No lawyer would step foot in a court room without having done his or her due diligence to protect the clients they represent. Yet a surprising number of attorneys take only a cursory approach to ensuring they have the appropriate level of professional liability insurance to protect their legal practice.

Part of this is because every attorney launches his or her practice committed to ethical best practices. Moreover, many attorneys commonly assume their professional liability policy will provide all the coverage they need in a worst-case scenario. This is not always the case.

Take, for instance, the risk exposure to an attorney from an advertising error. If there’s a mistake in a firm’s advertising that results in a lawsuit, such an error might not be a covered claim in a standard professional liability policy. Even if the claim is considered to be covered, if the costs of the lawsuit are substantial and beyond the limits of the professional liability policy, the attorney in question can be on the hook for the difference – potentially putting him or her out of business.

Another often overlooked area of insurance is the non-practicing tail or extended reporting provision. Because claims can be made against an attorney years after he or she ceases to practice, even new attorneys should consider the importance of this type of coverage.

Many insurers offer a non-practicing or extended tail only as an optional coverage enhancement. In many cases, attorneys may need to maintain consistent coverage with an insurer for a specific period of time to qualify for the non-practicing tail option, if it is offered at all. For an attorney who might be considering retirement or otherwise leaving the practice of law is they may not have the coverage they need for liability claims that are made after they are no longer practicing law or, in some circumstances, after they die or are disabled.

Yet another overlooked area of proper liability coverage for lawyers is commercial auto insurance. This is rarely included in a standard professional liability policy for attorneys. Many attorneys mistakenly believe their personal auto insurance will provide adequate coverage. This may not be true. A personal auto policy may not provide any or all of the coverage necessary if there is a serious accident while an attorney’s personal vehicle is used for business purposes or if a client is injured while in the attorney’s vehicle. If an attorney is using his or her car to travel to clients on a routine basis, then making sure they have a commercial auto policy is essential.

Finally, attorneys evaluating professional liability insurance options should also determine if the policy offers to waive the deductible for early claims resolution. Typically, a claim is considered in early resolution when it is closed within 90 days of reporting. Many professional liability policies do not include this option, and attorneys frequently fail to ask their agents if such an option is available, potentially leaving substantial costs on the table.

There are countless examples of how and where “off the shelf” professional liability insurance policies fall short for attorneys. Working with insurance professionals who have extensive experience with lawyers and law firms is the first in a series of steps attorneys can take to ensure they’ve done their due diligence to mitigate their short- and long-term risks.

When considering purchasing a professional liability policy, attorneys should look for a policy that bundles coverage for issues that include:

Cyber liability

Employment practices liability

Workers’ compensation

General business owner’s liability

Commercial auto

Fidelity bond

Failing to fully explore and understand what is and isn’t included in a professional liability insurance policy opens up tremendous risk to attorneys, both immediately as well as later in their careers. Just as you would advise your clients to carefully read contract terms, I advise you to review your insurance policy against your known risk exposures.

To better understand your risk and how to protect yourself, email me at abiggio@firstindemnity.net for a free consultation.

From time to time, your hard work successfully advocating on behalf of your client will result in some unpaid bills. Especially if the legal matter did not turn out as favorably as your client hoped, you could find yourself in a situation where your client refuses to pay appropriate legal fees for services rendered.

While these situations are usually rare, they are not uncommon.

My advice to attorneys in this situation is to consider the ramifications of pursuing these clients. Most attorneys will notify their clients to let them know they are in breach of their agreement for services rendered if the clients are not paying their bills. It’s the step that comes next – instituting a lawsuit or pursuing fee arbitration or mediation – that has the potential to harm the attorney.

Once a lawsuit (or arbitration or mediation) is instituted over legal fees, most often the client in question will file a counter claim of professional negligence. It’s that counter claim that immediately engages the attorney’s Errors & Omissions policy and its corresponding deductible.

It’s because of the insurance risk that the American Bar Association offers a cautious warning to attorneys who are considering suing their clients over legal fees.

Attorney’s must carefully weigh the value of pursuing these unpaid fees along with the likely corollary rise in their insurance premiums. The typical rate increase on an attorney’s liability insurance coverage can be 10 percent following a claim. As a result, most attorneys can think twice about pursuing legal action on unpaid fees unless those fees are in excess of $25,000.

