Prepare your firm's disaster recovery plan.

Preparing a Disaster Recovery Plan

Law firms face a variety of risks. There are the natural disaster risks like fire, flood, and snowstorms, And then there are other risks like litigation from property damage or bodily injury or theft and data loss.
The key for firms to rise above all these risks is preparation. Your ability to recover quickly may differ in your firm’s survival.
The following four steps will hopefully help you prepare a sound law firm disaster recovery plan:
  1. Assess your risks. Before creating a plan to deal with potential disasters, you must know what they are. Take some time to think through the potential dangers your firm could face and how they could affect your operations.
  2. Prioritize functions. Deciding the proper order in which operations should be restored is another vital piece to your disaster recovery plan. For law firms, typically, the first two most important functions are ensuring the safety of your students and teachers and then finding a new place to hold class; if necessary, Proper insurance can go a long way towards helping with newly incurred expenses as well.
  3. Develop prevention and mitigation strategies  Once you’ve determined your firm’s most essential functions, the next step is to develop strategies around them to prevent and mitigate the various types of disasters you may encounter.
  4. Test and maintain your plan. As hokey as it may sound, testing out your disaster recovery plan may differ in its success should a real catastrophe occur.
If you are interested in finding out more about how to implement a proper disaster recovery plan for your law firm, please feel free to reach out to our agency, and we’ll be more than happy to help.
As an agency that specializes in law firm insurance, we understand the risks you face daily and how to protect you from them.

Dual-role Employees

A risk management position is an example of a role that, even when filled by a lawyer, frequently involves both legal and non-legal work. “Attorneys can be hired in a myriad of roles not requiring their status as attorneys,” says Richard T. Seymour, former chair of the ABA Section of Labor and Employment Law.

When determining whether a dual-role employee is acting as legal counsel and thus invoking attorney-client privilege protection, courts should focus on function more than a title. Status is not the same thing as role. While risk managers’ views may be partially influenced by their legal degrees, their employer is not necessarily looking for legal advice, as opposed to business advice.

Just because certain positions (like risk management positions) are not part of a company’s legal group and don’t require a law degree doesn’t necessarily reveal the employee’s accurate and complete role. Whether a dual employee is functioning as in-house counsel is not a bright-line test.

Rather than focusing on labels and bright-line tests, the emphasis should be on how the company utilizes risk management employees. There is a lot at stake in determining the applicability of privilege, so the focus should be on whether the company’s employees are reaching out to the risk management director to seek legal advice. Risk managers can deal with critical legal issues.

Bringing Risk Managers Within the Privilege

If the applicability of privilege to a risk management employee is driven by function rather than form, then companies should consider how to characterize and implement those functions. Companies should give serious thought to dual-role employees like risk managers. The intent to preserve privilege cannot be assumed—the company needs to be specific that legal advice is being sought.

Bringing risk management employees within the privilege requires planning and foresight. Place risk management departments under the supervision and control of their general counsel and have the general counsel issue instructions to them. Operational changes may also help a court see the department as more legal than business. These could include: (i) modifying risk managers’ job descriptions to state that the position will involve the company seeking legal advice concerning matters they handle; (ii) requiring risk managers to keep separate files for legal and non-legal matters, and (iii) limiting email discussions on legal matters only to those who need to be involved in legal discussions.

Litigation-related Claims

Litigation errors breed the largest number of malpractice claims reported each year.  In recent years, errors arising out of litigation accounted for nearly 36% of all reported claims. In the vast majority of cases, the statute of limitation on the client’s case expired and there was nothing left to do but assess the damages.

Below are the top three errors that lead to malpractice claims for attorneys.


Lawyers miss deadlines for a variety of reasons, but the most common is the lack of a good calendaring and docket control system. It does not matter whether you use a computerized case management and calendaring system or an old-fashioned tickler box. The most important aspects of a good docket control system are that (a) all relevant dates, whether they be statutes of limitation, appointments, or discovery deadlines be entered into the system and (b) several advance warnings of each deadline be given to the attorney and support persons involved.


