Not Today! 

It’s written specifically for professionals like you — attorneys, advisors, and business owners who want to understand the threat landscape and take action before it’s too late.

Pick up my free book today here -> https://bit.ly/INF-Game-Over-Not-Today 

Stop procrastinating. Protect your firm, your data, and your clients.

If you’re in Pennsylvania or Ohio and want to explore your cyber coverage options, I’d be happy to help.

I’m Don Ivol — your insurance guy.

Unique Follow Through

Posted on by
https://youtu.be/U9b8Qw4lmb4

Every golfer has a unique follow-through. Whether it’s long and graceful or short and awkward, it’s the finishing move that gets the ball where it needs to go. Without a proper follow-through, even the best swing won’t deliver the result you’re aiming for. The same is true when it comes to insurance protection for your law office.

Most attorneys start the swing—they carry legal malpractice insurance. But too many stop short. They don’t follow through by protecting themselves against cyber liability. And that’s where the shot falls short.

The Risk of Not Following Through

I hear it all the time:

“I’ve been meaning to look into cyber insurance…”
“We’re a small office—nobody’s going to hack us.”
“We don’t have any information that hackers want.”

Wrong. Those are all excuses—and dangerous ones. Hackers aren’t just targeting the big fish. In fact, they have a name for small firms that lack sophisticated cyber defenses:
“Low-hanging fruit.”

Law firms, even solo practices, store exactly the kind of data hackers crave—names, addresses, Social Security numbers, banking info, legal documents, and confidential case files. That’s gold to a cybercriminal. And without the security infrastructure of a Fortune 500 company, you’re an easy target.

What About My Malpractice Policy?

Another common myth I hear is this:

“My legal malpractice policy already covers cyber claims.”

Not quite.

Your legal malpractice policy might include a small amount of ancillary cyber coverage—but not nearly enough to protect you if a serious breach occurs. Cyber incidents can trigger lawsuits, regulatory fines, business interruption, ransom demands, and reputational damage. You need a dedicated cyber liability policy to handle those risks.

Protect Your Clients. Protect Your Practice.

Your legal malpractice policy is your swing.
Cyber insurance is your follow-through.

If you want your protection to actually reach its target—your clients, your firm, your future—you have to complete the motion.

There are no mulligans in the world of cyber claims. Once you’re hit, the damage is done—and without the right coverage, it could be devastating.

So, take the next step. Don’t stub the shot. Follow through and secure cyber liability coverage for your law office.

It just makes sense -> https://integrityfirstins.biz/Home/CyberIndication

Game Over? Not Today — Why Every Business Needs to Read This Free Cyber Insurance Book

Posted on by

We recently published a brand-new book titled Game Over! Not Today and the best part? It’s absolutely free. This guide is designed to help business owners like you understand the ins and outs of cyber liability insurance, and more importantly, how to protect your business from the growing threats in today’s digital landscape.

Why You Should Download It

Cyber threats aren’t just a big-business problem anymore. Small and mid-sized businesses are increasingly being targeted by hackers, and unfortunately, many are caught unprepared. That’s exactly why we wrote this book—to demystify cyber insurance and give you the tools and knowledge to confidently face these challenges.

Every chapter in this book offers valuable insights, but there are two chapters I really want you to pay close attention to: Chapter 6 and Chapter 8. These contain immediate, actionable advice that could make all the difference if your business ever experiences a cyber event.

🔐 Chapter 6: Building a Strong Incident Reporting Process

When a cyberattack happens, chaos can follow—unless you have a plan. Chapter 6 walks you through exactly how to build a strong incident reporting process, so you’re not left scrambling in the heat of the moment.

Inside, you’ll learn:

  • Who you need to contact (with phone numbers and email addresses already laid out)
  • What your immediate next steps should be
  • How to document and report the incident to your insurance carrier
  • What details are critical to have on hand before something goes wrong

This chapter ensures that when you’re hit with a cyber event, you’re not asking, “What do I do now?”—because you’ll already know.

👥 Chapter 8: The Importance of Employee Education

Your employees are your first line of defense, and Chapter 8 dives deep into why education and engagement are critical. A team that understands what a cyberattack looks like—and feels confident raising their hand when something seems off—can prevent a bad situation from getting worse.

You’ll discover:

  • How to create a team-oriented cyber-safe culture
  • What to include in your employee training
  • Why employee involvement in your cyber response procedures is non-negotiable

From phishing emails to ransomware, your team needs to know what to look for and how to act fast—and this chapter gives you the playbook to make that happen.

Your Next Step: Download the Book

If you’ve ever felt unsure about cyber liability insurance or what steps to take if your business is attacked, this book is for you. It’s practical, straightforward, and best of all, it’s free.

📘 [Click here to download Game Over? Not Today now!] 

Get My New Book on Cyber Liability Insurance – Absolutely Free!

Posted on by

I’ve been working hard behind the scenes, and I’m thrilled to finally share some exciting news — I’ve completed my book on cyber liability insurance, and I want you to have it for free!