Further, in addition to the risk of higher insurance premiums, many insurance underwriters will see professional negligence or malpractice insurance claims as red flags on a renewal application. This means the worst-case scenario is not just higher rates—it could be having your coverage dropped entirely.

The good news is for those attorneys who follow the rules and adhere to the highest ethical standards of practicing law, instances of suing clients over legal fees will be rare, if they occur at all. In a typical legal career of 30 or more years, I have only seen about three instances of attorneys needing to turn to the legal system to have their fees paid by reluctant clients. As such, this is not a frequent problem many attorneys face, and it is typically restricted to certain types of legal practices: family law, estates and trusts and divorce law.

Less common is when a client determines to sue his or her lawyer over legal fees. They may feel they were overcharged or promised results that didn’t materialize or, worse, that you failed to act in their best interest and provide an appropriate level of representation.

While such instances are rare, they do happen.

To protect yourself, pay close attention to your billing practices. Most often when such legal disputes arise, the manner and detail of your billing practices can make the difference between a quick win or a costly mistake. These billing practices include:

Over-staffing a legal matter or case

Non-itemized billing

Billing for time spent on fee collection or firm accounting matters

Failing to delegate routine legal work where applicable

Charges for non-legal personnel or clerical services

Rate increases without prior notification to the client

Understanding the insurance implications of suing a client over unpaid fees – or not focusing on your own billing practices to avoid being sued over said fees – can have a major impact on your practice’s bottom line.

One of the most common questions attorneys – and pretty much anyone else purchasing insurance – typically asks is “How much insurance should I have?” or “How much insurance is enough?”

The answer, unfortunately, is different for everyone.

That’s why First Indemnity offers a starting point with some basic parameters. Every attorney will have different needs and different concerns, but what follows is information that gives you somewhere to start.

A Coverage Guide for You

If you’re a solo attorney just getting started and your client volume is low, you’re going to want a professional liability policy that, broadly speaking, offers coverage of at least $250,000 per claim. A $500,00 aggregate limit is fine.

For attorneys with a slightly more mature practice, with say between three and six years of experience and working with five or fewer partners, you’re going to want a policy that provides between $1 and $2 million per claim.

If you’ve been practicing for a decade or more and your firm has 10 or more lawyers, your policy must offer a minimum of $2 million per claim, with a $2 million aggregate.

Once you’re beyond both the above years in practice and 15 attorneys or more, your insurance policy must provide a minimum of $5 million in coverage per claim.

Critical Issues to Consider

With a professional liability insurance policy, whether any legal fees would erode the coverage is the most critical issue to explore as you evaluate just how much coverage is enough. A policy where legal fees erode coverage will provide significantly less coverage than a policy where legal fees do not erode coverage, although premiums for the former may appear more attractive than the latter. In this scenario, you get what you pay for.

Another important issue to keep in mind is cyber liability coverage. Too often, attorneys assume any type of cyber breach is covered under a standard professional liability policy. In most cases, this is not correct. You cannot operate a business today without cyber liability coverage. Because small businesses – and professional services in particular – are increasingly targets of cyber criminals, it’s simply a matter of when, not if, you will need such coverage.

Be sure to get quotes on higher levels of coverage than you think you might need. Keeping the above in mind will help guide you in your initial discussions with insurance professionals about how much coverage you’ll need.

Ultimately, it’s a business decision about how and where to spend money on insurance to mitigate risk to your business. When determining how much coverage is enough, the right answer is usually whatever amount helps you not worry about the consequences of the coverage you select.

The reality is that most attorneys don’t think about the disciplinary process until they are in it, and by then, it’s too late. That’s why you should know the process, understand the risks, and protect yourself now.

Common types of ethics complaints

While intentional malfeasance makes headlines, the majority of ethics complaints against lawyers come from run-of-the-mill problems, according to the ABA Journal. These include:

• Failing to properly communicate with clients, such as not returning phone calls promptly or not sending written termination letters.
• Disputes over fees, often because the attorney’s fee agreement wasn’t disclosed in writing to the client.
• Bouncing a check. The laws regarding IOLTA (Interest on Lawyer Trust Accounts) are complex, and funds are easy to mishandle. If that happens, it triggers an automatic discipline report in some states.
• Conflicts of interest. This can be especially tricky for firms with multiple partners who fail to communicate with one another.

