Because October is Cyber Security Awareness Month, we thought that we would take the next few weeks to highlight cyber security exposures that are common to law firms.
Did you know that 44% of businesses don’t use multifactor authentication?
Your question back to me might be – What is multifactor authentication and why would I need it?
Multi Factor authentication or MFA is a security method that needs a user to use two or more authentication factors to prove who they are before they can use an organization’s network, check their email from a remote location, or use privileged or administrative accounts. It helps make sure that you are who you say you are.
The most common use of MFA is when banks or credit cards require you to input a password as well as a code that they email/text/call you with.
MFA should be used by law firms with email accounts as well as accessing any network remotely.
In fact, according to Microsoft, 99.9% of account compromise attacks can be blocked by MFA!
Most email products as well as system access software have MFA built in, so be sure to enable and protect your data!
Questions about risk mitigation for this exposure? Call us at 412.563.2106.
Next week, we will talk about how to protect your firm against multiple exposures!
Because October is Cyber Security Awareness Month, we thought that we would take the next few weeks to highlight cyber security exposures that are common to law firms.
This week’s topic – Passwords!
Did you know that there is a website that you can go to check to see if your email/password combination has been a part of a data breach? It’s called “Have I Been Pwned?” and you can access it here: https://haveibeenpwned.com/
It contains over 12 BILLION username/password combos that have been exposed in recent hacks.
Go to the site and enter your email address to see if you have been exposed. If so – change your password immediately for the account that was hacked.
Want to create a good password?
Try using these 7 criteria:
12 characters or more in length
Contains an uppercase letter
Contains a lowercase letter
Contains a number
Contains a symbol
Does not contain real words that could easily guessed by a dictionary attack
Hasn’t been used before as a password by your email address
Need help remembering each unique password? Invest in a password manager, like 1Password or KeePass.
Questions about risk mitigation for this exposure? Call us at 412.563.2106
Next week, we will discuss multi factor authentication!
Because October is Cyber Security Awareness Month, we thought that we would take the next few weeks to highlight cyber security exposures that are common to law firms.
This week we wanted to talk about wire fraud. Despite the fact that wire fraud scams target a wide range of professionals, attorneys who handle real estate transactions and/or wire money are particularly at risk.
Lawyers should be aware of any fraud schemes that could cost them and/or their clients hundreds of thousands of dollars if they transfer money to or on behalf of clients. The Federal Bureau of Investigation (FBI) estimates that scammers have stolen up to $1.33 billion just in the United States.
Here’s how the scheme normally works:
The scammer will gain control of an email account from at least one of the parties in a transaction. Typically that transaction will be in real estate. They will use this access to gain details.
The scammer will send a set of emails that appear to be legitimate discussing the details of the deal to build trust
Then, the scammer will send wire instructions OR make changes to a previously supplied set of instructions
The scammer will say this matter is “urgent” and that everything “needs to be done today”. This is so the normal set of checks and balances will be bypassed, thus eliminating the normal scrutiny requests like these should get
Then, the attorney would unknowingly wire the money to the scammer’s account and the scammer will typically move that money immediately to an overseas account so it cannot be stopped
There are a few ways that attorneys can prevent wire fraud –
#1 – Be hyper-vigilant
First, attorneys should be on the lookout for wire fraud scams and be skeptical whenever money is being wired to finish any kind of transaction. Wire fraud scams that use emails can involve anyone in a transaction, from someone the attorney has worked with for 40 years to someone they have only met briefly for one transaction. Because of how email works, it is much easier to hide a person’s true name through email than over the phone or in person.
#2 – Use a second authentication factor
Use a phone call as the second authentication factor to easily check on all wire transfer requests.
Before any money is moved out of the law firm for a transaction, an attorney can find out about most possible fraud scams by calling the person who is supposedly sending the email. Attorneys should always use the contact information they already have for the person instead of the information in the email, which could be fake. Lawyers can also call someone else at the company. The main point is to do something outside of the email chain that could be hacked.
#3 – Be skeptical of last minute changes
Be careful when a party in a deal suddenly changes how they usually do things. This could mean moving money to a different account, using a personal email address instead of a work one, or talking to someone else at the company. All of these things could be signs of a possible scam.
Questions about risk mitigation for this exposure? Call us at 412.563.2106
Stay tuned for next week where we will send you a website where you can check to see if your email/password combination has been exposed in any major hack.
Because October is Cyber Security Awareness Month, we thought that we would take the next few weeks to highlight cyber security exposures that are common to law firms.