The book, titled Game Over, Not Today,  is designed to be your roadmap for preparing your office to defend against cyber threats, while also demystifying the coverages found in a typical cyber liability policy.

Through the experiences of two fictional small businesses — Legal Eagles LLC and Helping Hands Chiropractic Corp. — you’ll follow their journeys navigating the cyber landscape using smart risk management practices and the right insurance coverage. I’ve included real-world examples and simple, effective explanations of policy terms and definitions to make even the most complex topics easy to understand. Whether you’re just starting out or looking to strengthen your current protections, this book will help you upgrade your cyber defense strategy.

Why did I write this book?


One of the most common questions I hear from clients and prospects is, “I don’t even know what cyber liability is — why would I need to insure against it or implement cybersecurity systems?” This book answers that question and many others. It was written with the goal of helping you better understand the cyber risks your business faces every day, and why taking action now is so important.

Here’s what you’ll get from the book:

  • A clear understanding of cyber liability insurance
  • Real-life solutions to common cyber exposures
  • Practical steps to enhance your office’s cybersecurity
  • Peace of mind — and it won’t cost you a dime!

In fact, by applying the strategies outlined in the book, you could end up saving money by reducing the likelihood of a cyber claim in your business.

Getting your free copy of “Game Over, Not Today” is easy. 

Click here to download the book now!

Don’t miss out on this opportunity to strengthen your business against today’s growing cyber threats. It’s a quick, valuable read that could make all the difference!

Beware of SMishing (SMS Phishing) This Holiday Season

Posted on by

As the holiday season approaches, it’s not just Santa Claus and jingle bells we need to watch out for—there’s also a growing threat called SMishing, or SMS phishing. While phishing through emails has been around for years, SMishing operates through text messages, attempting to deceive you into providing sensitive personal information.

What is SMishing?

SMishing is a form of phishing that targets your mobile phone through text messages. Just like phishing emails, these messages aim to trick you into clicking on links or answering questions that divulge personally identifiable information (PII). Once scammers obtain this information, they can use it for fraudulent activities, potentially ruining your holiday cheer.

How Does SMishing Work?

One of the most common SMishing tactics involves fake delivery notifications. You might receive a text claiming that your package is on its way, with a request to confirm your address or answer a few questions. These messages often include a link that, when clicked, leads to a site designed to collect your personal details.

These scams are particularly effective during the holiday season when many of us are expecting packages and might not think twice about a message from a delivery service.

How to Spot a SMishing Attempt

To avoid falling victim to SMishing, keep an eye out for these red flags:

  1. Unknown Numbers: If you receive a text from a number you don’t recognize, especially one with a foreign area code, proceed with caution. SMishing messages often originate from unfamiliar numbers.
  2. Poor Grammar: Pay close attention to the grammar and formatting of the message. SMishing texts frequently contain typos, unusual capitalizations, or improper sentence structure, signaling their fraudulent nature.
  3. Unsolicited Links: Never click on links from unknown senders. If you receive a suspicious message, delete it immediately. Clicking on these links could expose your personal information or infect your device with malware.

Stay Safe This Holiday Season

The holidays should be a time of joy, not stress. By staying vigilant and recognizing the signs of SMishing, you can protect yourself and your loved ones from falling victim to these scams.

If you’re unsure about a text, it’s better to err on the side of caution. Reach out to the purported sender through a trusted method, such as their official website or customer service line, to verify the message’s legitimacy.

Enjoy the holidays, stay safe, and don’t let SMishing spoil your festive spirit. Remember, protecting your personal information is one of the best gifts you can give yourself this season!

Don’t Let Cyber Threats Haunt You: Essential Tips & Cyber Liability Insurance for Extra Protection

Posted on by

As Cybersecurity Awareness Month comes to a close, we’re reflecting on the importance of keeping your digital space secure—both at work and at home. This October, we’ve spotlighted essential strategies to ward off potential cyber threats that can haunt any business. From scam emails to weak passwords, each topic tackled a vital piece of the cybersecurity puzzle.

Imagine standing in front of a graveyard filled with goblins and skeletons, each one representing the digital threats that lurk online: ransomware, phishing scams, and weak passwords, to name a few. Just like these ghouls and goblins, cyber threats may seem harmless until they slip through the cracks. But don’t fear; there are simple ways to keep them at bay. Here’s a quick recap of the strategies we covered and how each one can help strengthen your defense:

  1. Don’t Let Scam Emails Breach Your Defense – Phishing Protection
  2. Unique Passwords Are Key – Strengthening Your Password Security
  3. Strengthen Your Cyber Defense with Fresh Updates – The Importance of Regular Software Updates
  4. Multi-Factor Authentication – An Added Layer of Security

For those looking to add even more robust protection, consider adding a cyber liability insurance policy. This added layer of security can provide peace of mind in the event of a cyber incident, covering potential financial damages.

If you have any questions or would like to learn more about cyber liability insurance, feel free to reach out. Cybersecurity threats may be spooky, but with these strategies and a proactive approach, you can keep them at bay year-round.