Category Archives: Risk Management

Claim vs. Potential Claim: When Should Attorneys Report to Their Malpractice Carrier?

Posted on by

One of the most common questions I get from attorneys is this:

“What’s the difference between a claim and a potential claim—and when do I actually need to report it?”

It’s a great question, and the answer can have a major impact on whether your malpractice coverage protects you when you need it most.

What Is a “Claim”?

A claim is typically straightforward. It involves a clear allegation of wrongdoing or a demand for money. This could be a lawsuit, a formal demand letter, or any situation where a client (or former client) is asserting that an error caused them harm.

At that point, most attorneys know they need to notify their insurance carrier.

What Is a “Potential Claim”?

A potential claim is less obvious—but just as important.

This is when you become aware of a situation that could lead to a claim, even if no one has formally complained yet. Common examples include:

  • Missing a filing deadline
  • Discovering a mistake in a document or case strategy
  • Receiving communication from a client that suggests dissatisfaction (including online reviews)
  • Realizing something may not have been handled correctly

In these situations, nothing has escalated yet—but there’s a reasonable chance it could.

Why Timing Matters When It Comes To Legal Malpractice Claims

Most legal malpractice policies are claims-made policies, which means coverage is triggered based on when a claim is reported—not just when the incident occurred.

That’s why the distinction between a claim and a potential claim is so important.

Reporting early isn’t just a requirement of the policy—it can also work in your favor. 

Getting your carrier involved sooner can help reduce defense costs, improve the chances of resolving the issue efficiently, and give you more options if the situation develops into a formal claim.

In fact, many malpractice claims don’t begin with a lawsuit—they start as smaller issues that weren’t addressed early.

The Risk of Waiting To Report A Claim

It’s not uncommon for attorneys to hesitate before reporting a potential issue. There’s often concern about how it might impact premiums or whether it’s “too early” to involve the carrier.

But waiting can create serious problems.

If you’re aware of a potential issue and choose not to report it—and that issue later turns into a claim—there’s a risk your carrier may deny coverage altogether.

A Simple Rule to Follow

If there’s any doubt, it’s usually better to have the conversation early.

You don’t need to have all the answers, and reporting something doesn’t mean it will automatically turn into a claim. It simply puts you in a better position if it does.

If you’re unsure about your current policy or what should be reported, it’s worth taking a few minutes to review your coverage and get clarity before an issue arises.

If you have questions about your current coverage or want a second opinion, feel free to reach out 412.563.2106

Choosing the Right Clients: A Risk Law Firms Often Overlook

Posted on by

One of the most important risk decisions a law firm makes doesn’t happen in the middle of a case. 

It happens at the very beginning — when deciding whether to take on a client.

Over the years, I’ve seen situations where problems didn’t come from how the work was done, but from taking on work that wasn’t the right fit to begin with.

Every Firm Has a Sweet Spot

Every law firm has a “sweet spot” — the types of cases it handles well, the types of clients it works best with, and the structure it has in place to support that work.

When a case falls outside of that sweet spot, risk tends to increase, which can lead to malpractice claims.

Sometimes it’s a matter of complexity. 

A sole practitioner may take on a matter that realistically requires a larger team — multiple paralegals, more time, and additional support.

The opportunity may look attractive from a revenue standpoint. But if the firm doesn’t have the capacity to fully support the work, the situation can become difficult to manage.

When Revenue and Risk Don’t Align

I’ve seen cases where a matter generates significant revenue, but also creates exposure that far exceeds it.

What looks like a strong opportunity on the surface can carry risks that aren’t immediately obvious.

That’s why it’s important to evaluate not just the potential upside of a case, but whether the firm has the capability and resources to handle it properly.

The Client Fit Matters Too

In other situations, the issue isn’t the case — it’s the client.

Some clients require more communication, more oversight, or a different working style than others. Every firm operates a little differently, and not every client will be a good fit.

If your firm has a certain pace, structure, or approach to communication, it’s important that the client aligns with that.

Sometimes your instincts will tell you that something isn’t quite right. That doesn’t necessarily mean the client is difficult — it may simply mean they’re not the right fit for your firm.

Listen To Your Gut.

