Cyber liability protection for law firms.

Cyber Liability Protection

Cyber Liability protection is a coverage that is becoming more and more important, but very few people understand what the coverage actually is and how it can protect your law firm.   With that in mind, we have put together a quick summary of the standard coverages included in this type of policy.

What Does It Cover?

A standard cyber liability insurance policy provides the following coverages:

  • Coverage for damages to third parties caused by a breach in your network’s security.
  • Coverage for loss resulting from administrative or operational mistakes can include an employee’s acts, business process outsourcing (BPO), or outsourced IT provider.
  • Breach of Privacy coverage includes damages resulting from alleged violations of HIPAA, state, and federal privacy protection laws and regulations.
  • Coverage for expenses resulting from a breach of consumer protection laws such as the Fair Credit Reporting Act (FCRA).
  • Customer Notification Expenses coverage (usually included as a sub-limit) – reimburses for costs to notify the customer of a breach and provide 12 months of credit monitoring.
  • Coverage for acts of a rogue employee causing intentional damage to your firm’s computer network.
  • Public Relations Expenses coverage is available to repair your firm’s reputation due to a data breach.
  • Cyber Extortion reimbursement costs for a range of perils, including a credible threat to introduce malicious code, pharm and phish customer systems, or to corrupt, damage, or destroy your firm’s computer system.
  • Electronic Media peril is broadly defined as an infringement of domain name, copyright, trade name, slogan, or service mark on the internet or intranet site.
  • Interruption expenses include additional costs associated with rented/leased equipment, use of third-party services, additional staff expenses, or labor costs directly resulting from a covered Loss of Digital Assets claim.

If you would like to receive a cyber liability insurance quote for your law firm, please give our office a call and we can help provide you with multiple insurance quotes to fit your firm’s needs.

Client slipping on a banana peel.

Slips, trips, and falls are one of the biggest claim risks that law firms face.  In fact, according to the National Safety Council, there are more than 25,000 slips and falls EVERY DAY in the United States, and they account for over 16,000 deaths every year.  Firms with considerable foot traffic need to be especially careful to prevent slips from parents, employees, vendors, and contractors.

There are three main components in reducing slips, trips, and falls — walking surface design, maintenance, and awareness training.

Floors, Aisles, and Passageways

Floor, aisles, and passageways are of special concern because they are high-traffic areas. To avoid accidents, floors, aisles, and passageways must be well maintained and well lit.  The following requirements will help ensure these areas are up to standard:

  • Cover all floors with slip-resistant material.
  • Do not wax, polish, or treat floors in any way that compromises their slip resistance.
  • Keep floors clear and clean. Keep every floor, workplace, and passageway free from splinters, holes, loose boards, and protruding nails.
  • Maintain every workroom floor clean and as dry as possible.
  • Ensure aisles and passageways are well lit whenever in use.
  • Securely attach carpet or carpet tile used on a ground or floor surface. Ensure the cushion, pad or backing is firm.
  • Keep carpeting in good repair. Immediately repair or replace loose, worn, or torn carpeting that presents a hazard.
  • Block off any section of a floor, aisle, or passageway in need of repairs. If that is not possible, place warning signs near the area to alert people to the damage.

Stairway, ramps, and change in level

Stairway and ramp fall present a special hazard because the change in level can result in a more severe injury. These falls may occur because people are in a hurry or because they are not being alerted. However, many occur because stairs, ramps, handrails, and guardrails are in substandard condition. Not only can these cause a fall, but they can also prevent a person from being able to stop the fall. They may even make the fall worse by providing a false sense of security. It is important to keep stairs, ramps, handrails, and guardrails in superior condition.

  • Ensure stairways and ramps are well lit when in use.
  • Keep stairways and ramps unobstructed. Construct curb ramps to prevent obstruction from parked vehicles.
  • Install continuous handrails on both sides of stairs.
  • Connect handrails securely and firmly for stairways and ramps. Ensure gripping surfaces on handrails are uninterrupted by newel posts or any other obstructions.
  • Check guardrail openings. To prevent entrapment, openings should be designed to the torso of the smallest user at risk.

Laptop security tips for attorneys.

