Aaron Johnson, Author at Lawyers Insurance Alliance

Law firms are being targeted more and more for cyber attacks. As was evidenced by a recent attack on 50 prestigious law firms targeted by Russian hackers. The targeted firms tended to be transactionally oriented; the apparent plan of the hackers was to obtain confidential, market-moving information and trade on it.

To help keep you firm safe, here are five tips to keep your firm safe.

1. Backup, backup, backup — early and often.

You need to have your data backed up in case you suffer some misfortune, such as a fire or flood in your office or a massive hack of your computer system. Backing up to the cloud is a increasingly popular option, but be careful when selecting a service. Some services are more vulnerable than others.

2. Use two-factor authentication.

Two-factor authentication is an increasingly popular and effective way to protect the security of online accounts. Yes, it can be a pain since it’s slower and more cumbersome than simply entering a single password. But the security it offers can be extremely beneficial.

3. Consider using a password manager.

Ideally, you should have a different password for everything you log into. Most often, though, that’s simply not practical. Password managers can help keep you passwords organized and secure.

4. Educate your colleagues about cybersecurity.

You might be savvy about cybersecurity, but all it takes is one weak link in your organization to throw your computer system into chaos. For example, a Florida firm was recently hacked after a secretary clicked on an email attachment that was labeled “résumé for your review” but was actually malware.

5. Don’t let the perfect be the enemy of the good.

Unfortunately, you can never be 100 percent secure. A good starting point: an assessment of your computer systems to figure out what your potential issues and biggest risk points are. This is what a number of law firms are now doing in the wake of the hacking reported, often with the help of outside consultants or technology firms.

Lawyers wear many hats; the key is not to wear them all simultaneously. Many lawyers are well versed in areas outside of the law and can be a source of non-legal knowledge for clients. However, lawyers need to be mindful when their services extend beyond the traditional landscape of legal advice. Mixing business interests and legal advice can easily get you in hot water if the transaction goes awry. Take for example the case of Burk & Reedy, LLP v. Am. Guarantee & Liab. Ins. Co., in which a professional liability insurer denied coverage for an attorney that was involved in both the legal and business aspects of a transaction.

The case stemmed from a failed business transaction. Plaintiff (an attorney) was a co-managing member with ownership interest in a Company. Plaintiff executed an agreement with an outside investor (Investor), whereby Investor was to secure collateral for a loan to the Company in exchange for a percentage of ownership in the Company. Investor ultimately used his personal property as collateral and secured the loan for the Company. The Company however defaulted on the loan and the lender foreclosed on Investor’s real property in order to repay the loan.

Investor sued Plaintiff to recover the money and real property he lost in the business venture, alleging among other things that Plaintiff committed legal malpractice. Investor alleged that Plaintiff provided legal advice in connection with the decision to invest; Plaintiff communicated his consent to act as counsel for Investor with respect to obtaining the loan; Plaintiff breached the Rules of Professional Conduct by acting as counsel to the Company while maintaining ownership in the Company, and Plaintiff conducted business with his client, Investor.

Plaintiff was insured under a professional liability insurance policy. The insurance policy specified that the insurer would pay claims “based on an act or omission in the Insured’s rendering or failing to render Legal Services for others.” However, the policy also contained two important exclusions. These exclusions precluded coverage for any claims based upon or arising out of 1) the insured’s capacity or status as an officer, director, partner, trustee, shareholder, manager or employee of a business enterprise and 2) the alleged acts or omissions by any insured for any business enterprise in which any insured has a controlling interest. The insurance company refused to defend Plaintiff because of these two policy exclusions.

Plaintiff then filed a separate action against his insurance company. The court found that the malpractice claim clearly fell within the policy exclusions. As the court stated the “allegations demonstrate that [Plaintiff] simultaneously wore two hats while advising [Investor] to invest in [the Company]—that of an attorney and that of a managing member of [the Company].” The court further found that Plaintiff not only provided legal assistance to Investor during the loan application process, but also simultaneously engaged in conduct that advanced the business interests of [the Company]. The court concluded the insurer did not have a duty to defend or indemnify Plaintiff in the underlying action.

This case serves as a good reminder that attorneys need to be cognizant of their ethical obligations at all times. Failure to recognize when the lines are becoming blurred can not only be an ethical violation but as in this case result in lack of malpractice coverage.