It’s Okay to Say No

Referring a case out or declining to take on a client is often a good decision — for both the firm and the client.

Making sure a client is in the right place, with the right resources and expertise, ultimately leads to better outcomes.

Start with the Right Decision For Your Firm

At the end of the day, the goal is to ensure that the work you take on matches your firm’s capabilities — the right experience, the right resources, and the right structure. 

When those things are aligned, you’re in a much better position to serve your clients effectively while managing risk.

And sometimes, the best decision you can make is the one you make before the work ever begins.

Vacation as a Risk Management Tool

Posted on by

No, this isn’t a quick break from my desk—I’m actually taking a few days away from the office on a proper vacation. As I sit here on the porch, soaking in the peaceful view of the water and feeling more relaxed than I have in a long time, a thought struck me:

This might be one of the best risk management tools I can recommend—take a break.

That’s right. Step away from the desk. Let your brain unplug. Play a round of golf, cast a line into the water, take a boat ride, dive into a good book, or simply sit outside and do nothing. You don’t need a plane ticket to a faraway beach or a mountain retreat—just find a way to get out of the office and into a state of calm.

Why? Because time away helps you rejuvenate.

And when you’re back in the office, something magical happens:
You think more clearly.
You work more creatively.
You produce a better work product for your clients.

And that’s where risk management comes in.

Better Work = Lower Risk

A refreshed mind leads to fewer mistakes. That means fewer legal malpractice claims, better relationships with your clients, and even a more positive atmosphere in your workplace. It also means you’re more likely to be offered favorable malpractice insurance rates and terms—because insurers notice when your practice runs smoothly and claims stay low.

So, yes—a short vacation isn’t just good for your soul, it’s good for your business.

It may be the simplest risk management strategy, but it just might be the most powerful.

Coach Said It Best

There’s a quote from one of my favorite TV shows, Friday Night Lights, that always sticks with me:
“Clear eyes, full heart, can’t lose.”

So don’t lose.

Take some time off this year. Step away from the grind. Let yourself breathe, reset, and come back sharper than ever.

Reporting A Claim Is Important

Posted on by
https://youtu.be/888biQm756k

In law, as in life, things can change quickly—and not always for the better. When it comes to legal malpractice insurance, a sudden shift usually means one thing: a claim has been filed against you.

If that ever happens, there are several important steps you’ll need to take. But one step matters more than all the others:

Report the claim or potential claim immediately.

This cannot be overstated. As soon as you become aware of an issue, you should contact your carrier—whether by phone, email, mail, or fax. However you choose to report it, just make sure you do.

At INF, we encourage clients to include us on all claim-related correspondence. This allows us to follow up directly and ensure proper documentation is in place from the beginning.

You might think reporting a claim is a no-brainer—but too many insureds hesitate or delay. Why?

  • Denial: Hoping the issue will disappear
  • Discomfort: Avoiding the stress of reliving the situation
  • Delay: Believing there’s more time than there actually is

Unfortunately, these delays can lead to devastating consequences. When a claim is finally reported late, coverage can be denied—simply because of the timing. This is not a situation you want to be in.

So here’s the bottom line: 

If you suspect a malpractice claim is coming, report it immediately.

Think of it as giving yourself a free shot from a buried lie. It’s the first—and most critical—step in protecting yourself, your firm, and your future.

An Often Overlooked Risk Management Tip – Read Your Policy

Posted on by
male reading an insurance policy

I have an easy and surprisingly somewhat overlooked risk management tip for you. Read your policy. When was the last time you read yours?

I’m always a little bit surprised that when I speak to prospects and clients alike, how many of them tell me they never or very rarely ever read their policy. Look, I know that we are all busy because our reading stack is very high. And after going through the application and quoting, no one is thinking about finishing the process by reading the policy.

Reading your policy is essential to the process and should supplement any risk management technique you utilize in your offices. The policy tells you who’s insured, what’s insured, what you’re supposed to do when and if you do get sued, your coverage limits, your deductible, and how much it actually costs. These are just to name a few.

The policy is also going to tell you what’s not covered, referred to as exclusions in the policy. And perhaps this is even more important than knowing what is covered.