Laptop Security Part 2

One of the biggest risks for law firms is the lost or stolen data through employees’ laptops.  Last week, we discussed five items that will help prevent your data from being stolen.  This week we want to present the remaining five items.

6. Protect yourself from other users

Connect your laptop through a travel router plugs into an Ethernet jack for additional protection against malicious users connected to the same business center or hotel network.

A travel router acts as a highly effective hardware firewall that helps keep your computer isolated from other users on the network. (Most computers have a software firewall installed, but viruses and other malicious software can disable these.)

7. Check for known vulnerabilities

When you connect your laptop to the internet when travelling, you may not be protected by any security systems your company uses to filter out malicious emails or to keep you from malicious websites. That can result in hackers exploiting vulnerabilities in the software on your computer to infect it with malware.

To reduce the chances of this, it is important to check that your computer’s operating system and other software have been updated with the latest security patches.

8. Don’t lose it in the airport rush

Tens of thousands of laptops are lost in airports every week, and only about one-third are ever returned to their owners, according to research carried out by the Ponemon Institute.

One way to avoid leaving your laptop behind when you go through security or get called for your flight is to attach a proximity alarm to your laptop bag.

These inexpensive devices send an alert to your smartphone if they detect that they have moved more than a few feet away from you.

9. Keep your USB sticks secure

If you carry a USB memory stick to make backups of your work or store other data, it’s important to make sure that it is as secure as the data on your laptop.

You can do this the same way that you can encrypt a computer hard drive.  Once encrypted, the memory stick can only be accessed after supplying a password.

An alternative is to use a USB drive with encryption hardware and other security features built-in, available from companies like IronKey. Its secure USB drives self-destruct if the wrong password is supplied 10 times in a row, making it all but impossible for a thief to access the data it holds by repeatedly guessing the password.

10. Lock it up

Perhaps the most obvious piece of advice, but frequently ignored, is making it hard for an opportunistic thief to walk off with your laptop.

One way to do this is by using a Kensington lock – a metal cable that you can loop around a suitable fixed object and which attaches to any laptop equipped with a Kensington slot.

Kensington locks certainly don’t provide total security, as the cables can be cut or they can be ripped out of the laptop, but it is enough to make many thieves move on to easier pickings.

An employee travels with her laptop.

Laptop Security Part 1

Traveling with a laptop can represent a significant security risk to your law firm. This is because the data it contains is far more vulnerable when you are on the move than when you use a laptop in the relative safety of your office environment.

It doesn’t have to be stolen; because it takes just seconds for a hacker to slip a USB stick into a laptop when it is unattended to install malicious software or steal data. Even relatively unsophisticated hackers can run programs from a USB stick to steal your email account details and email password.

There are steps you can take to reduce the risk. Here are 10 simple things you can do to help keep your laptop secure when you are on the go.

1. Use a password

Ensure that your Windows account is protected with a password. The laptop should be configured so that the password has to be entered every time you turn the machine on or when it comes out of hibernation, sleep, or screensaver mode.

An account password is an effective first line of defense, but only if you avoid choosing a commonly used and easily guessed password. An analysis of passwords stolen from websites during recent security incidents reveals that the most common include “password,” “123456”, “abc123”, “qwerty,” and, bizarrely, “monkey.”

2. Disable booting from CD or USB

It’s easy to change or remove an account password using a free resetting program or guess a short one using a “brute-force guessing” program.

But running these involves booting the computer from a CD or USB stick, so you can increase security by disabling the ability to boot from one of these devices. This can be done by altering the settings in your laptop’s basic input/output system (BIOS) – the built-in software with generic code to control the machine – which can usually be accessed by pressing F1, F4, F10, or Del just after you switch it on.

To ensure that no one can override these settings, password-protect the BIOS so that no more changes can be made to it without entering the password. This can also be configured in the BIOS settings.

3. Encrypt your hard drive

If your laptop is stolen from your car or hotel room, there is usually nothing to stop the thief from removing your hard drive and attaching it to another computer. Doing this bypasses any account password protection and allows them to access your data easily.

The best way to prevent this is to encrypt your laptop’s hard drives. Encrypted drives can only be accessed after the encryption key is supplied – usually in the form of a PIN, a password, or by inserting a USB stick containing the key.