What happens when a complaint is filed

Disciplinary proceedings vary by state. Many process complaints through a State Bar. Others do so through a court of law, while others use statewide grievance committees or offices. And while each state’s processes differ slightly, there are common themes.

Once you receive a notice of complaint, you must respond. If you fail to do so, a disciplinary action could be made against you by default. After you respond, the disciplinary board will proceed as needed. Steps could include continued investigation, the issuing of subpoenas to review case files, and/or depositions. The disciplinary board will then take action, which may include a letter of caution, a private reprimand, or the filing of formal charges of misconduct, the latter of which could lead to censure, suspension or disbarment.

How to protect yourself

If you receive a disciplinary complaint, you will not be able to stay objective. You will need to hire outside counsel to represent you.

Whether you’re a solo practitioner, an associate or a partner in a mid-size or large firm, you should also be proactive. Make sure your firm’s professional liability policy includes disciplinary proceedings coverage. It will provide coverage for any inquiry or proceeding by a regulatory or licensing board, peer review committee, disciplinary official or state/federal agency for any charges alleging misconduct. It will not cover any fines, penalties or sanctions made by a disciplinary board against an attorney.

I advise lawyers to look for disciplinary proceedings coverage with a $50,000 limit. That limit is separate from the existing policy limit. Look for coverage with a broad definition of a proceeding, which means it may pay $50,000 per proceeding and/or up to $100,000 for all proceedings within a calendar year.

No matter how ethical or detailed-oriented you are as an attorney, avoiding any and all disciplinary proceedings can be near impossible. By understanding your state’s disciplinary process and obtaining proper coverage, you will reduce your personal stress and be well prepared to defend your license if needed.

Andrew Biggio is the founder and president of First Indemnity Insurance Group, which provides professional liability insurance for attorneys, tax prep accountants, CPAs and bookkeepers. First Indemnity is headquartered in Lynn, Massachusetts (near Boston), with additional offices in New York, Chicago, Dallas, Los Angeles, Philadelphia and Tampa, Florida.

A majority of attorneys hold themselves to the highest standards and follow the ethical guidelines set forth by their state. Yet during their careers, nearly all lawyers will face at least one complaint of unethical conduct. When that compliant comes, will you be ready?

The reality is that most attorneys don’t think about the disciplinary process until they are in it, and by then, it’s too late. That’s why you should know the process, understand the risks, and protect yourself now.

Common types of ethics complaints

While intentional malfeasance makes headlines, the majority of ethics complaints against lawyers come from run-of-the-mill problems, according to the ABA Journal. These include:

Failing to properly communicate with clients, such as not returning phone calls promptly or not sending written termination letters.

Disputes over fees, often because the attorney’s fee agreement wasn’t disclosed in writing to the client.

Bouncing a check. The laws regarding IOLTA (Interest on Lawyer Trust Accounts) are complex, and funds are easy to mishandle. If that happens, it triggers an automatic discipline report in some states.

Conflicts of interest. This can be especially tricky for firms with multiple partners who fail to communicate with one another.

What happens when a complaint is filed

Disciplinary proceedings vary by state. Many process complaints through a State Bar. Others do so through a court of law, while others use statewide grievance committees or offices. And while each state’s processes differ slightly, there are common themes.

Once you receive a notice of complaint, you must respond. If you fail to do so, a disciplinary action could be made against you by default. After you respond, the disciplinary board will proceed as needed. Steps could include continued investigation, the issuing of subpoenas to review case files, and/or depositions. The disciplinary board will then take action, which may include a letter of caution, a private reprimand, or the filing of formal charges of misconduct, the latter of which could lead to censure, suspension or disbarment.

How to protect yourself

If you receive a disciplinary complaint, you will not be able to stay objective. You will need to hire outside counsel to represent you.

Whether you’re a solo practitioner, an associate or a partner in a mid-size or large firm, you should also be proactive. Make sure your firm’s professional liability policy includes disciplinary proceedings coverage. It will provide coverage for any inquiry or proceeding by a regulatory or licensing board, peer review committee, disciplinary official or state/federal agency for any charges alleging misconduct. It will not cover any fines, penalties or sanctions made by a disciplinary board against an attorney.

