As clients put more pressure on firms to show they have a proactive information security plan, law firms are prioritizing technology risk management and cyber liability insurance. The pressure is coming as data breaches are on the rise and supply chain risk management and due diligence is becoming a hot topic. While the term cyber security alone may scare you, the task of protecting your environment is not as daunting as it may seem. Because of the increased awareness, more firms are purchasing cyber liability insurance and are taking all available precautions to protect themselves and their clients from the escalating risk to sensitive information which has been entrusted to their care.
This is an excerpt from an article that was published in the KCMBA Counselor and written by Travis Holt. To read the article, click here.
I’d guess that before this weekend, Kate Upton and Jennifer Lawrence hadn’t ever seriously thought about the impact of a data breach. They’re not alone! It was announced this morning by many sources that there appears to be a credit card breach at Home Depot bigger than Target. Last week 4.5mm healthcare records were compromised in a breach of one of our largest healthcare systems and locally in Kansas City, Children’s Mercy Hospital lost 4,500 employee records. Each day, a few more people are starting to take this risk seriously but we still have a long way to go.
What is your law firm doing to protect your individual attorneys and the firm from this exposure? In addition to the breaches mentioned above, Goodwill Stores announced yesterday that they suffered a breach due to the failure of a third party vendor. Do you know what vendors have access to your data? If they’re responsible for a data breach, will they cover the costs of the breach or are you stuck with that?
These are all questions you should address and also understand if and how your legal malpractice policy will respond to a data breach. If it does provide protection, it will be incredibly limited and you may need to explore a cyber liability insurance policy to supplement your legal malpractice coverage.
There was a great article today in Law Technology News on the importance of cyber risk management and the impact a good risk profile has on the insurance costs. Judy and Ben hit the nail on the head and in addition to the risk profile, a firm who properly transfers risk to their technology vendors is much more attractive to an insurer.
If you think of all the technology vendors and subcontractors you have, ask yourself if you know whether or not they’ve accepted the exposure of a loss of your data or outage of a hosted platform. Most likely the answer is no! And even if they have accepted the liability, have you asked them for the right insurance coverages and done the proper due diligence on those insurance products? This is a process that every law firm, and other businesses who use technology, should go through to properly understand their technology risk.
You can read the full article here from Law Technology News.
There are many pitfalls lawyers should avoid while traveling that will help to protect your law firm’s sensitive data. In an article in the security current, they discussed a trend of hackers targeting hotel business centers. Members of a criminal gang were recently arrested in the Dallas Ft. Worth area for installing keylogger malware on computers in hotel business centers. In addition to this risk, it’s very easy for lawyers and other professional service providers to have their data compromised when using public wifi networks in hotels, airports, or coffee shops. In addition to the hassle of dealing with a loss of sensitive information, your law firm could be subject to regulatory fines and penalties or could be subject to a legal malpractice claim from one of your clients.
Some of the things you can do to protect your law firm’s information while traveling are:
- Make sure your lawyers cell phones have mobile hotspots enabled. These networks are much more secure than public wifi networks.
- Make sure your e-mail and file sharing systems are secure and encrypted.
- Educated your lawyers on the alternatives to using public wifi and the impact a breach can have on your firm.
- Maintain a comprehensive breach response strategy in the event data is compromised and understand how your legal malpractice policy will respond if at all.
There are always debates about the pros and cons of moving to the cloud and while we have been in favor of law firms making the move for the past 3 years, many others are now coming around. Recently there was an interesting article in Law Technology News, called “5 Reasons to Virtualize Law Firm Computing” (click here for the entire article) that outlined their Top 5 reasons to move to the cloud. While most of the Top 5 are things we’ve heard before like profitability, ease of use, and product offerings, security cracks the list at number four. This is a controversial one as we talk to firms frequently who feel like outsourcing makes their data less secure and reliable. We understand this sentiment but agree that virtualization and moving to the cloud makes your environment more secure.
A vendor who is in the business of providing cloud services to law firms should spend a significant amount of money on security, more than most law firms could find room in the budget for. Additionally, there are many ways you vet your potential technology vendors to find out which ones take data security seriously and which don’t. The alternative for most firms is to buy all of the equipment and hire an IT manager or outsourced IT services provider to manage the on site environment. In most cases, this leaves the keys to the IT kingdom in the hands of one individual which is a significant vulnerability for any law firm. As you’re thinking about moving to the cloud, security should be one of the first things you consider and should definitely be a positive in almost every case.
To read the entire article and see the LTN Top 5, click here.
Mobile breaches have become a growing area of concern in the law firm community. With many firms choosing to allow attorneys and employees to use their own devices, managing those devices is becoming a big challenge. According to a recent study done by Gartner, they estimate that by 2017, 75% of mobile device breaches will be a result of the faulty configuration of applications. As breaches increase and more firms move to allow attorneys to bring their own devices, how will you regulate the use of the applications?
The three steps all firms should take are:
- Create and implement a BYOD policy
- Educate your employees on the risks associated with mobile devices
- Install a mobile device management platform and require the enrollment of all mobile devices
For more information on the Gartner study, click here. Additionally, there was a great article from Law Technology News titled, “Do BYOD Risks Outweigh Benefits?” that you can read here.
According to a recent Law360 article, weak engagement letters are to blame for a flurry of recent legal malpractice claims. The article, which you can read here, discusses the use of engagement letters in recent legal malpractice claims and says in 65% of the cases, an engagement letter wasn’t used. It goes on to say that in only 5% of the cases, there was a well drafted engagement letter that limits the law firms liability.
While there are many things we recommend law firms to do craft strong engagement letters, here are three tips:
- Do not provide any guarantees
- Be very clear with the client about the project you were hired for
- If the client is new to the firm, get a retainer and make sure it is substantial