4. Use a virtual private network (VPN)

Publicly accessible networks, such as those offered in airports, conference centers, and hotel rooms, present a particular security risk to laptop users. This is because hackers armed with free programs can connect to the same networks and eavesdrop on emails or copy passwords as they pass over the network.

The best way to protect your data from interception by other network users is to encrypt it while it is in transit between your computer and your office network, using a company VPN.

5. Use secure email

Sometimes it can prove difficult to get a VPN connection working, so it’s prudent to ensure that any email program, webmail system, or cloud-based email service that you use is configured to use a secure sockets layer (SSL) or transport layer security (TLS). This ensures that both your username and password and the contents of your emails are encrypted as they travel across the internet.

Webmail services like Gmail and cloud-based services like Microsoft’s Office 365 are configured in this way by default, but email offered by many internet service providers is not.

Protect your building with equipment breakdown insurance.

Equipment Breakdown Insurance

When equipment is working, we take it for granted. But when something breaks down, things can quickly grind to a stop.For example:

  • A power surge could damage your computer network.
  • Your electrical system could short circuit, causing your business to shut down temporarily.
  • An employee error might damage your only production machine.

Nationwide understands that damaged equipment can mean lost income. That’s why we offer broad insurance for equipment breakdowns to keep business running smoothly.

What equipment breakdown insurance covers

Also known as “boiler and machinery” insurance, equipment breakdown coverage protects against breakdowns caused by power surges, motor burnout, boiler malfunction, and operator error.

It can pay for:

  • The cost to repair or replace the damaged equipment
  • Costs associated with the time and labor to repair or replace the equipment
  • Business income losses when a covered breakdown causes a partial or total business interruption
  • Other expenses incurred to limit loss or speed restoration
  • The cost to replace spoiled stock or materials

What if you don’t own your building?

Even if you lease your building or use equipment that belongs to others, you still need equipment breakdown insurance.

Let’s say you run a restaurant in a leased space, and the electrical panel shorts out, killing power to the heat, air conditioning, lights, and refrigerators for a couple of days. Although the building owner is responsible for making the repairs to the panel, you’ve lost customers and income. Equipment breakdown insurance helps pay for that lost business income.

What if an equipment problem off-site impacts your business?

Sometimes, equipment breakdowns at other locations can cause significant losses to your business.

For example, if you run a small business and depend on your website for orders, the chances are that an independent Internet service provider hosts your site at another location. What happens if that location loses power or experiences damage to its equipment, causing an interruption of your web presence, resulting in a loss of orders? Equipment breakdown coverage helps pay for lost business income when a key supplier’s equipment breaks down.

Will your property insurance or warranties cover damage to equipment?

Most standard property insurance policies do not provide insurance for equipment breakdown, and warranties cover only so much.

Warranties are restrictive and typically cover new equipment for a determined length of time and specific types of product failures. Also, warranties don’t pay for lost business income or equipment damage due to operator error, the cause of many equipment breakdowns.

How much should you buy?

When determining the amounts and limits of coverage, it’s important to look beyond the face value of the insured equipment and consider all the situations that could occur. What if damage occurs to other property as a result of an equipment breakdown? What if parts for the damaged equipment are not readily available? What if you are closed for an extended period of time? You can imagine how equipment breakdown losses could really add up.

Directors and officers liability protects law firms.

What is directors and officers liability insurance?

Directors and officers liability insurance protects past, present and future directors and officers of for-profit or nonprofit companies from damages resulting from alleged or actual wrongful acts they may have committed in their positions. The policy provides protection in the event of any actual or alleged error, misstatement, omission, misleading statement, or breach of duty. In addition, some policies extend the same coverage to employees.

D&O insurance is needed when a board of directors is assembled. Investors usually require that you have D&O insurance as part of the conditions for funding your company.

Why buy directors and officers liability insurance?
Claims from employees, clients and stockholders may be made against any company and against the directors and officers of a company. Since a director or officer can sometimes be held responsible for acts of the company, most directors and officers will want to be covered rather than risk their personal assets.

Investors and members of the board of directors will not risk their personal assets to serve as a corporate director or officer without directors and officers insurance coverage.

