3 Tips on Keeping Your Business Data Safe While Working from Home

Hey, in these crazy times, as employers, we all have employees working from home…and although I’m not going to be able to give you advice on where to go for a good haircut, I am in a position to be able to give you three pretty good tips on how to keep your business information safe when your employees are working from home.

Do They Have a SECURE Internet Connection? TIP 1

First thing you need to do is make sure that your employees actually are working from a secure internet connection from their house. They really should be working with a WPA2 connection. And I think most people have that nowadays at their houses.

But there are some older systems that are still out there being used and they’re using a WEP key, which is not very secure. So, you want to make sure that that they’re not using that.

Do They LOCK Their Computer When They Leave It Unattended? TIP 2

Second thing – Make sure that when your employees are working from home, that they still actually lock their computer when they are done for the day (or even leave the room)…so your business data is safe. The mere fact that they’re working from home and not in your office doesn’t mean that the information that they’re working with can’t be stolen or mistakenly sent to somebody.

I mean, a lot of us have little kids running around and who’s to say you get up and leave, little Johnny comes and starts tapping on the computer keys, and says “Can I get on Facebook?”

Next thing you know all of your business information is sent to little Johnny’s 150 closest friends. You don’t want to get into that situation.

Do They Have a Separate Work Computer? TIP 3

Lastly, make sure that you give your employees their own computer to work from home.  Don’t expect or ask your employees to use their personal computer to do your work. You want to keep church and state separated, so to speak. When they’re working on your business, you want to make sure that they’re using your computer. You don’t want them paying their personal bills on your computer or your business bills on their personal computer…it just doesn’t mix. Not a good thing. We at INF hope these tips help you out.

‘Tis the Season for Cyber Security

02J68283

As the holiday season draws near, so do cyber criminals.  With more and more people shopping online, the number of potential cyber breach victims increases every day.  In fact, Adobe is predicting that Black Friday 2017 will see the highest sales ever on record.

So, without completely withdrawing from the online world, how can you protect yourself and your business online?  Try applying the following tips:

Make sure that you are on the website that you think that you are on

One of the most common ways to scam your username and password or credit card information from you is to send you to a fake website that looks very similar to the website that you are expecting.  An example of this is paypal.com versus paypa1.com.  Note that the only difference is the “L” at the end of the first one and there is a “1” at the end of the second one.

To get you to these fake sites, scammers will send you an email that directs you with a bogus link.  One way to see where the link is taking you is to hover over it with your mouse.  The website address will popup.  If the link is bad, block the email sender and move the email to your “SPAM” folder to prevent receiving emails from that person in the future.

One way to confirm that you are visiting the website that you want is for you to type the website into the address bar.  This way, you know that you are not following any false links and you arrive at the correct website.

Don’t fall for holiday phishing schemes

On Black Friday 2017, retailers sent over 3 BILLION emails to consumers, advertising their best deals and sales.  This day was also filled with scammers sending out tons of emails, pretending to be a retailer.  They were taking advantage of the fact that consumers were expecting to receive these emails and may not have questioned them as much.  This is known as phishing and its main purpose is to collect as much personal information about you as possible.

Commonly, phishing emails will try to direct you to a login page or a payment page.  They want to get your information as quickly as possible without you questioning the validity of the site.

A few ways to identify phishing schemes:

  • The “From” field display name is a store or bank.  However, when you click into it to reveal the full email address, it’s an address not related to that entity.
  • The email has graphics that look “off” or “fuzzy”.  Sometimes, to make the fake email look more legitimate, a scammer will copy the graphics from a store or bank from their website, which are not a high resolution.  As a result, when they are placed into an email, they look wrong.
  • When you hover over the link that the email wants you to visit, it is not pointing to the website that it claims to be sending you to.
  • Check for spelling mistakes and bad grammar.  Legitimate companies are sticklers when it comes to spelling and grammar.  If the email sounds poorly written, there is a good chance that the email is not legitimate

Check for an SSL certificate upon checkout

When you check out online, you want to make sure that there is an SSL certificate in the address bar.  You should see that the web address starts with “https://”.  Normally, there will be a lock image next to the address or the whole bar will turn green.