One of the biggest mistakes that leads to malpractice suits is the tendency for the plaintiff’s lawyer to file a complaint at the eleventh hour – on the eve of the statute of limitation deadline. Although the lawyer believes he is within the “safety zone” because the limitation period has not yet expired, filing at the last minute is often a risky practice. In many cases, the plaintiff’s lawyer may be unable to perfect service of the summons and must file an alias and pluries summons to keep the action alive.

Sometimes the lawyer and/or his support staff forget to calendar the date the original summons expires. As a result, the action is barred because the statute of limitation expires before the summons is renewed. Other times, the lawyer inadvertently names the wrong defendant, and the opposing party files a motion to dismiss on that basis. If the complaint is filed at the last minute, the lawyer has little or no time left to investigate and determine the name of the proper party before the deadline passes.

For these reasons, we strongly encourage plaintiffs’ attorneys to file the complaint well in advance of the statute of limitation deadline. Filing early will give you more time to fix mistakes such as improper service or naming the wrong party. Hopefully, this extra time will give you an opportunity to correct mistakes before a malpractice claim develops.


Sometimes, even with proper docket control systems, the lawyer fails to determine the correct statute of limitation applicable to the case. As different jurisdictions and types of cases all have different time frames, it’s important to verify the applicable statute of limitation.

Client slipping on a banana peel.

Slips, trips, and falls are one of the biggest claim risks that law firms face.  In fact, according to the National Safety Council, there are more than 25,000 slips and falls EVERY DAY in the United States, and they account for over 16,000 deaths every year.  Firms with considerable foot traffic need to be especially careful to prevent slips from parents, employees, vendors, and contractors.

There are three main components in reducing slips, trips, and falls — walking surface design, maintenance, and awareness training.

Floors, Aisles, and Passageways

Floor, aisles, and passageways are of special concern because they are high-traffic areas. To avoid accidents, floors, aisles, and passageways must be well maintained and well lit.  The following requirements will help ensure these areas are up to standard:

  • Cover all floors with slip-resistant material.
  • Do not wax, polish, or treat floors in any way that compromises their slip resistance.
  • Keep floors clear and clean. Keep every floor, workplace, and passageway free from splinters, holes, loose boards, and protruding nails.
  • Maintain every workroom floor clean and as dry as possible.
  • Ensure aisles and passageways are well lit whenever in use.
  • Securely attach carpet or carpet tile used on a ground or floor surface. Ensure the cushion, pad or backing is firm.
  • Keep carpeting in good repair. Immediately repair or replace loose, worn, or torn carpeting that presents a hazard.
  • Block off any section of a floor, aisle, or passageway in need of repairs. If that is not possible, place warning signs near the area to alert people to the damage.

Stairway, ramps, and change in level

Stairway and ramp fall present a special hazard because the change in level can result in a more severe injury. These falls may occur because people are in a hurry or because they are not being alerted. However, many occur because stairs, ramps, handrails, and guardrails are in substandard condition. Not only can these cause a fall, but they can also prevent a person from being able to stop the fall. They may even make the fall worse by providing a false sense of security. It is important to keep stairs, ramps, handrails, and guardrails in superior condition.

  • Ensure stairways and ramps are well lit when in use.
  • Keep stairways and ramps unobstructed. Construct curb ramps to prevent obstruction from parked vehicles.
  • Install continuous handrails on both sides of stairs.
  • Connect handrails securely and firmly for stairways and ramps. Ensure gripping surfaces on handrails are uninterrupted by newel posts or any other obstructions.
  • Check guardrail openings. To prevent entrapment, openings should be designed to the torso of the smallest user at risk.

Laptop security tips for attorneys.

Laptop Security Part 2

One of the biggest risks for law firms is the lost or stolen data through employees’ laptops.  Last week, we discussed five items that will help prevent your data from being stolen.  This week we want to present the remaining five items.