What does D&O insurance cover?
Criminal, administrative, civil, and regulatory proceedings based on actual or alleged acts, errors, omissions, misstatements, neglect, or breach of duty committed or allegedly committed by a director or officer have been covered with directors and officers liability insurance.

A directors and officers liability insurance policy covers defense expenses and financial damages or settlements. The policy does not cover wages, fines, taxes, penalties, or multiplied damages.

Coverage limits
Coverage limits are available from $500,000 to $1,000,000 per claim and annual total limit, with a $5,000 deductible per claim.

D&O liability insurance vs. professional liability insurance or errors and omissions coverage.
D&O insurance is often confused with professional liability insurance or errors and omissions coverage. The two are not the same; professional liability/errors and omissions coverage applies to performance failures and negligence with respect to products and services, not the performance and duties of the executive team (as with directors and officers liability insurance).

Attorney signing a contract.

Why is forgery insurance needed as part of your crime insurance?

According to the National Check Fraud Center, check fraud and counterfeiting are among the fastest-growing problems affecting the nation’s financial system, producing estimated annual losses of $10 billion, and losses continue to rise at an alarming rate annually.

Forgery insurance or alteration coverage protects against third-party forgery or alteration of written checks, bank drafts, or similar instruments made or drawn by you or drawn on your account(s). Coverage only applies to outgoing financial instruments.

The following are common examples of claims under forgery and alteration coverage:

  • A third party alters or forges a check or draft made or drawn in your name to be payable to a fictitious entity.
  • A third party steals your blank checks and makes the drafts payable to various other entities or individuals.
  • A third party alters the amount of a check or draft.

Important Note: Coverage does not apply if the forgery or alteration was caused by an insured or an employee, including but not limited to officers, directors, and trustees. Employee dishonesty coverage must be secured to protect from this type of loss. Also, credit, debit, or charge card forgery coverage is generally not covered unless added by endorsement.

Insurance buyers often assume that if a bank cashes a forged check, the check cannot be charged to the customer. This is not necessarily the case. Under the Uniform Commercial Code, which governs the bank’s liability for cashing a check on a forged signature, the bank customer is required to exercise reasonable care and promptness in examining bank statements and canceled checks to discover unauthorized signatures or any alteration and must promptly notify the bank if this is discovered. This duty becomes operative when the bank sends the statement and canceled checks to the customer.

If the customer fails to discover and report forgeries and alterations, the customer is precluded from seeking reimbursement from the bank for any unauthorized deductions from the customer’s account.

Under the Uniform Commercial Code, the statute of limitations for suing the bank is one year on forged signatures or any alteration to a check. That one year runs from the time the statement was made available to the customer. Because of the time pressures, business bank statements are not always reviewed promptly, if at all.

Forgery and alteration is relatively inexpensive coverage to protect against this type of loss, typically costing a few hundred dollars for a $100,000 limit. Ideally, this coverage should be made part of every commercial insurance program.

Attorneys meeting to discuss their experience mod.

Experience Mod Explained

An experience mod commonly called an “e-mod,” is an important factor used to adjust your workers’ compensation premium.

What is an experience modification factor?

An experience modifier (e-mod) is a multiplier applied to the premium of a qualifying policy and provides an incentive for loss prevention. The e-mod represents either a credit or debit that is applied to the premium before discounts. If your company’s loss experience is more costly on average than other company’s loss experience in your industry, the result is a debit e-mod or surcharge on premiums. If your company’s experience is less costly than the industry average, you will receive a credit e-mod, or discount, on your premium.

Who determines experience ratings?

The National Council on Compensation Insurance (NCCI), based in Florida, computes experience ratings for all businesses and industries. The same factors are used to calculate each employer’s experience modification regardless of which insurance company provides coverage. The e-mod stays with the business even if the business is sold.

Who qualifies?

All employers whose premium before discounts averages $4,000 or more a year for a three-year period are eligible for an experience modification rating. Approximately 90 percent of workers’ compensation premium dollars come from experience-rated policies.  Employers with less than $4,000 in premium are not experience rated because of their low exposure to claims.

What years are included in e-mod calculations?