I advise lawyers to look for disciplinary proceedings coverage with a $50,000 limit. That limit is separate from the existing policy limit. Look for coverage with a broad definition of a proceeding, which means it may pay $50,000 per proceeding and/or up to $100,000 for all proceedings within a calendar year.

No matter how ethical or detailed-oriented you are as an attorney, avoiding any and all disciplinary proceedings can be near impossible. By understanding your state’s disciplinary process and obtaining proper coverage, you will reduce your personal stress and be well prepared to defend your license if needed.

The number of malpractice claims filed against attorneys has remained steady year-over-year, according to Ames & Gough’s 2018 Lawyer’s Professional Liability Insurer Survey. That’s the good news.

Here’s the bad news: The cost of defending these claims continue to rise due to increasing attorney’s fees, rising discovery costs, and the overall complexity of these cases. All nine insurers surveyed had claims with reserves over $500,000 in 2017. Five major insurers reported paying a claim of $50 million or more, while one paid out more than $150 million.

In our work providing lawyers’ professional liability products at First Indemnity Insurance Group, we find that the average amounts to defend a solo practitioner range from between $25,000 to $80,000, and the average for small- to midsize firms could easily run $100,000 and above.

Yet many common claims can be prevented. Here are the top three claims we see, and ways to avoid each one:

1.Failing to calendar. According to the American Bar Association’s Standing Committee on Lawyer’s Professional Liability, more than one-third of legal malpractice claims filed from 2012-2015 involved calendar and docketing errors. These include issues like failure to file, improper calendaring, failure to know or learn deadlines, lack of follow-up, failure to react to a court calendar, and clerical errors. In this area, small firms represent the majority of all claims.

How to prevent it: Maintain at least two forms of docketing within your firm, and make sure both are properly synced. Take advantage of cloud technology that allows you to keep your calendar on your smartphone or other devices at all times, and to update it from wherever you are. Use online court date calculators to ensure you don’t miss key filing dates. And make sure everyone in your firm understands your calendaring protocol and knows who is responsible for keeping everything on schedule.

2.Conflicts of interest. This category includes claims filed for both conflict of interest and perceived conflict of interest, and a lawyer can face them whether or not they knew about the conflict.

How to prevent them: Do your due diligence. Run a conflict of interest check for any client, former client, subsidiary of that client or family member. Do the same for any witnesses or co-parties in any cases. Make sure any potential conflict found is documented and resolved. If you’re in a firm with several partners, make it mandatory for those partners to have regular conflict of interest meetings so everyone knows which new clients are coming on board and can identify any potential conflicts.

3.Fee disputes. As attorneys’ fees rise, so do your clients’ concerns. While some clients file claims about exorbitant fees, most claims boil down to a lack of communication about the fee.

How to prevent them: Send a written letter of engagement and a fee agreement to all clients that explain precisely what your professional services are, and what they are not. Include a fee schedule for full transparency. Take a retainer, and institute monthly billing. And we highly recommend against lawyers suing a client over a fee. In such cases, the client will most often counterclaim professional negligence to avoid paying the fee. If that happens, it will trigger your professional liability policy deductible and will lead to an automatic 15% claim surcharge for five years. A wiser approach may be fee arbitration or mediation if you practice in a state where such a process exists.

The costs of professional liability claims continue to rise even as the number of claims holds steady. Taking these simple steps can help you avoid these claims, save you money, and most of all, save you time and headaches.

The number of malpractice claims filed against attorneys has remained steady year-over-year, according to Ames & Gough’s 2018 Lawyer’s Professional Liability Insurer Survey. That’s the good news.

Here’s the bad news: The cost of defending these claims continue to rise due to increasing attorney’s fees, rising discovery costs, and the overall complexity of these cases. All nine insurers surveyed had claims with reserves over $500,000 in 2017. Five major insurers reported paying a claim of $50 million or more, while one paid out more than $150 million.

In our work providing lawyers’ professional liability products at First Indemnity Insurance Group, we find that the average amounts to defend a solo practitioner range from between $25,000 to $80,000, and the average for small- to midsize firms could easily run $100,000 and above.