An SSL is important any time that you are entering financial information or passwords.  This encrypts that information and keeps it private from anyone that may be watching your transaction.

Create a strong password (and don’t use the same one) for your customer (and business) accounts

Your customer accounts for stores and banks should be protected by a strong password.  The company can have the best security measures and encryption in place, but if your account has an easily guessed password, none of that matters.

A strong password is 12 characters or more and contains at least one of each of the following:

  • Uppercase letter
  • Lowercase letter
  • Number
  • Symbol

You also do not want to use the same password for all of your accounts.  This is because if one of the accounts is hacked, the hacker now has the login information for all of your other accounts and they WILL check this immediately.

The average American has over 60 online accounts that they have to remember, so look into a good password manager to help you maintain the information.  Not only will the password manager help you remember all of your login information, but it will help you create secure passwords.

Some highly rated password managers include KeePass, Dashlane and LastPass.  Check out this article from PC mag for more information on the top password managers of 2017: https://www.pcmag.com/article2/0,2817,2407168,00.asp

BONUS: Turn on two factor authentication where possible

Two factor authentication (TFA) is becoming more prevalent as hackers become more savvy and have access to greater computing power.  TFA uses not only your username/password, but one other means of verification before you have access to your account.

This is now commonly available with banking and credit card websites.  When you turn this on, after you sign in with your username and password, they will ask if you want to receive a text or email for secondary verification of the account.  Once you make your selection, they will send a one-time only code to the phone number or email associated with that account, which you then have to enter to gain access.

This is helpful because even if someone had your password, they would still need access to your email or phone to be able to access your account.  If TFA is available to you, INF recommends turning it on to better protect yourself.

Have a safe and secure holiday season from INF!

Smart Risk Management for Law Firms: Be Prepared – not just for boy scouts anymore

Businessman using mobile phone outside courthouseI don’t know any attorneys that want to get sued by their client.  However, not all law firms are taking the proper steps to prevent this situation from happening.  In order to protect both your firm AND your client, you should employ multiple risk management techniques.

What is risk management?

Risk management is a set of policies and procedures that a law firm should have in place to reduce or eliminate risk issues.  Not only will you be protecting yourself and your clients, but you should receive a credit from your lawyers professional liability insurance carrier for employing these techniques.

How should risk management be taught?

Frequently, firms hold seminars for their employees to review office procedures and information specific to the firm.  Outside training can also be implemented in the form of webinars or guest speakers.

Your staff may interact with your clients as much or more than you do.  Don’t forget to train everyone!  According to the latest Verizon security report, 51% of data breaches are caused by the people within a company.  Make sure that they are familiar with your policies and procedures that you have in place.

Business team in the office

Important risk management policies for law firms #1 – Take the right cases

A common cause of malpractice is taking a case that your law firm is not qualified for or does not have the resources to handle.  You have to look past the dollar signs of a case and ask yourself, “Is this the best case for me and the firm?”  Create a policy that helps you walk through the details of a case to ensure that you are well-versed in the area of law it concerns as well as having the resources that it may require.

Important risk management policies for law firms #2 –Dealing with Departing Attorneys

Redundant Businesswoman Leaving Office With Box

If an attorney is departing your firm, make sure that an exit interview is conducted and that the proper steps are taken to remove them from your firm.  Make sure that you are aware of all cases that he/she was working on and any open issues.  Create a policy that outlines the following:

  • What are the important questions to ask in the exit interview for my firm?
  • Who should be assigned any work that is not completed?
  • What materials can the departing attorney take if they are allowed to take clients with them?
  • How can they be removed from your letterhead?
  • How can their access to your computer system be eliminated?
  • How does your firm contact your professional liability insurance carrier to let them know the date of attorney departure?

