Are You Taking Advantage of the Ancillary Benefits That Come With Your Malpractice Insurance Program?

I’m always surprised at the number of people who don’t take full advantage of the ancillary benefits that come with malpractice insurance programs. I know that most of the carrier programs we market have several useful benefits outside of the policy that can help a firm.

Items like: online risk management classes, some of which are eligible for free CE and possible premium discounts, samples of engagement, disengagement, and non engagement letters, as well as suggestions on how to implement a conflict of interest system.

You can also find examples of how to implement a dual calendar system and comments on the latest programs available in the marketplace for calendaring, client intake, and billing. Not all outside the policy benefits have everything we mentioned, but they do have some combination.

Keeping Your Documents Secure and Accessible

As an agency, we’ve developed a client portal with 256-bit encryption for your security. Current clients can use this portal to gain access to the previous applications you’ve submitted to us as well as your past and current legal malpractice insurance policies.

I get calls, some urgent, from insureds asking if I can resend the policy as they cannot locate it in their office. Imagine how convenient it would be if you could just go to the client portal and see all the information you needed online!

So if you’re one of the insureds that are using the additional benefits available to you from your legal malpractice insurance program, good for you. It can and will make your law practice better and maybe even reduce the chances of being sued. If you’re not, I would encourage you to at least take a look at what is available; you might be surprised. Oh, and did I tell you it is usually free?

Does a Legal Malpractice Policy Cover a Cyberattack, Data Breach or Wire Transfer Fraud Claim?

At INf, we just finished recognizing the month of October as Cybersecurity Awareness Month. I hope you enjoyed the few educational videos that we were able to send your way.

Since then, a few of our clients have asked me to talk a little bit about whether a legal malpractice policy would cover a claim that was based on a cyberattack, data breach, or wire transfer fraud. So as a bonus to our October series, we’ll go over a few of these issues.

Cyberattack and Data Breach Claims

Let’s take a look at the cyberattack and data breach issues. My answer is going to be a pretty typical insurance answer in this situation—maybe. It might be covered based on the claim circumstances. My best guess is that if you submit a legal malpractice claim based on a cyberattack or data breach, it will trigger the coverage.

The carrier will review the claim issues and decide which issues are going to be covered and which issues are not going to be covered. I would believe that those issues that are typically considered legal malpractice issues are going to be covered, and those issues that are strictly considered cyber issues will not be covered. Now, your policy may have certain language that will provide a very limited amount and scope of coverage for some cyber events. So you might be able to glean a little bit of coverage out of your legal malpractice policy in that event.

Wire Transfer Fraud Claims

On the other issue of wire transfer fraud, my answer is going to be a little bit different. I don’t believe that most legal malpractice claims or most legal malpractice carriers are going to cover claims for wire transfer fraud. Most of the carriers and carrier personnel that I have spoken to believe that wire transfer fraud is theft. And a legal malpractice policy is not theft protection.

Perhaps a fidelity bond, maybe crime coverage, or a standalone cyber liability policy would be the better policy from which your coverage would come. Some legal malpractice policies even specifically exclude theft, wire transfer fraud, and bank transfer fraud.

Consider a Cyber Liability Policy

If you’re looking for coverage to replace the physical funds that are lost from a wire transfer fraud, my suggestion to you is to not depend on your legal malpractice policy to do so. I think you’ll be very disappointed. Which brings me to my last and final point: you need to seriously consider the purchase of a standalone cyber liability policy. It’s going to protect you against a host of exposures, like cyberattacks, data breaches, ransomware, phishing schemes, and so much more.

So if you really want to protect yourself, the office, and your client, the purchase of a cyber liability policy is the way to go.

These policies help protect you from the threat of hackers, data dumps, stolen passwords, ransomware attacks and more.  

It takes less than 5 minutes to fill out the application for this insurance.  Contact INF to get started at 412.563.2106.

Be prepared against cyber attacks

In the past 4 weeks, we have covered multiple cyber security exposures that are common to law firms, including:

We have also covered how to minimize the risk associated with them.

However, they all have one thing in common…a human element, which is almost impossible to safeguard 100%.  About half of all data breaches happen due to some type of human error.

This is why we recommend purchasing cyber liability insurance.

Cyber liability insurance provides a combination of coverage options and services to help protect businesses against data breaches and other cyber events as well as help to recover quickly if an attack does take place.

This insurance can help cover the costs associated with an attack or breach, such as:

  • Lost income due to cyber event
  • Customer notification 
  • Data recovery
  • Damaged computer repair
  • And more!

Law firms use multiple types of technology that face cyber risk.  As this tech becomes more complex, so does the risk that comes with it.  This is why every business should be prepared with a cyber security plan/training as well as cyber liability insurance to help mitigate the risk.

Let INF help place you with the best cyber liability carrier for your firm’s needs.  To get started, give us a call at 412.563.2106 today.