A common question that we hear from our insureds is – What is ransomware and can it affect me?
Ransomware is a type of harmful software (also known as “malware”) that online thieves use to access a victim’s network. Typically, this happens via a download by an employee that was tricked. Once they are into the system, they’ll encrypt it so you can no longer access anything.
Finally, the thieves will demand a ransom, generally in bitcoin, in exchange for the decryption key.
Attackers using ransomware have recently increased their aggressivity, requesting six-, seven-, and even eight-figure ransom payments from organizations. It is more difficult for organizations to recover from such an attack as a result of these criminals deleting backups and, in some circumstances, issuing threats to reveal critical or confidential material.
One way to prevent ransomware affecting you is to make sure that your employees are well-trained on spotting suspicious emails and attachments. This way, they won’t download malicious files.
Another way to prevent ransomware is to make sure that you have a complete backup of your system that can be restored within 24-48 hours. This will enable you to put your system back up and lose minimal time without needing to deal with the criminals.
Questions about risk mitigation for this exposure? Call us at 412.563.2106
Stay tuned for next week where we will discuss wire fraud.
Our July Legal Malpractice Awareness Month would not be complete without some discussion about legal malpractice claims. I get asked a lot about claims and if there are really a lot of lawyers who get sued for legal malpractice. I always answer the same way: yes, there are a lot of claims filed against lawyers.
I recently had a discussion with a legal malpractice claims analyst, and he commented that the insured’s question or concerns today should not be “if I get sued, but rather “when I get sued and how many times.” I think that sums it up: lawyers being sued is not uncommon, and it does happen with frequency.
I believe that the reason most people don’t hear about lawyers being sued that often is that most lawyers don’t want to talk about it. It is not a pleasant experience to have your work questioned or accused of making a costly mistake. I understand that.
If you do find yourself in the position where someone is alleging that you made a mistake on their case or you find on your own that you made a mistake, don’t make it worse by ignoring it or hoping it goes away. It never does, and refusing to acknowledge it will only make it worse.
There is no scarlet letter, no stoning, and no public humiliation for reporting a claim. Chances are, several of your colleagues have gone through the same thing. Call your carrier, the hot line, or your broker. Get the issue reported immediately so you can get the right people involved early on. You will be glad that you did.
One of the harder questions that lawyers face when purchasing or renewing a legal malpractice insurance policy is: what policy limits and policy deductibles should I choose, and are those limits sufficient?
No one wants to buy more coverage than they need or have a deductible that never gets satisfied. Unfortunately, there just isn’t a stock answer. Since every law firm is different, the policy limits and deductible chosen should be based on the individual characteristics of the firm. Never choose limits and deductibles based on what your friend or the law firm down the street has. Take some time to consider the matter. No one knows your practice any better than you do.
Consider the type of law or cases your firm handles. What is the value of the cases you handle? What is the largest case value that you handle? What is the smallest? Is there an “average” value? How many lawyers are in your firm? What is the economy like? Lawyers seem to get sued more often in a bad economy than in a good one. These are just some of the questions you should ask yourself before deciding on your limits and deductible.
Once you have gathered the relevant information and thought about it, you’ll be in a much better position to decide, and I think you’ll find the decision becomes a little easier. Not easy, but a little easier.
You as lawyers have several choices when it comes to legal malpractice insurance. My guess is all brokers selling this type of coverage will tell you that their policy or program is a good one. But what exactly makes up a good program?
Let me tell you what I think makes up a good program and distinguishes it from other insurance program or policies in the marketplace:
1. A malpractice helpline or hotline for insureds. This is important as it provides an outlet for the insureds to discuss the disciplinary or claim issue with one of their colleagues.
2. A library of risk management tools. For example, sample copies of engagement letters, disengagement letters, samples of conflicts of interest checks and examples of docket control systems. This can be web site based or hard copies
3. Risk Management classes and or videos that may or may not provide CLE credit
4. Comprehensive policy form that provides: full prior acts coverage, career coverage, broad definition of professional services, unlimited tail coverage endorsement and a free retirement tail when appropriate.
5. An involved and experienced broker. Does your broker look like me, act like me, talk like me? If not they should. A broker is your connection to the carrier. Likewise the broker is the carrier’s connection to you. Education, dedication and commitment is a must. LPL is not a one size fits all, not even a one carrier fits all kind of product.
When searching for or reviewing your legal malpractice insurance program, you may not be able to secure everything I just mentioned but a good program will have most of them.