So, don’t ignore my comments and do nothing. Take a moment and read it. You don’t need to become an expert in legal malpractice insurance. Just an informed consumer. A little knowledge in this matter will go a long way in your risk management efforts to avoid legal malpractice.

Why Do You Need a Dual Calendaring System?

Posted on by

The importance of dual calendaring.

According to the most recent ABA studies, malpractice claims stemming from calendaring errors continue to be a common mistake made by law firms. One of the ways to reduce calendaring errors is to make sure that your firm or office has a dual calendaring system in place.

Dual calendars can include calendars on your computer, laptop, desktop, other electronic devices, paper calendars, wall calendars, desk calendars, diaries, phones, there’s a slew of them. My point being is that there are actually several ways to implement a dual calendar system, and you should choose one that works best for you and your firm.

The risk management benefit of having a dual program in place is the backup benefit. If a calendar entry is missed on one system, it should be picked up by the other system. Hence the chance of a missed deadline by the office is reduced with a dual calendar system. consistency with the entering of the information, weekly cross checking of the system and having two people maintaining the system are key elements to a successful program.

So if you want to reduce your risk of a legal malpractice claim, and lower your malpractice insurance premiums, make sure you have a dual calendaring system in place. 

‘Tis the Season for Cyber Security

Posted on by

02J68283

As the holiday season draws near, so do cyber criminals.  With more and more people shopping online, the number of potential cyber breach victims increases every day.  In fact, Adobe is predicting that Black Friday 2017 will see the highest sales ever on record.

So, without completely withdrawing from the online world, how can you protect yourself and your business online?  Try applying the following tips:

Make sure that you are on the website that you think that you are on

One of the most common ways to scam your username and password or credit card information from you is to send you to a fake website that looks very similar to the website that you are expecting.  An example of this is paypal.com versus paypa1.com.  Note that the only difference is the “L” at the end of the first one and there is a “1” at the end of the second one.

To get you to these fake sites, scammers will send you an email that directs you with a bogus link.  One way to see where the link is taking you is to hover over it with your mouse.  The website address will popup.  If the link is bad, block the email sender and move the email to your “SPAM” folder to prevent receiving emails from that person in the future.

One way to confirm that you are visiting the website that you want is for you to type the website into the address bar.  This way, you know that you are not following any false links and you arrive at the correct website.

Don’t fall for holiday phishing schemes

On Black Friday 2017, retailers sent over 3 BILLION emails to consumers, advertising their best deals and sales.  This day was also filled with scammers sending out tons of emails, pretending to be a retailer.  They were taking advantage of the fact that consumers were expecting to receive these emails and may not have questioned them as much.  This is known as phishing and its main purpose is to collect as much personal information about you as possible.

Commonly, phishing emails will try to direct you to a login page or a payment page.  They want to get your information as quickly as possible without you questioning the validity of the site.

A few ways to identify phishing schemes:

  • The “From” field display name is a store or bank.  However, when you click into it to reveal the full email address, it’s an address not related to that entity.
  • The email has graphics that look “off” or “fuzzy”.  Sometimes, to make the fake email look more legitimate, a scammer will copy the graphics from a store or bank from their website, which are not a high resolution.  As a result, when they are placed into an email, they look wrong.
  • When you hover over the link that the email wants you to visit, it is not pointing to the website that it claims to be sending you to.
  • Check for spelling mistakes and bad grammar.  Legitimate companies are sticklers when it comes to spelling and grammar.  If the email sounds poorly written, there is a good chance that the email is not legitimate

Check for an SSL certificate upon checkout

When you check out online, you want to make sure that there is an SSL certificate in the address bar.  You should see that the web address starts with “https://”.  Normally, there will be a lock image next to the address or the whole bar will turn green.

An SSL is important any time that you are entering financial information or passwords.  This encrypts that information and keeps it private from anyone that may be watching your transaction.

Create a strong password (and don’t use the same one) for your customer (and business) accounts

Your customer accounts for stores and banks should be protected by a strong password.  The company can have the best security measures and encryption in place, but if your account has an easily guessed password, none of that matters.