 

Important risk management policies for law firms #3 – Hiring a New Attorney

When you hire a new attorney, make sure that they go through your complete hiring process.  Make sure that they are everything that they claim to be.  Create a policy that outlines the following:

  • Ensure the new attorney is proficient in your firm’s areas of practice.
  • Why are they leaving their current firm? Was there a performance issue, were they a product of downsizing or are they looking for more opportunity?
  • Complete a conflict of interest check with the new attorney and all of the firm’s existing clients. The last thing that you want to do is to bring on a new lawyer and find out a few months later that they have a conflict with one of your biggest clients!
  • Make sure that they are comfortable with your firm’s risk management procedures.

 

Important risk management policies for law firms #4 – Dealing with Unhappy Clients

Clients are the lifeblood of any business.  An unhappy client can lead to bad reviews online, refuse to pay their bill, sue you for malpractice and many other things that can negatively impact your business.

One telltale sign that a client is unhappy is if they ask for a complete copy of their file after services have been rendered.  Another is if they tell you that they are unhappy with you or with the result of their case.

If you notice signs that your client seems to be dissatisfied, sit down and have a conversation with them to try to resolve the issue.  Sometimes, it is just a matter of explaining a legal process that they may not be familiar with.  Once they know why you chose to handle a situation in a certain way, it tends to alleviate their fears.

A common source of client dissatisfaction is lack of communication from the attorney to the client.  This can be solved by the attorney and the client setting up a communication timetable and sticking with it.  If you, as the attorney cannot meet the timetable during the representation, have your assistant or paralegal contact the client with an update.

Confused businessman with a calculatorAnother source of client unhappiness may stem from billing issues.  You are much better off to bill frequently instead of sending one large bill at the end of a case.  Smaller bills with detail help explain to the client what you did and act as an update to the case.  If you wait and send one “final bill” a client may forget how much work you performed and feel the bill is unreasonable.  Additionally, sending incremental invoices will help you get paid quicker.

Important risk management policies for law firms #5 – Docket Systems are CRITICAL

Agenda

If you look at claims that arise against lawyers, one of the most common alleged mistakes is a blown statute.  This is a result from your calendaring system not being used on a regular basis or not being used correctly.  Generally, LPL insurance carriers require that a firm have at least two docket systems with one of them being computerized.  Back up of this system should be on a daily basis.  Create a policy for your firm that details what type of docket systems your firm will use, how often they should be updated, how often they should be backed up, and who in the firm is responsible for maintaining the systems.

For more information on risk management or help creating/implementing these policies and procedures in your law firm, contact Donald Ivol at INtegrity First Corporation today!

Why Does My Company Need Cyber Liability Insurance?

Gadgets-In-Business-Vacation-Shopping-Banners-[Converted]Today’s businesses are more reliant than ever on technology.  Whether it’s an app, a device, or a piece of software, a business can save time and money.  However, this technology may expose them to multiple cyber risks that need to be addressed.  An unhappy ex-employee, a lost cell phone, an insecure password, an out-of-date computer system – these may all be a possible source of a data breach.

What is a data breach?
According to the Ponemon Institute, a breach is defined as an event in which an individual’s name and a medical record and/or a financial record or debit card is potentially put at risk—either in electronic or paper format.

Verizon found in their 2015 Data Breach Investigations report that about 50% of all security incidents are caused by people within your organization!  The other 50% are caused by hackers, viruses, malware, etc.  The people in your organization may not have caused the breach maliciously, but through human error or some other negligence.

Amazing Data Breach Facts

According to Ofcom’s “Adults’ Media Use and Attitudes Report 2013”, 55% of adults use the same password for everything.  Therefore, when one data breach occurs, about 55% of the passwords and information recovered can possibly lead to another breach, which can lead to another, etc. It’s easy to see how you can have a secure system, but if it’s not protected by secure employees, a data breach could easily occur.

login with email and password

The average cost per lost or stolen record in a data breach is $141 dollars according to the 2017 Ponemon Institute Data Breach study.

How many records is your company responsible for?  

When there is a breach in Pennsylvania, you are responsible for notifying each owner of those records that their data has been compromised.  Not only have you lost or diminished the trust of your clients, but you will spend a large amount of money informing them of this fact.

Because your clients can reasonably expect that you will protect their data, failing to do so can also result in federal and/or state fines.  Make sure that you are taking all reasonable steps to protect your data.

