CNA - The Remote-Ready Law Firm: Managing the Long-Distance Relationships
CYBERSECURITY ALERT: TIPS FOR PURCHASING CYBER INSURANCE

Cyber Liability Insurance - Checklist for Law Firms

Shutterstock_388157155 - Cyber Risk Management ImageWith a significant portion of the current U.S. workforce having shifted to a remote environment, many businesses, law firms included, are finding that their employees may not return to the “actual office”.   This disruption has opened the doors for Cyber Criminals to do what they do best - mayhem.  From phishing scams to social engineering scams – the remote environment makes business more vulnerable to these types of events and law firms have been a prime target. 

Now more than ever, law firms need to reconsider their internal controls, review their risk management strategies and secure a comprehensive Cyber Liability policy. 

Securing a dedicated Cyber Liability insurance policy offers several distinct advantages, not only in response to a breach, but in prevention of one as well.

Request a quote button 2

Here are a few check lists that can help you in securing this important coverage.

Cyber Liability Application Process:

  1. The application is usually 12-15 questions and you typically don’t need to consult with an IT department prior to completion.
  2. You will want to have a general idea of how many client records you have.
  3. Provide carrier with Law Firm Size (# of staff and # of attorneys)
  4. Provide carrier with Law Firm Revenue

Risk Management Procedures that need to be in place prior to completion for best Terms and Conditions

  1. Are computers set up to automatically download and install updates to the operating system?
  2. Do email systems require dual factor authentication?
  3. Have computers been updated to use DNS services with advanced security?
  4. Have administrative privileges been restricted on each computer?
  5. Do any of your employees with financial and accounting responsibilities complete social engineering training?

Phishing / Social Engineering

Phishing is the most common cyber-attack facing law firms.  Hackers have become successful in their attempts leading to an increase in the loss incurred. Law firms are advantageous targets because they hold confidential information and deal with large financial transitions. The rise in phishing attacks has prompted carriers to ask the following questions during the application process:

  1. Do any of your employees with financial and accounting responsibilities complete social engineering training?
  2. Does your firm receive wire transfers? If yes, does your process include:
    1. A wire request documentation form?
    2. A protocol for obtaining proper written authorization for the wire transfer?
    3. A separation of authority protocol?
    4. A protocol for confirming all payment and funds transfer instructions/requests from a new vendor, client or customer via direct all to that vendor, client or customer using only the telephone number provided by the vendor, client or customer before the payment of funds transfer instructions/request was received?
    5. A protocol for confirming any vendor, client or customer account information change requests (including requests to change bank account numbers, contact information or mailing addresses) via direct call to that vendor, client or customer using only the telephone number provided by the vendor, client or customer before the payment of funds transfer instructions/request was received?

**Tip** If you are not properly prepared to answer “yes” to all these questions – it will most likely mean denial in coverage.

Common Risk Management Services provided by a Carrier

  1. Employee Training
  2. Breach Coach
  3. Claims and advice Hotline
  4. Online Knowledge Resource Center
  5. Email News and Alerts

Conclusion

The reality is – In today’s business world, the question is no longer "if", the question is "when". When will your firm be the victim of a breach?

When it happens - Are you prepared?

While Lawyers’ Professional Liability insurance affords some coverage for cyber liability risks, there are distinct advantages to shifting that coverage to a dedicated Cyber policy.

Visit the USI Affinity Cyber Liability website to request a quote or  Contact the specialists at USI Affinity today – and let us protect the practice you have work so hard to build.

This material is for informational purposes only.   It is not intended to be exhaustive nor should any discussions or opinions be constructed as legal advice.  The insurance policy language will determine the actual coverage afforded to an insured.    Contact USI Affinity for any insurance questions you may have regarding your particular situation.  USI Affinity is not responsible for the content of the information provided or for the consequences of any legal actions taken on the basis of the information provided. 

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)