A strong password is 12 characters or more and contains at least one of each of the following:

  • Uppercase letter
  • Lowercase letter
  • Number
  • Symbol

You also do not want to use the same password for all of your accounts.  This is because if one of the accounts is hacked, the hacker now has the login information for all of your other accounts and they WILL check this immediately.

The average American has over 60 online accounts that they have to remember, so look into a good password manager to help you maintain the information.  Not only will the password manager help you remember all of your login information, but it will help you create secure passwords.

Some highly rated password managers include KeePass, Dashlane and LastPass.  Check out this article from PC mag for more information on the top password managers of 2017: https://www.pcmag.com/article2/0,2817,2407168,00.asp

BONUS: Turn on two factor authentication where possible

Two factor authentication (TFA) is becoming more prevalent as hackers become more savvy and have access to greater computing power.  TFA uses not only your username/password, but one other means of verification before you have access to your account.

This is now commonly available with banking and credit card websites.  When you turn this on, after you sign in with your username and password, they will ask if you want to receive a text or email for secondary verification of the account.  Once you make your selection, they will send a one-time only code to the phone number or email associated with that account, which you then have to enter to gain access.

This is helpful because even if someone had your password, they would still need access to your email or phone to be able to access your account.  If TFA is available to you, INF recommends turning it on to better protect yourself.

Have a safe and secure holiday season from INF!

Smart Risk Management for Law Firms: Be Prepared – not just for boy scouts anymore

Posted on by

Businessman using mobile phone outside courthouseI don’t know any attorneys that want to get sued by their client.  However, not all law firms are taking the proper steps to prevent this situation from happening.  In order to protect both your firm AND your client, you should employ multiple risk management techniques.

What is risk management?

Risk management is a set of policies and procedures that a law firm should have in place to reduce or eliminate risk issues.  Not only will you be protecting yourself and your clients, but you should receive a credit from your lawyers professional liability insurance carrier for employing these techniques.

How should risk management be taught?

Frequently, firms hold seminars for their employees to review office procedures and information specific to the firm.  Outside training can also be implemented in the form of webinars or guest speakers.

Your staff may interact with your clients as much or more than you do.  Don’t forget to train everyone!  According to the latest Verizon security report, 51% of data breaches are caused by the people within a company.  Make sure that they are familiar with your policies and procedures that you have in place.

Business team in the office

Important risk management policies for law firms #1 – Take the right cases

A common cause of malpractice is taking a case that your law firm is not qualified for or does not have the resources to handle.  You have to look past the dollar signs of a case and ask yourself, “Is this the best case for me and the firm?”  Create a policy that helps you walk through the details of a case to ensure that you are well-versed in the area of law it concerns as well as having the resources that it may require.

Important risk management policies for law firms #2 –Dealing with Departing Attorneys

Redundant Businesswoman Leaving Office With Box

If an attorney is departing your firm, make sure that an exit interview is conducted and that the proper steps are taken to remove them from your firm.  Make sure that you are aware of all cases that he/she was working on and any open issues.  Create a policy that outlines the following:

  • What are the important questions to ask in the exit interview for my firm?
  • Who should be assigned any work that is not completed?
  • What materials can the departing attorney take if they are allowed to take clients with them?
  • How can they be removed from your letterhead?
  • How can their access to your computer system be eliminated?
  • How does your firm contact your professional liability insurance carrier to let them know the date of attorney departure?

 

Important risk management policies for law firms #3 – Hiring a New Attorney

When you hire a new attorney, make sure that they go through your complete hiring process.  Make sure that they are everything that they claim to be.  Create a policy that outlines the following:

  • Ensure the new attorney is proficient in your firm’s areas of practice.
  • Why are they leaving their current firm? Was there a performance issue, were they a product of downsizing or are they looking for more opportunity?
  • Complete a conflict of interest check with the new attorney and all of the firm’s existing clients. The last thing that you want to do is to bring on a new lawyer and find out a few months later that they have a conflict with one of your biggest clients!
  • Make sure that they are comfortable with your firm’s risk management procedures.

 

Important risk management policies for law firms #4 – Dealing with Unhappy Clients

Clients are the lifeblood of any business.  An unhappy client can lead to bad reviews online, refuse to pay their bill, sue you for malpractice and many other things that can negatively impact your business.