Well, welcome to July! Hard to believe July is already here. We at INtegrity First Corportation recognize/celebrate the month of July as Legal Malpractice Insurance Awareness month. Similar to September being Life Insurance Awareness Month and October being Cyber Insurance Awareness Month. And what better way to kick off the month than a short discussion on why malpractice insurance is so important. This fourth of July as we celebrate this great nation of ours don’t be red white and blue. Be red white and insured or covered.
I personally believe that there is no better way for lawyers to protect themselves, their practices and perhaps more importantly their clients! Everyone makes mistakes and lawyers are not excluded from this fact. Some mistakes are small and insignificant and can be resolved by the lawyer. Other mistakes however are more severe. They can cause harm to the client, and affect the reputation of the lawyer. These claims/mistakes requires special expertise, legal defense counsel and significant resources to resolve. This is where your legal malpractice insurance coverage/program pays huge dividends.
Your coverage will provide the guidance and assistance throughout the process, provide for defense counsel and settlement funds if needed. It also provides for a vigorous defense of you protecting your reputation from those annoying frivolous claims that often times get filed against you.
A good lawyers professional liability policy is worth its weight in gold! Make sure you have one!
Enter to win two FREE Steelers Tickets!
As we at Integrity First Corporation celebrate the month of July as lawyers legal malpractice insurance Awareness Month, we are honoring you, the lawyer, and offering you a chance to win two free Steelers tickets to an upcoming game during the 2023 2024 season.
Many carriers trying to be innovative or distinguish themselves in the Legal Malpractice marketplace try to add certain coverages to the policy hoping to get your business. While any additional coverage is a good thing, sometimes the advertising and marketing of the additional coverages can cause confusion about the type and extent of the additional coverages offered.
Some of the additional or ancillary coverages that carriers in the Legal Malpractice marketplace are marketing/providing are: Cyber Coverage, D&O Coverage, Fidelity Coverage and even some BOP coverage or business owners. Again, the additional coverages are not bad to have but they should not be thought of as complete coverage for that type of exposure. All of these ancillary coverages are just that – ancillary. Don’t be fooled in thinking that the ancillary coverage is all you need for those exposures. The ancillary coverage will provide minimal coverage in terms of depth and limits.
For a more comprehensive coverage with broad depth and adequate limits, you should consider a standalone or separate policy for each of the exposures that exist in your firm. Although buying separate policies for cyber, business owners, and crime coverage will add to your outlay of cash it should provide adequate protection for you and the firm in the event of a claim or loss. Notice I did not mention D&O coverage, if you sit on a non profit or for profit board you definitely need to check with that entity and confirm that they do have an inforce policy that protects you in your position as board member.
Don’t depend on your Legal Malpractice policy to act as a cover all policy. It’s not! It’s great to have supplemental and ancillary coverages in the legal malpractice policy but it is a mistake to believe these types of coverage will provide the coverage needed in a claim situation. Investigate standalone policies.
Time doesn’t stand still and we are not getting any younger. At least I’m not. Eventually we all will at some point retire. As lawyers in the private practice of law, you need to prepare for retirement from an insurance perspective.
When you retire, you want to make sure that you take the proper steps to maintain the coverage you paid for in all the years prior. You do this by securing what is known as tail coverage referred to as an Extended Reporting Provision. Tail coverage will allow you to report future claims filed against you stemming from professional services you provided to clients prior to your retirement. Hence the term tail coverage.
Tail coverage is an essential piece of your retirement plan and it is not inexpensive (cheap). The cost of tail coverage is usually based upon a percentage of the last premium you paid prior to retirement. Cost can be upwards of 300% of the last premium paid. For example if the last premium you paid for your policy prior to retirement was $2000, your tail coverage could cost as much as $6000.
It is important to note and to plan for that most carriers will offer a free retirement tail providing that you satisfy certain requirements. Different carriers have different requirements however most stipulate that you must have been insured with the carrier for three consecutive years to be eligible for a free retirement tail. Therefore you need to check with your broker and confirm what the requirements are in order to obtain a free retirement tail.
Do not wait until the last minute to check as we are talking time requirements of at least three years and be careful as to not change carriers when you are within that three year time frame. And if you do have to change carriers when in that retirement time frame, consult with your broker on what you will need to do to obtain a free tail with the new carrier. There may be options where you won’t have to start over at year 1 of being continuously insured.
Remember, when you’re getting close to retirement, ask questions, get answers and confirm that you qualify for a free tail or at a minimum can purchase a tail. It will help provide for a secure retirement and possibly add a little more cash to your retirement savings.