Yet many common claims can be prevented. Here are the top three claims we see, and ways to avoid each one:

1.Failing to calendar. According to the American Bar Association’s Standing Committee on Lawyer’s Professional Liability, more than one-third of legal malpractice claims filed from 2012-2015 involved calendar and docketing errors. These include issues like failure to file, improper calendaring, failure to know or learn deadlines, lack of follow-up, failure to react to a court calendar, and clerical errors. In this area, small firms represent the majority of all claims.

How to prevent it: Maintain at least two forms of docketing within your firm, and make sure both are properly synced. Take advantage of cloud technology that allows you to keep your calendar on your smartphone or other devices at all times, and to update it from wherever you are. Use online court date calculators to ensure you don’t miss key filing dates. And make sure everyone in your firm understands your calendaring protocol and knows who is responsible for keeping everything on schedule.

2.Conflicts of interest. This category includes claims filed for both conflict of interest and perceived conflict of interest, and a lawyer can face them whether or not they knew about the conflict.

How to prevent them: Do your due diligence. Run a conflict of interest check for any client, former client, subsidiary of that client or family member. Do the same for any witnesses or co-parties in any cases. Make sure any potential conflict found is documented and resolved. If you’re in a firm with several partners, make it mandatory for those partners to have regular conflict of interest meetings so everyone knows which new clients are coming on board and can identify any potential conflicts.

3.Fee disputes. As attorneys’ fees rise, so do your clients’ concerns. While some clients file claims about exorbitant fees, most claims boil down to a lack of communication about the fee.

How to prevent them: Send a written letter of engagement and a fee agreement to all clients that explain precisely what your professional services are, and what they are not. Include a fee schedule for full transparency. Take a retainer, and institute monthly billing. And we highly recommend against lawyers suing a client over a fee. In such cases, the client will most often counterclaim professional negligence to avoid paying the fee. If that happens, it will trigger your professional liability policy deductible and will lead to an automatic 15% claim surcharge for five years. A wiser approach may be fee arbitration or mediation if you practice in a state where such a process exists.

The costs of professional liability claims continue to rise even as the number of claims holds steady. Taking these simple steps can help you avoid these claims, save you money, and most of all, save you time and headaches.

Andrew Biggio is the founder and president of First Indemnity Insurance Group, which provides professional liability insurance for attorneys, tax prep accountants, CPAs and bookkeepers. First Indemnity is headquartered in Lynn, Massachusetts (near Boston), with additional offices in New York, Chicago, Dallas, Los Angeles, Philadelphia and Tampa, Florida.

Whether posing as a client, a trusted vendor or even the law firm itself, these scammers assume the identity of a known agent or party familiar to the firm, including firm administrators. Using a trusted person’s email, the scammer will contact someone within the firm and provide information that generally appears legitimate. These scammers will send emails that include wire instructions or changes to wire instructions, directing the recipient to transfer funds to a noted account. Once those funds have transferred, the scammers will typically begin moving the money around, making it difficult if not impossible to trace and recoup lost funds.

In addition to plying these schemes through email, some criminals will be so bold as to call the law firm directly with wiring instructions, again posing as representatives of trusted business organizations or parties to a transaction. Some have gone even further, sending imposters physically to law firm offices to conduct the fraud. Once there, they pose convincingly as parties to a business transaction or even as someone working for the law firm. They also can pose as someone working for a law firm representing other parties to a transaction and provide seemingly legitimate instructions for the electronic distribution of funds. When the dollars are substantial enough, these fraudsters do not lack for gumption.

Steps You Can Take

As instances of wire fraud continue to grow, law firms must be more vigilant to ensure they do not become victims to these schemes.

Every law firm should have documented, verifiable call-back procedures in place to substantially reduce the risk of fraudulent transaction activity. Employing comprehensive data encryption and use of safe pass programs for financial transactions are additional, standard steps law firms should take to protect themselves and their clients. Regular updates to all firm software is also a basic but critical recommendation. Often software updates include patches related to known data security issues – issues scammers look for when hacking into law firm computer systems and email programs.

In addition, law firm leaders should not only have a solid understanding of their own wire fraud prevention measures, but those of third-parties with whom they work. This includes banks, title companies and so forth. Quarterly screening and review of the firm’s wire fraud protection efforts, and those of their third-party vendors, is strongly recommended.