E-mods are based on claims costs for a prior three-year period. An interval year is incorporated between the current year being rated and the three-year period. The interval year is the year previous to the current year and is excluded because ultimate claims costs and final premium amounts are not known for that year when the e-mod is being calculated.

How is an e-mod calculated?

  • The e-mod is determined by comparing actual losses to expected losses for the experience period based on the employer’s industry. In other words, clerical employees are compared only to other clerical employees, etc.
  • The number of person-hours worked is used to indicate the employer’s audited premium dollars since an employer with 20 employees would be expected to have more claims than an employer with two employees. For example, a roofing business is only compared to other roofing companies with approximately the same gross premium amount.
  • The formula adjusts the actual losses used to give frequency greater weight than the severity of an injury or illness. For example, six claims that occur over a three-year period totaling $20,000 have a greater impact against the e-mod than one claim in three years totaling $20,000. Again, both industry and business size are considered.
    • Claims with zero costs are not included in the e-mod calculation.

How can I lower my e-mod rating?

A sound safety program, a return-to-work plan, and loss prevention procedures will lower your e-mod and are crucial to helping you effectively manage your workers’ compensation costs. The following example compares two companies who perform the same services and employ the same number of workers:

Attorneys sitting in an office.

EPLI Insurance Overview

Did you know that studies show that 1 out every 10 law firms will face some employee-related litigation?  Because of this, we recommend that all firms purchase Employment Practice Liability Insurance (EPLI).  EPLI Insurance protects your firm from the following types of claims scenarios:

  • Sexual Harassment
  • Wrongful Termination
  • Age Discrimination
  • Racial Discrimination
  • Religious Discrimination
  • Disability Discrimination
  • Sexual Discrimination
  • Hostile Working Environment
  • Breach of Contract/Misrepresentation
  • Harassment & Emotional Distress

More important than the coverage provided for the scenarios above is that your EPLI policy will also pay for the defense costs associated with defending you in the claim.  In fact, the defense costs can easily cost as much, if not more, than the claim payment itself.

Claims Scenarios

Here are a few claims scenarios that have happened to law firms where EPLI Insurance was involved:

Sexual Harassment: Repeated comments made by an office manager resulted in a $350,000 payout to three former employees alleging sexual harassment.

Wrongful Termination:  A human resources director was advised to terminate an investigation of allegations of sexual harassment by a partner.  She was subsequently terminated from her position and was paid $300,000 in her wrongful termination suit.

Age Discrimination: A 62-year-old teacher successfully sued her employer for age discrimination because the law firm failed to document the employee’s poor performance properly. The representative won over $100,000 in the suit.

Disability Discrimination: When a law firm told a disabled job applicant that they had no openings for persons in wheelchairs, they found themselves with a $3.5M jury verdict.

If you would like to learn more about obtaining an EPLI policy for your firm, please feel free to give our office a call.

It's vital law firms implement return-to-work programs.

Return-to-work Program Benefits

Benefits of an effective early return-to-work program accrue to both a law firm and its injured employees. The law firm realizes significant cost savings by minimizing lost productivity, resource replacement costs, workers’ compensation indemnity benefits, and medical treatment costs. The employee benefits from reduced stress and a feeling that their employer cares for their physical health and values what they bring to the workplace.

Chief components of effective early return-to-work programs

The most effective return-to-work programs contain the following components or employ the following best practices:

  • Executive mandates are issued to departments, requiring that they temporarily accommodate injured workers by physical restrictions determined by a physician.
  • Dedicated return-to-work providers are responsible for coordinating early return-to-work among the treating medical providers, injured workers, department managers, and the third-party claims administrator.
  • Medical providers and third-party claims administrators must also be held accountable for their efforts to assure the program’s success.
  • The workers’ compensation manager, perhaps with the assistance of the third-party claims administrator, conducts education sessions and meetings to train department managers in the importance of early return-to-work.
  • Medical providers are required upon the completion of the first office visit and each subsequent office visit to convey physical work restrictions to the return-to-work coordinator (sometimes via the third party administrator) for accommodation or modification of a prior accommodation.
  • Modified duty is accommodated for a limit of either 60 or 90 days, subject to possible extension if the medical provider and law firm believe that the employee continues to improve physically.
  • As modified positions are identified, a bank of a modified job description.