6. Protect yourself from other users

Connect your laptop through a travel router plugs into an Ethernet jack for additional protection against malicious users connected to the same business center or hotel network.

A travel router acts as a highly effective hardware firewall that helps keep your computer isolated from other users on the network. (Most computers have a software firewall installed, but viruses and other malicious software can disable these.)

7. Check for known vulnerabilities

When you connect your laptop to the internet when travelling, you may not be protected by any security systems your company uses to filter out malicious emails or to keep you from malicious websites. That can result in hackers exploiting vulnerabilities in the software on your computer to infect it with malware.

To reduce the chances of this, it is important to check that your computer’s operating system and other software have been updated with the latest security patches.

8. Don’t lose it in the airport rush

Tens of thousands of laptops are lost in airports every week, and only about one-third are ever returned to their owners, according to research carried out by the Ponemon Institute.

One way to avoid leaving your laptop behind when you go through security or get called for your flight is to attach a proximity alarm to your laptop bag.

These inexpensive devices send an alert to your smartphone if they detect that they have moved more than a few feet away from you.

9. Keep your USB sticks secure

If you carry a USB memory stick to make backups of your work or store other data, it’s important to make sure that it is as secure as the data on your laptop.

You can do this the same way that you can encrypt a computer hard drive.  Once encrypted, the memory stick can only be accessed after supplying a password.

An alternative is to use a USB drive with encryption hardware and other security features built-in, available from companies like IronKey. Its secure USB drives self-destruct if the wrong password is supplied 10 times in a row, making it all but impossible for a thief to access the data it holds by repeatedly guessing the password.

10. Lock it up

Perhaps the most obvious piece of advice, but frequently ignored, is making it hard for an opportunistic thief to walk off with your laptop.

One way to do this is by using a Kensington lock – a metal cable that you can loop around a suitable fixed object and which attaches to any laptop equipped with a Kensington slot.

Kensington locks certainly don’t provide total security, as the cables can be cut or they can be ripped out of the laptop, but it is enough to make many thieves move on to easier pickings.

An employee travels with her laptop.

Laptop Security Part 1

Traveling with a laptop can represent a significant security risk to your law firm. This is because the data it contains is far more vulnerable when you are on the move than when you use a laptop in the relative safety of your office environment.

It doesn’t have to be stolen; because it takes just seconds for a hacker to slip a USB stick into a laptop when it is unattended to install malicious software or steal data. Even relatively unsophisticated hackers can run programs from a USB stick to steal your email account details and email password.

There are steps you can take to reduce the risk. Here are 10 simple things you can do to help keep your laptop secure when you are on the go.

1. Use a password

Ensure that your Windows account is protected with a password. The laptop should be configured so that the password has to be entered every time you turn the machine on or when it comes out of hibernation, sleep, or screensaver mode.

An account password is an effective first line of defense, but only if you avoid choosing a commonly used and easily guessed password. An analysis of passwords stolen from websites during recent security incidents reveals that the most common include “password,” “123456”, “abc123”, “qwerty,” and, bizarrely, “monkey.”

2. Disable booting from CD or USB

It’s easy to change or remove an account password using a free resetting program or guess a short one using a “brute-force guessing” program.

But running these involves booting the computer from a CD or USB stick, so you can increase security by disabling the ability to boot from one of these devices. This can be done by altering the settings in your laptop’s basic input/output system (BIOS) – the built-in software with generic code to control the machine – which can usually be accessed by pressing F1, F4, F10, or Del just after you switch it on.

To ensure that no one can override these settings, password-protect the BIOS so that no more changes can be made to it without entering the password. This can also be configured in the BIOS settings.

3. Encrypt your hard drive

If your laptop is stolen from your car or hotel room, there is usually nothing to stop the thief from removing your hard drive and attaching it to another computer. Doing this bypasses any account password protection and allows them to access your data easily.