One telltale sign that a client is unhappy is if they ask for a complete copy of their file after services have been rendered.  Another is if they tell you that they are unhappy with you or with the result of their case.

If you notice signs that your client seems to be dissatisfied, sit down and have a conversation with them to try to resolve the issue.  Sometimes, it is just a matter of explaining a legal process that they may not be familiar with.  Once they know why you chose to handle a situation in a certain way, it tends to alleviate their fears.

A common source of client dissatisfaction is lack of communication from the attorney to the client.  This can be solved by the attorney and the client setting up a communication timetable and sticking with it.  If you, as the attorney cannot meet the timetable during the representation, have your assistant or paralegal contact the client with an update.

Confused businessman with a calculatorAnother source of client unhappiness may stem from billing issues.  You are much better off to bill frequently instead of sending one large bill at the end of a case.  Smaller bills with detail help explain to the client what you did and act as an update to the case.  If you wait and send one “final bill” a client may forget how much work you performed and feel the bill is unreasonable.  Additionally, sending incremental invoices will help you get paid quicker.

Important risk management policies for law firms #5 – Docket Systems are CRITICAL

Agenda

If you look at claims that arise against lawyers, one of the most common alleged mistakes is a blown statute.  This is a result from your calendaring system not being used on a regular basis or not being used correctly.  Generally, LPL insurance carriers require that a firm have at least two docket systems with one of them being computerized.  Back up of this system should be on a daily basis.  Create a policy for your firm that details what type of docket systems your firm will use, how often they should be updated, how often they should be backed up, and who in the firm is responsible for maintaining the systems.

For more information on risk management or help creating/implementing these policies and procedures in your law firm, contact Donald Ivol at INtegrity First Corporation today!

Keeping Your Information Safe In the Digital Age – Part 3

Posted on by

With the onslaught of data breaches that happened in 2015 (about 65,000 according to the Verizon Data Breach Investigations Report), INF presents this multi-part blog series about keeping your data safe in the digital age.

Accessing Your Password Database on Different Devices

The last blog post of this series covered setting up a password database in KeePass and accessing it on your personal computer.  This blog post will cover accessing your passwords on multiple devices.

Storing your Password Database in an Accessible Place

If you only want access to your passwords on your laptop or desktop, storing the database file (*.kdbx file) locally is fine.  However, if you want to be able to retrieve your passwords from your phone, tablet, etc., the file needs to be stored in a cloud.  If you already have a cloud account, you can store it there.  If you do not have a cloud account and you won’t be using it for large files, Dropbox is great free option to consider (https://www.dropbox.com/).  It takes about 3 minutes to sign up and you get 2GB of space for free.  Your *.kdbx file won’t even use 1% of that amount.

Once you have your Cloud account set up, move your password database file to the cloud.  This benefits you in multiple ways.  First of all, you can access your passwords from all of your devices.  Secondly, your password database will now be backed up on a regular basis.  In fact, Dropbox keeps all deleted and updated versions of your files from the last thirty days.  So, if you accidently delete your file from anywhere, you can restore it from dropbox.com.

Retrieving Passwords on your iPhone or iPad

If you want to access passwords on your iPhone, you need to download the app for the cloud that you are using onto your device. In the case of Dropbox, you will download the Dropbox app from the app store and use your account information to sign in.  You will then need to download the app “MiniKeePass”.

To load your password database into MiniKeePass, open the Dropbox app (or your Cloud app) and click on your *.kdbx file.  The cloud app will not be able to show a preview of the file, which is expected.  Click on the icon of the square with an arrow pointing up, which should give you a menu with multiple options.  Click the “Open in…” option and select “Copy to MiniKeePass”.  This has now stored a copy of the password database in your MiniKeePass app.  This is important to note as it is just a copy.  If you make changes to the file on another device, you will have to go through the process of loading your password database again.

The actions above will open MiniKeePass and display the database file. To open it, click on the filename.  The app will ask for the database password.  Enter your password and your database will display.  You can browse by folder or you can use the “Search” box.  To use the passwords, click on an entry and click on the username or password.  This copies that text to the clipboard.  You can then paste it wherever you would like.