How can you protect your company from a data breach?

The first step that you can take is to purchase a cyber liability insurance policy. This allows you to transfer the risk to the insurance company and know that you are covered in the event of a data breach.  For the cost of a nice laptop (under $1500), you can purchase a standalone cyber liability policy.

This policy will help with a number of things when it comes to a data breach.  Most policies will cover the cost of notification, finding the breach source, fixing the source, restoring your clients’ trust, fines and more.  Before you purchase a policy, review the coverage available and ensure that you are fully covered.

The second step that you can take is to train your employees well and make sure that you have office procedures in place to ensure your security.

TOP 5 FREQUENTLY ASKED LIFE INSURANCE QUESTIONS

marriedcouple

The main concept of life insurance is well known and, for the most part, understood by those who purchase it.  Essentially, if you are covered by a life insurance policy and you pass away, a certain amount of money is paid by your life insurance company to the beneficiary you have designated.  While the general concept is easy to grasp, there are several other things to keep in mind,

 

Why should I buy life insurance?

There are many reasons why a person should buy life insurance.  A short list of popular reasons would include: (1) the cost of your own funeral/burial, (2) replacement income for your spouse and/or children as they can no longer rely on you to earn income, (3) mortgage/debt payoff.  Other valid reasons that should be considered include tax-free distribution of your wealth to your heirs/beneficiaries, children’s education expenses and buy/sell agreements for business partners.

 

Do I need to review my life insurance policy after I purchase it?

Yes, it is very important that you take the time to review your life insurance policy every few years.  Although not the case for all, most people undergo some significant changes in their life over a two or three-year time period.  Here are a few examples.

Got married? (Not the same as Got Milk?!)  If so, a review of the policy beneficiary and the value of the death benefit is in order.  No changes have to be made but common sense dictates a modification may be needed.  Got Divorced?  (Again, not the same as Got Milk?!)  The same holds true in this case as when you get married; death benefits and beneficiary should be reviewed for changes.

Purchasing a new home will also trigger the need to review your life insurance policy.  Suddenly, your $50,000 policy becomes insufficient when you consider your new $250,000 mortgage.

Have you gone on a health kick and lost a bunch of weight?  Good for you!  Not only will you be healthier, you may qualify for a preferred insurance rate and obtain more coverage for the same price or pay less premium for more coverage!

Life changes are happening all the time.  Make sure your life insurance policy keeps pace with your life style.

 

 

What is the difference between whole life insurance and term life insurance?

I like simple explanations of things and “simply put” the main difference between term and whole life lies in the name of the type of coverage.  A “whole life” insurance policy is designed to cover you for your entire lifetime. Term life (for this purpose) can be considered short for the word “terminates”.   Term policies are typically designed for a specific period of time and then expire. (i.e. 10 years, 20 years, 30 years).   Because whole life polices usually last longer and have some sort of investment return included in the contract, whole life costs more than term life policies. Because of their specified length of coverage, term life policies are recommended to insure agreements that have timelines ie.mortgages, business arrangements.  As with most products, term life and whole life polices can be designed with a variety of features and benefits.

 

How much life insurance should I have?

A tough question and I am not sure there is one “correct” answer. 

Everyone’s situation is different and there are many variables that come into play: Married, Single, Children, Income, Age, Health. Many professionals advise that the amount of life insurance should be a multiple of your earnings…..perhaps.  I think a better approach is to discuss your specific situation with an insurance professional and agree on an amount that you are comfortable with knowing the reasons why you agreed on that certain amount.

 

Is it hard to apply for life insurance?

No, as the saying goes, it is relatively painless!  An application will be required.  These applications will ask for your personal demographics along with your health history.  Depending on your circumstances, a completed application may be all that is required. In certain circumstances you may be required to have tests performed i.e. blood test, blood pressure, EKG.  Again, the amount of information required and tests performed will depend on your individual circumstances and amounts of life insurance you are seeking.  Remember that your Agent can assist you with the application process and with any questions that you may have.