The best way to prevent this is to encrypt your laptop’s hard drives. Encrypted drives can only be accessed after the encryption key is supplied – usually in the form of a PIN, a password, or by inserting a USB stick containing the key.

4. Use a virtual private network (VPN)

Publicly accessible networks, such as those offered in airports, conference centers, and hotel rooms, present a particular security risk to laptop users. This is because hackers armed with free programs can connect to the same networks and eavesdrop on emails or copy passwords as they pass over the network.

The best way to protect your data from interception by other network users is to encrypt it while it is in transit between your computer and your office network, using a company VPN.

5. Use secure email

Sometimes it can prove difficult to get a VPN connection working, so it’s prudent to ensure that any email program, webmail system, or cloud-based email service that you use is configured to use a secure sockets layer (SSL) or transport layer security (TLS). This ensures that both your username and password and the contents of your emails are encrypted as they travel across the internet.

Webmail services like Gmail and cloud-based services like Microsoft’s Office 365 are configured in this way by default, but email offered by many internet service providers is not.

Avoiding Malpractice Claims through Time Management

Missed deadlines and time management-related errors are the second biggest cause of malpractice claims at all firms’ sizes.  Over the last decade, they have represented over 17 percent of all malpractice claims.

The most common time-related error is a failure to know or ascertain a deadline – missing a limitation period because you didn’t know it. The good news is that this specific error has declined by almost 50 percent over the last ten years. The bad news is that the other time and deadline-related errors are holding stable or increasing slightly.

While in the longer term, we expect that the new Limitations Act will result in fewer limitations period claims, at this stage, it does not appear to have had any impact. Indeed, it may have resulted in more claims over the last year due to confusion over transition provisions.

A calendar failure is the second most common time-related error (a limitation period was known, but it was not properly entered in a calendar or tickler system). The fourth most common time-related error is the failure to react to calendar error. In this case, the limitation period was known and entered into a tickler system but was missed due to a failure to use or respond to the tickler reminder.

Lawyers at firms of all sizes seem to have a dusty file or two that sits on the corner of their desks for far too long, and this makes procrastination-related errors the third most common time-related error. By count and costs, procrastination-related errors are on an upwards trend.

These deadline and time management errors are easily preventable with better time management skills and the proper use of tickler systems. Practice management software programs such as Amicus Attorney and Time Matters are excellent tools for helping lawyers manage deadlines and tasks and better manage client communications and relationships.

Settle and Sue Trend

A recent trend within the legal industry is the “settle and sue” lawsuit.   A plaintiff in this type of legal-malpractice action is unhappy with settling a prior lawsuit even after the plaintiff voluntarily agreed to settle the case. In classic buyer’s remorse mode, disgruntled clients regret deciding to settle and focus their litigation crosshairs on their former attorney who advised the “negligent” settlement.  In this case, the blame for that mistake is projected toward the former attorney.

An attorney may not be able to absolutely insulate himself or herself from a lawsuit raised by a former client post-settlement. Still, there are tips that one may follow to allow a more favorable opportunity to defend such a claim. Here are some suggestions:

Establish parameters early in the representation. Use an engagement letter to the client to underscore that your objectives are not necessarily to obtain the highest monetary settlement/verdict or to defend the case so that the least amount of money is paid. Rather, the goal of resolving the case is to reach a settlement that the client can understand and accept, given the strengths and weaknesses of the case. In short, don’t promise the moon. Merely promise that you will provide the best recommendations you can.

Get client input. Communicate with your client regularly regarding what his or her expectations of the case are and document his or her potentially evolving impression of the case in writing. Clients change their attitudes and goals frequently. Therefore, an attorney would be prudent to elicit regular input from his or her client to ensure that there is no miscommunication about what constitutes a “fair” settlement.