Do you have multi factor authentication to verify your identity…because 44% of businesses don’t

Because October is Cyber Security Awareness Month, we thought that we would take the next few weeks to highlight cyber security exposures that are common to law firms.

Did you know that 44% of businesses don’t use multifactor authentication?

Your question back to me might be – What is multifactor authentication and why would I need it?

Multi Factor authentication or MFA is a security method that needs a user to use two or more authentication factors to prove who they are before they can use an organization’s network, check their email from a remote location, or use privileged or administrative accounts.  It helps make sure that you are who you say you are.

The most common use of MFA is when banks or credit cards require you to input a password as well as a code that they email/text/call you with.

MFA should be used by law firms with email accounts as well as accessing any network remotely.

In fact, according to Microsoft, 99.9% of account compromise attacks can be blocked by MFA!

Most email products as well as system access software have MFA built in, so be sure to enable and protect your data!

Questions about risk mitigation for this exposure?  Call us at 412.563.2106.

Next week, we will talk about how to protect your firm against multiple exposures!

Check to see if your email/password combination has been exposed in a recent data breach

Because October is Cyber Security Awareness Month, we thought that we would take the next few weeks to highlight cyber security exposures that are common to law firms.

This week’s topic – Passwords!

Did you know that there is a website that you can go to check to see if your email/password combination has been a part of a data breach?  It’s called “Have I Been Pwned?” and you can access it here: https://haveibeenpwned.com/

It contains over 12 BILLION username/password combos that have been exposed in recent hacks.

Go to the site and enter your email address to see if you have been exposed.  If so – change your password immediately for the account that was hacked.

Want to create a good password?

Try using these 7 criteria:

  • 12 characters or more in length
  • Contains an uppercase letter
  • Contains a lowercase letter
  • Contains a number
  • Contains a symbol
  • Does not contain real words that could easily guessed by a dictionary attack
  • Hasn’t been used before as a password by your email address

Need help remembering each unique password?  Invest in a password manager, like 1Password or KeePass.

Questions about risk mitigation for this exposure? Call us at 412.563.2106

Next week, we will discuss multi factor authentication!

Do you know about the email wire fraud scam affecting lawyers and law firms?

Because October is Cyber Security Awareness Month, we thought that we would take the next few weeks to highlight cyber security exposures that are common to law firms.

This week we wanted to talk about wire fraud.  Despite the fact that wire fraud scams target a wide range of professionals, attorneys who handle real estate transactions and/or wire money are particularly at risk.

Lawyers should be aware of any fraud schemes that could cost them and/or their clients hundreds of thousands of dollars if they transfer money to or on behalf of clients. The Federal Bureau of Investigation (FBI) estimates that scammers have stolen up to $1.33 billion just in the United States.

Here’s how the scheme normally works:

  • The scammer will gain control of an email account from at least one of the parties in a transaction.  Typically that transaction will be in real estate.  They will use this access to gain details.
  • The scammer will send a set of emails that appear to be legitimate discussing the details of the deal to build trust
  • Then, the scammer will send wire instructions OR make changes to a previously supplied set of instructions
  • The scammer will say this matter is “urgent” and that everything “needs to be done today”.  This is so the normal set of checks and balances will be bypassed, thus eliminating the normal scrutiny requests like these should get
  • Then, the attorney would unknowingly wire the money to the scammer’s account and the scammer will typically move that money immediately to an overseas account so it cannot be stopped

There are a few ways that attorneys can prevent wire fraud – 

#1 – Be hyper-vigilant

First, attorneys should be on the lookout for wire fraud scams and be skeptical whenever money is being wired to finish any kind of transaction. Wire fraud scams that use emails can involve anyone in a transaction, from someone the attorney has worked with for 40 years to someone they have only met briefly for one transaction. Because of how email works, it is much easier to hide a person’s true name through email than over the phone or in person.

#2 – Use a second authentication factor

Use a phone call as the second authentication factor to easily check on all wire transfer requests.

Before any money is moved out of the law firm for a transaction, an attorney can find out about most possible fraud scams by calling the person who is supposedly sending the email. Attorneys should always use the contact information they already have for the person instead of the information in the email, which could be fake. Lawyers can also call someone else at the company. The main point is to do something outside of the email chain that could be hacked.

#3 – Be skeptical of last minute changes

Be careful when a party in a deal suddenly changes how they usually do things. This could mean moving money to a different account, using a personal email address instead of a work one, or talking to someone else at the company. All of these things could be signs of a possible scam. 

Questions about risk mitigation for this exposure?  Call us at 412.563.2106

Stay tuned for next week where we will send you a website where you can check to see if your email/password combination has been exposed in any major hack.

50% of all businesses are worried about ransomware – are you?

Because October is Cyber Security Awareness Month, we thought that we would take the next few weeks to highlight cyber security exposures that are common to law firms.