 

 

 

 

 

ShareFile Portal Perks for INF Clients – 24/7/365 Access for YOU!

As an INF client, you have access to the INF ShareFile Portal 24/7/365! This is a huge perk of working with INF. You have all of your data at your fingertips.
However, we have received multiple questions regarding the portal. We hope to clear up any confusion with this post.
Why does INF use ShareFile?
We wanted our clients to have access to their current lawyers professional liability insurance application and policy securely from anywhere at any time. We use our ShareFile portal to make that happen!
ShareFile has the following security features:

  • Third-party validated application and datacenter controls from SOC 2 and SSAE 16 audits.
  • Bank-level encryption in transit and at rest.
  • Two-factor authentication and single sign-on for added security.
  • Multiple data storage locations around the globe.
  • 99.9 percent uptime and disaster recovery centers in the United States and Europe.

In other words, ShareFile is very secure! INF is highly concerned with protecting your data.
How do I get to the portal?
Go to https://integrityfirstins.sharefile.com and you will be presented with the following screen:

SharefilePerksPic1
What username should I use?
Your username for the portal is the email address that you have on file with INF. If your email address changes, just let us know and we can change the username for you.
What if I don’t know my password?
Click on the “Forgot Password?” link on the Sign In page.

SharefilePerksPic2

This will take you to the “Forgot Password” page. It will ask you to enter your email address and to fulfill a CAPTCHA request to prove that you are human.
SharefilePerksPic3

Once you click “Send”, it will email you a “Password Reset” email from “Sharefile Support”.

SharefilePerksPic4

Click on the “Reset your password now” link. This will open a browser with the “Reset Password” instructions.

SharefilePerksPic5

Fill in the required fields and click the “Reset Password” button. This will officially reset your ShareFile password.
What is contained in the portal?
Your portal contains your current lawyers professional liability policy as well as your original application. Additionally, if you have been a customer of INF for more than one year, the portal contains all of your LPL policies and applications since 2015. You can download these pdfs whenever you would like.

I want multiple people in my office to have access to my files. Is that possible?
Yes, it is. Email sivol@integrityfirstins.biz with the person’s name and email address that you would like to add to your portal. They will be added within 48 hours. This can be done with multiple people as well.

Can I access the portal on my mobile device?
Yes, you have TWO ways to access it:
1 – You can get to the portal via the browser on your mobile device
2 – You can download the “Citrix ShareFile for iPhone and iPad” (https://itunes.apple.com/us/app/citrix-sharefile-for-ipad/id440596621?mt=8) app and sign in with your credentials. This app is also available from the Google Play Store (https://play.google.com/store/apps/details?id=com.sharefile.mobile&hl=en) and the Windows Store (http://apps.microsoft.com/windows/en-us/app/sharefile/b7940fda-b088-4af4-869b-e21a737bb26f).
You now can have a copy of your LPL insurance policy with you wherever you go!

Once I’m signed in, how do I download my policy?
Click on “Shared Folders” on the left-hand side menu to bring up your folder structure. Your folder name should contain your LPL expiration date and your firm name. Click on the folder to reveal the contents. This is where your policy is stored. To download the policy (or any document), click on the name of the document. This takes you to a preview screen, where you can see the document. It also gives you a few options on the right-hand side of the screen.

SharefilePerksPic6

You can download, copy or print the document from here.

What insurance limits should I carry as a Pennsylvania attorney?

A question that frequently arises in the world of professional liability insurance is “what limits of liability should a lawyer or law firm carry?” 

To me, there is a simple answer to this question.

There are two parts to a set of professional liability insurance limits.  The first part is the “per claim” limit of liability.  This is the most that an insurance carrier will pay for both the cost to defend any one claim and any subsequent “loss” or “damages” sustained from said claim.  It stands to reason that the per claim limit of liability should be enough to cover both defense costs and a payout from a claim stemming from your highest valued case.

The second part of a set of professional liability insurance limits is the “aggregate” limit of liability.  This is the maximum amount of coverage for the entire policy year.  As the per claim limit should be selected to cover the worst of potential claims, your aggregate limit should be enough to cover your most expensive two or three claims.