And because these fraudsters don’t simply avail themselves of attorney vulnerabilities, law firms have a duty to educate their clients involved in any financial transaction the firm is handling. Following similar advice as above, firms should caution clients to update their software and verbally verify any transaction requests directly with their attorney before they take any action. Clients should also be on the lookout for red flags such as outside parties directing them to take certain actions or receiving changes to previously agreed upon account numbers for wire transfer agreements, etc. And while not completely fool-proof themselves, sometimes something as simple as using a standard bank draft or check rather than a wire transfer is just the sort of thing that can derail the well-laid plans of these wire fraud schemers.

We’ve Got You Covered

While wire transfer fraud can be a significant exposure for law firms, to date many insurers have kept quiet on the issue as they evaluate the exposure itself.

First Indemnity Insurance Group takes a different approach. Working directly with law firms and attorneys, our philosophy is that your defense is our focus. As such, our broad definition of attorney/covered services contains a larger scope of covered parties and coverage limits, and this often includes wire transfer fraud coverage.

From the moment a First Indemnity client reports a wire fraud transaction, we deploy an entire team to come to the defense of the firm.

A remediation team is typically deployed within the first 8 hours of the report of a fraudulent transaction in an effort to track the funds and, if possible, recoup the finances in question. Timely reporting of the fraud is critical to the viability of this effort.

Next, and often in tandem with the remediation team, our forensic team begins the task of identifying where the breach in your firm’s security took place. The forensic team will identify the breach, patch or repair the breach and conduct a system-wide threat analysis to determine any other additional vulnerabilities that need to be addressed.

Often, our coverage includes access to a crisis coach who can best advise law firms on client notification, needed changes to operational procedures and other general post-fraud business operations advice. First Indemnity’s wire fraud policy protection also often includes coverage for the hiring of a public relations agency to mitigate any reputation damage to your firm caused by related media coverage, as well as coverage for legal fees should the firm find itself threatened by resulting legal action. These latter options are typically bundled in with our cyber liability coverage.

Ensure You’re Insured

The American Bar Association advises attorneys seeking to better protect themselves and their firms from fraudulent financial transactions “review their business-related insurance policies … to determine what, if any, insurance options might be available to provide coverage (indemnity or defense) relating to claims arising from Internet related scam activities.”

By contacting First Indemnity, you can remove the middleman and speak directly to underwriters who intimately understand the coverage we provide, taking the guess work out of what is in your policy. Moreover, buying direct from First Indemnity removes third-party broker fees, ensuring the coverage provided is not only fully explained by experts, but more affordable as well.

For more information about protecting your firm, your attorneys and your clients, please call or email Andrew A. Biggio, Program Manager at First Indemnity at (781)581-2508) or abiggio@firstindemnity.net.

Whether posing as a client, a trusted vendor or even the law firm itself, these scammers assume the identity of a known agent or party familiar to the firm, including firm administrators. Using a trusted person’s email, the scammer will contact someone within the firm and provide information that generally appears legitimate. These scammers will send emails that include wire instructions or changes to wire instructions, directing the recipient to transfer funds to a noted account. Once those funds have transferred, the scammers will typically begin moving the money around, making it difficult if not impossible to trace and recoup lost funds.

In addition to plying these schemes through email, some criminals will be so bold as to call the law firm directly with wiring instructions, again posing as representatives of trusted business organizations or parties to a transaction. Some have gone even further, sending imposters physically to law firm offices to conduct the fraud. Once there, they pose convincingly as parties to a business transaction or even as someone working for the law firm. They also can pose as someone working for a law firm representing other parties to a transaction and provide seemingly legitimate instructions for the electronic distribution of funds. When the dollars are substantial enough, these fraudsters do not lack for gumption.

Steps You Can Take

As instances of wire fraud continue to grow, law firms must be more vigilant to ensure they do not become victims to these schemes.

Every law firm should have documented, verifiable call-back procedures in place to substantially reduce the risk of fraudulent transaction activity. Employing comprehensive data encryption and use of safe pass programs for financial transactions are additional, standard steps law firms should take to protect themselves and their clients. Regular updates to all firm software is also a basic but critical recommendation. Often software updates include patches related to known data security issues – issues scammers look for when hacking into law firm computer systems and email programs.