Retrieving Passwords on your Android 

If you want to access passwords on your Android, you need to download the app for the cloud that you are using. In the case of Dropbox, you will download the Dropbox app from the app store and use your account information to sign in.  You will then need to download the app KeePass2Android from the app store.  Launch the newly downloaded app and click the “Open File” button.  You can browse to your password database file in your cloud and open it with your password.  You will then be able to search for the password that you want and copy/paste it any location.

Retrieving Passwords on your Chromebook

If you are using a Chromebook, there is a strong possibility that the cloud that you are utilizing is Google Drive.  Place your *.kdbx file in your Google Drive cloud and install the KeePass Chrome app.  Open your new app and select “Open File”.  Browse to your KeePass Database and enter the password.  KeePass Chrome will open the file and you can use the passwords as needed.

Should you use free Wifi…the answer is resoundingly “No!”

Posted on by

High resolution mobile phone graphic with Wifi Icon

It all starts out innocently enough.  You decide to stop into your favorite coffee place.  You order a drink, sit down, and pull out your laptop or other mobile device.  You don’t want to use your precious data from your wireless plan, so you think “No worries, they offer free wifi here.”  You connect to the free wifi and start browsing.  You check your email, your bank account and then online shop while you finish your drink.  A perfectly innocuous afternoon…or so you thought.  Little did you know that the person sitting across from you, seemingly having a day similar to yours, was capturing all of your online movements and information.  They were then able to check your email, access your bank account and shop online using your PayPal and Amazon accounts.

They were able to gather all of your information using a fairly simple program called a packet sniffer (or packet analyzer).  These programs are easy to install and use, but best of all, some of them are free, or so a hacker would say.  Because it is so simple, this exploit is used all of the time with free wifi.

When you go online using a wireless connection, you communicate via packets with the router.  Packets contain all of the information for the web page that you are using, including any text that you may type, such as your credit card information or passwords.  One web page can consist of multiple packets.  A packet sniffer can connect to the same wireless network and collect copies of these packets.  It then will put the packets together like you would piece together a puzzle.  Once the sniffer has put the pieces back together, the person implementing the sniffer has the information of everyone on the network for the entire time that they were there.

The reason that packet sniffers work with free wifi is because there is no encryption algorithm in place.  If the wireless router employs an encryption technique, the packets become encrypted, and thus, unreadable to the sniffer.  They can still collect your packets, but they can’t do anything with them.  It would be like someone having a puzzle where none of the pieces fit together.  With encryption, the router knows how to decrypt your packets, but no one else can.

If you are required to enter a password for the wireless network, that normally means that it is encrypted.  However, if the password is known to everyone, then the packet sniffer knows as well, and you are back where you started.  Therefore, you want to connect to a network that has a protected key.

Before connecting to a network, look to see the encryption type.  You want to make sure that it is WPA2.  Two types of networks that you want to stay away from are WPA and WEP.  These are easily hacked and thus, should never be used.  If you are on a WIndows machine, to see the encryption type, click on the wireless indicator and select your network.  The encryption type will be displayed under “Security Type”.

But wait, I still want to be able to use free wifi…is that even possible?

It is possible to save your data plan and still make use of the free wifi when you employ a virtual private network, or a VPN.  When you use a VPN, it encrypts the packets for you only, thus making your packet puzzle impossible for a packet sniffer to solve.  Using a VPN is easy, as you just sign up for a VPN account with one of the many VPN providers.  The cost is normally less than $50 per year.

You can use your VPN account with all of your devices.  Generally, tablets come with the functionality for a VPN connection built into the settings.  You will need to consult the VPN service that you signed up with for specifics.  If you want to use the VPN on a laptop or desktop, you will generally need to download an executable program from the VPN service and install it.  Then, every time you want to connect to a free wifi network, you will launch the VPN program first, sign in, and then feel free to safely browse the internet in obscurity.

I don’t want to sign up for a VPN and I don’t mind using my data.

If you don’t mind using your data in your phone plan, then connecting to your phone or tablet’s personal hotspot is the most secure option.  Simply turn on your hotspot and connect your device.  You may be using your data plan, but you can do so knowing that your data is safe.