If you find yourself thinking that your current coverage may not be suited to cover your biggest exposure, consult your broker on what the procedure and cost will be to obtain the limits you need.  You may be pleasantly surprised at how little the cost is to improve your coverage.

Common LPL Coverage Issues Overlooked By Attorneys

Many lawyers have some type of ownership/equity interest in or with the clients they serve.  Others serve on local nonprofit boards within their community.  All do so usually without completely understanding how these outside interests and relationships affect their professional liability insurance coverage.

Most lawyers professional liability policies exclude coverage for those professional services that lawyers provide to clients where the lawyer has an ownership interest in or with that client.  Some policies go so far as to include ownership interests of the lawyer’s spouse!  Common examples that I have seen on lawyer applications are: ownership in title agencies, real estate, and small businesses of all kinds.

LPL Polices also exclude the acts of the lawyer when acting as a director, officer or board member of entities, including nonprofits.  Lawyers are often asked to sit on boards because they ARE Lawyers and are tapped for their knowledge of the law during board meetings.  It is very difficult for the lawyer and the board to distinguish when the lawyer is acting as a board member and when and if the lawyer is acting in the capacity of a lawyer and lawyer client relationship.  It is easy for the lawyer to get caught in a situation where the board believes he/she provided legal advice however the lawyer believes that he/she provided that advice as a member of the board.  In the event that “advice” leads to a bad outcome for the board and eventually ends in a malpractice claim, the lawyer could be without coverage!

Before accepting board positions or investing with or in clients, all lawyers should ask how this relationship will impact the professional liability insurance from both a coverage and cost standpoint.

 

 

Tips on reporting claims and potential claims

When insureds report a claim to their carrier, the expectation is the claim will be covered and their assets and reputation be protected.  While this happens the majority of the time, there are situations when the worst occurs and the claim is denied coverage.  There are several reasons insurance carriers decline coverage on reported professional liability claims.  One of the reasons claims are denied is due to the late reporting of the claim.  Although late reporting is a cause for claim denial, it can be avoided by the insured.

Professional liability insurance policies require that all claims be reported in the policy period that the insured first becomes aware of the claim.  This is also true for potential claims.  Most carriers have wording in the policy that states the insured needs to report those incidents that the insured could reasonably foresee the incident may lead to claim.  Failure to report these potential claims may lead to a denial in coverage.

AttorneyAtWindowIt sounds easy and it should be easy for the firm to report claims and potential claims as soon as they are aware of them.  Unfortunately, it is never easy.  No firm wants to “think” they made a mistake or a client is unhappy with their services.  In addition, some insureds think that the mere reporting of a claim or potential claim will increase their insurance premium, so the claim goes unreported.  Not true.  The mere reporting of a single claim or potential claim does not necessarily increase your premium.

Bottom line…you pay a lot of money to secure the policy, don’t jeopardize the coverage when you need it most.  Report issues early.    Perhaps the tips below will help you make sure your claim or potential claim is reported in a timely fashion:

  1. Meet monthly with your staff/lawyers to review the “tough” cases.
  2. Encourage your staff/lawyers to bring problem cases to your attention.  Don’t punish.
  3. At renewal time, ask all lawyers in the firm to answer the potential claim and claim question on the renewal application. Have them sign and date it.
  4. Most carriers now have a claim hot line or help line that is available to insureds.  Use it.
  5. Make sure that your staff/lawyers know how the insurance policy works and that claims and potential claims need to be reported immediately or they risk losing coverage.  Identify a point “claims person.”  Have all claims and potential claims directed to that person for review and reporting.

December Attorney Pro Risk Tip of the Month

ACCEPTING GIFTS
Know the rules regarding gifts. Generally, a lawyer may receive modest, unsolicited gifts from clients(1). However, a lawyer should not solicit substantial gifts from a client, including testamentary gifts, unless the client is a close relative (2).

 

 

1 See MODEL RULES OF PROF’L CONDUCT R.1.8(c) (1983) (amended 2013). 2 Id.

Tip courtesy of  www.attorneyprotective.com