In addition, law firm leaders should not only have a solid understanding of their own wire fraud prevention measures, but those of third-parties with whom they work. This includes banks, title companies and so forth. Quarterly screening and review of the firm’s wire fraud protection efforts, and those of their third-party vendors, is strongly recommended.

And because these fraudsters don’t simply avail themselves of attorney vulnerabilities, law firms have a duty to educate their clients involved in any financial transaction the firm is handling. Following similar advice as above, firms should caution clients to update their software and verbally verify any transaction requests directly with their attorney before they take any action. Clients should also be on the lookout for red flags such as outside parties directing them to take certain actions or receiving changes to previously agreed upon account numbers for wire transfer agreements, etc. And while not completely fool-proof themselves, sometimes something as simple as using a standard bank draft or check rather than a wire transfer is just the sort of thing that can derail the well-laid plans of these wire fraud schemers.

We’ve Got You Covered

While wire transfer fraud can be a significant exposure for law firms, to date many insurers have kept quiet on the issue as they evaluate the exposure itself.

First Indemnity Insurance Group takes a different approach. Working directly with law firms and attorneys, our philosophy is that your defense is our focus. As such, our broad definition of attorney/covered services contains a larger scope of covered parties and coverage limits, and this often includes wire transfer fraud coverage.

From the moment a First Indemnity client reports a wire fraud transaction, we deploy an entire team to come to the defense of the firm.

A remediation team is typically deployed within the first 8 hours of the report of a fraudulent transaction in an effort to track the funds and, if possible, recoup the finances in question. Timely reporting of the fraud is critical to the viability of this effort.

Next, and often in tandem with the remediation team, our forensic team begins the task of identifying where the breach in your firm’s security took place. The forensic team will identify the breach, patch or repair the breach and conduct a system-wide threat analysis to determine any other additional vulnerabilities that need to be addressed.

Often, our coverage includes access to a crisis coach who can best advise law firms on client notification, needed changes to operational procedures and other general post-fraud business operations advice. First Indemnity’s wire fraud policy protection also often includes coverage for the hiring of a public relations agency to mitigate any reputation damage to your firm caused by related media coverage, as well as coverage for legal fees should the firm find itself threatened by resulting legal action. These latter options are typically bundled in with our cyber liability coverage.

Ensure You’re Insured

The American Bar Association advises attorneys seeking to better protect themselves and their firms from fraudulent financial transactions “review their business-related insurance policies … to determine what, if any, insurance options might be available to provide coverage (indemnity or defense) relating to claims arising from Internet related scam activities.”

By contacting First Indemnity, you can remove the middleman and speak directly to underwriters who intimately understand the coverage we provide, taking the guess work out of what is in your policy. Moreover, buying direct from First Indemnity removes third-party broker fees, ensuring the coverage provided is not only fully explained by experts, but more affordable as well.

For more information about protecting your firm, your attorneys and your clients, please call or email Andrew A. Biggio, Program Manager at First Indemnity at (781)581-2508) or abiggio@firstindemnity.net.

The next major hurdle in client acquisition and retention for law firms will be data security.

According to the American Bar Association’s 2017 Legal Technology Survey, 22 percent of law firms surveyed experienced a data breach. That’s an increase of 14 percent from the prior year.

Clients of all kinds, from large corporations dealing with global financial matters to elderly couples seeking estate planning services are increasingly demanding their law firms demonstrate they are taking a proactive approach to cyber security, and more specifically, protecting client’s data.

Even small law firms hold considerable confidential client information that, if a breach occurred, can cause irrevocable harm to the firm’s clients and permanently stain the reputation of the firm. Firms handling corporate matters, merger and acquisition transactions, personal injury cases and patent and intellectual property firms can be particularly at risk.

The ABA’s Legal Technology Survey found firms with 50 or fewer attorneys were most frequently attacked by hackers, followed by firms with fewer than 100 attorneys and finally by firms of 10 attorneys or fewer. Fortunately, most of these hacking incidents in 2017 resulted in little or no evidence that client data was exposed.

One of the most common approaches for these hackers is to employ spear phishing schemes, designed to have unsuspecting members of the firm or their clients click on seemingly legitimate links within an email to unleash malicious code into the system. According to a survey by the Ponemon Institute, phishing schemes make up 43 percent of attacks on small businesses. That same survey found malware (35 percent), code injection (26 percent) and compromised or stolen equipment (25 percent) are the other means hackers use to breach the security of a small business, or in this case, a law firm.