A common question that we hear from our insureds is – What is ransomware and can it affect me?

Ransomware is a type of harmful software (also known as “malware”) that online thieves use to access a victim’s network. Typically, this happens via a download by an employee that was tricked.  Once they are into the system, they’ll encrypt it so you can no longer access anything.

Finally, the thieves will demand a ransom, generally in bitcoin, in exchange for the decryption key.

Attackers using ransomware have recently increased their aggressivity, requesting six-, seven-, and even eight-figure ransom payments from organizations. It is more difficult for organizations to recover from such an attack as a result of these criminals deleting backups and, in some circumstances, issuing threats to reveal critical or confidential material.

Can it affect law firms? YES!  In fact, here is a link to an article discussing a ransomware attack that is common to the legal industry: https://www.logikcull.com/blog/maze-ransomware-law-firms

One way to prevent ransomware affecting you is to make sure that your employees are well-trained on spotting suspicious emails and attachments.  This way, they won’t download malicious files.

Another way to prevent ransomware is to make sure that you have a complete backup of your system that can be restored within 24-48 hours.  This will enable you to put your system back up and lose minimal time without needing to deal with the criminals.

Questions about risk mitigation for this exposure?  Call us at 412.563.2106

Stay tuned for next week where we will discuss wire fraud.

Facing Legal Malpractice Claims: Proactive Measures for Lawyers

Our July Legal Malpractice Awareness Month would not be complete without some discussion about legal malpractice claims. I get asked a lot about claims and if there are really a lot of lawyers who get sued for legal malpractice. I always answer the same way: yes, there are a lot of claims filed against lawyers.

I recently had a discussion with a legal malpractice claims analyst, and he commented that the insured’s question or concerns today should not be “if I get sued, but rather “when I get sued and how many times.” I think that sums it up: lawyers being sued is not uncommon, and it does happen with frequency.

I believe that the reason most people don’t hear about lawyers being sued that often is that most lawyers don’t want to talk about it. It is not a pleasant experience to have your work questioned or accused of making a costly mistake. I understand that.

If you do find yourself in the position where someone is alleging that you made a mistake on their case or you find on your own that you made a mistake, don’t make it worse by ignoring it or hoping it goes away. It never does, and refusing to acknowledge it will only make it worse.

There is no scarlet letter, no stoning, and no public humiliation for reporting a claim. Chances are, several of your colleagues have gone through the same thing. Call your carrier, the hot line, or your broker. Get the issue reported immediately so you can get the right people involved early on. You will be glad that you did.

What Are Reasonable Policy Limits and Deductibles For My Coverage?

One of the harder questions that lawyers face when purchasing or renewing a legal malpractice insurance policy is: what policy limits and policy deductibles should I choose, and are those limits sufficient? 

No one wants to buy more coverage than they need or have a deductible that never gets satisfied. Unfortunately, there just isn’t a stock answer. Since every law firm is different, the policy limits and deductible chosen should be based on the individual characteristics of the firm. Never choose limits and deductibles based on what your friend or the law firm down the street has. Take some time to consider the matter. No one knows your practice any better than you do. 

Consider the type of law or cases your firm handles. What is the value of the cases you handle? What is the largest case value that you handle? What is the smallest? Is there an “average” value? How many lawyers are in your firm? What is the economy like? Lawyers seem to get sued more often in a bad economy than in a good one. These are just some of the questions you should ask yourself before deciding on your limits and deductible. 

Once you have gathered the relevant information and thought about it, you’ll be in a much better position to decide, and I think you’ll find the decision becomes a little easier. Not easy, but a little easier.

What Makes A “Good” Lawyers Legal Malpractice Insurance Program?

You as lawyers have several choices when it comes to legal malpractice insurance.  My guess is all brokers selling this type of coverage will tell you that their policy or program is a good one.  But what exactly makes up a good program? 

Let me tell you what I think makes up a good program and distinguishes it from other insurance program or policies in the marketplace:

 1. A malpractice helpline or hotline for insureds.  This is important as it provides an outlet for the insureds to discuss the disciplinary or claim issue with one of their colleagues.

2. A library of risk management tools.  For example, sample copies of engagement letters, disengagement letters, samples of conflicts of interest checks and examples of docket control systems.  This can be web site based or hard copies

3. Risk Management classes and or videos that may or may not provide CLE credit

4. Comprehensive policy form that provides: full prior acts coverage, career coverage, broad definition of professional services, unlimited tail coverage endorsement and a free retirement tail when appropriate.  

5. An involved and experienced broker. Does your broker look like me, act like me, talk like me?  If not they should.  A broker is your connection to the carrier.  Likewise the broker is the carrier’s connection to you.  Education, dedication and commitment is a must. LPL is not a one size fits all, not even a one carrier fits all kind of product.

When searching for or reviewing your legal malpractice insurance program, you may not be able to secure everything I just mentioned but a good program will have most of them.