Ransomware is another major and growing cyber security threat for firms. If hackers are able to gain access to the firm’s network, they can encrypt files and demand a ransom for removing the encryption and returning access to the files. Firms that are subject to ransomware attacks can find themselves completely cut off from client files, billing records and virtually any type of digital resource the firm provides – even email.

Preventative Measures

First and foremost, law firms of every type need to have a strong and proactive information technology or cyber policy, as well as the appropriate expertise to drive that policy. This might mean employing an in-house IT department or, at minimum, hiring an outside consultant to conduct a vulnerability analysis with recommendations for redress. And this policy should be reviewed and, when necessary updated, every six months.

At a more basic level, law firms need to stay on top of their software. Failing to update software on even a single firm computer can provide hackers the means to infiltrate and potentially cripple the entire law firm. Use of data encryption tools as well as antiviral software and virus scanning tools can help to more rapidly identify potential breaches or malicious software or code installed on firm systems. Training employees on the proper manner in which to update software, cloud-based or otherwise, is critical to ensuring the security of firm and client data alike.

Our firm also recommends encrypted, off-site data back-ups as well as physical security (i.e., premises alarms, policies regarding non-firm technology, etc.) be employed.

Where third-party vendors are concerned, law firms should inquire about and review those company’s cyber policies as well as their related liability insurance coverage.

Finally, cyber security training is fast becoming paramount for any organization tasked with the safety of critical information. Ensuring all members of the firm review and are familiar with any and all compliance guidelines and regulations is vital. Developing response plans and protocols for potential data breaches – so that everyone from the managing partner to the receptionist know what steps to take when a breach becomes apparent – will help minimize damage and set the stage for the best possible outcome from any data breach situation. In addition, ensuring the firm’s professional liability insurance adequately considers the firms risk and provides both the coverage and tools to mitigate that risk, can mean the difference between a negative event and a business-ending catastrophe.

Systemic Response

However, even law firms that take all of the necessary precautions and plan accordingly can never be 100 percent safe. The threats posed by hackers continue to evolve to meet and exceed barriers put before them by the cyber security industry.

That said, firms that have taken the proper precautions and employed the appropriate professional liability insurance coverage are best positioned to respond effectively.

Property insured law firms, should they experience a data security breach, will find a team of experts available to them within 24 hours of notification.

These firms, when reporting a cyber security breach, will first be contacted by a breach coach. This trained cyber expert will conduct a rapid review of the situation, and based on the firms existing cyber security plan and policies, deploy additional resources. This typically includes the deployment of a data breach team to fully review both the breach itself and the other technology and software systems of the firm.

The breach team will assess how the breach occurred, patch the system according to prevent further breaches, and conduct a thorough, up-to-date analysis of other areas of the firm’s technology infrastructure to identify any other existing or potential vulnerabilities.

Having appropriate insurance coverage also means the firm will be able to effectively finance and provide credit monitoring and identity theft restoration services, should they be required, to all those affected by the breach. This coverage also provides funds to hire a public relations and/or advertising agency to both mitigate any negative publicity that might result.

Practical Reality

No institution, not a law firm or a Silicon Valley tech company, is impervious to the risks posed by cyber crime. However, there are measures that can be taken as described here that not only are proactive to guard against a cyber breach, but also measures that ensure a swift, timely and appropriate response – with resources – to a breach should one occur.

Most law firms fail to grasp the risk they are exposing themselves and their clients to by not taking a proactive approach. And too often these same firms don’t realize that their existing professional liability insurance does not cover cyber security issues or might only represent one small aspect of a cyber security breach.

According to IBM’s 2018 Cost of a Data Breach study, the average data breach costs an organization approximately $3.86 million. More serious “mega breaches” can reach well into the hundreds of millions of dollars. That same study estimated that each record impacted by a data breach represents a cost of about $148 to the organization that is hacked. The loss or compromise of thousands or more records could be catastrophic to an average-sized law firm.

Having the right policies, the right training and the right insurance to deploy critical resources on day-one of a breach event is rapidly becoming standard operating procedure for businesses of nearly every size. Law firms are no different. A proactive approach to cyber security is the best, and only reasonable defense against the rising tide of cyber crime.