Fully explain the release. Clients frequently will assert that they could not understand the legalese of litigation and that no one attempted to explain the legal intricacies. Avoid that issue by showing your client a copy of a standard release early in the process and invite a discussion about the ramifications of signing such a release (for example, it may mean there is no admission of liability and one party is releasing all other potential claims). Again, document that this consultation took place.

Describe the mediation process in writing. If a case mediates, ensure that the client understands what the mediation process entails. This will require putting in writing (a) the qualifications and justification for the selection of the mediator, (b) the strengths and weaknesses of the case, (c) the possible settlement range and verdict range of the case, and (d) an acknowledgment that settlement could bypass a better result at trial. Reiterate that the parties are not obligated to settle just because a mediation has been scheduled and paid for by the parties. Rather, the client must be told in writing that they should ask questions if they do not understand any part of the process and should never feel forced to settle.

Alert the client to post-settlement responsibilities. The client must be aware of how any potential liens will affect the collectability of settlement, the time frame for payment, and how the attorney fees may be paid from that settlement. The case is not over the moment an agreement to settle is reached, and the client must be kept apprised of what will be done to bring a final resolution to the case.

A purchaser stricken with buyer’s remorse is consumed by the type of regret evidenced by plaintiffs in “settle and sue” lawsuits. Most jurisdictions agree that settlement of an underlying action does not automatically bar malpractice claims. Regardless of a plaintiff’s motive, the defendant-attorney must understand the law of his or her jurisdiction regarding these types of cases and must take comprehensive steps during the underlying litigation to ensure that there are ample grounds to defend the claim if one arises. The execution of a settlement agreement is usually the final chapter of litigation. At other times, it serves as a prologue for the “settle and sue” lawsuit.

Avoiding Bad Clients

Bad clients can make you question your skills, destroy your reputation, and result in the worst money you have ever made.  Learning how to spot and avoid them can be the best decision you ever make.

All Clients Are Created Equal, Right?


Bad clients have an amazing way of sapping time and energy in ways you cannot bill for.  Remember, you cannot bill for stress. You cannot bill for screaming when you get off the phone. You cannot bill for not sleeping well. You cannot bill for spending an hour talking about why you already wrote off a third of your time and why your bill is reasonable.

Bad Clients Chase Away Good Ones

Bad clients can cause you to turn down good clients for two reasons:

  1. Bad clients have an amazing way of sucking up more time than they should. That means you will probably turn down good clients because you are so busy dealing with your problem client.
  2. The mental fatigue is greater than you realize. When you are in the middle of dealing with a bad client, it can make otherwise good clients seem like bad clients.

It Doesn’t Get Better

You are doing yourself a disservice if you tell yourself, “it can only get better” or “it has to get better from here.” Sure, you can cross your fingers and hope they suddenly start responding to phone calls or emails, but that probably won’t be the case.  Hopefully, your retainer has a provision for these scenarios, and you should not be afraid to invoke it and terminate your representation.

Check the Warning Signs

Now that you understand all money is not created equal, you can sharpen your intake skills to avoid bad clients. Someone might call with what sounds like the greatest case in the world, but your intuition may make you question the case or the client.  Instead of talking yourself into cases, trust your instincts and turn them away.

If you are not ready to live and die by your gut, here are some other warning signs that trouble could be brewing down the road:

  • Your client calls with a  legal emergency but then doesn’t return your call for days.
  • Your client doesn’t know who you are because they have called so many different attorneys.
  • He leaves a message without any specific details, other than he knows “it’s a great case,” and you need to call back immediately.
  • She sends multiple emails with documents before ever talking to you.
  • Makes an appointment and then no-shows or reschedules repeatedly.
  • The client tries to bargain on your rate or explains why you are too expensive.
  • Explains they previously hired another attorney but want to give you a shot.
  • Tells one story over the phone and a completely different one in your office.

That is not an exhaustive list by any means. Those are just some of the red alerts that should warn you about potential issues looming.  This is also the perfect opportunity to bounce the case off another attorney and get some feedback. But never try and convince yourself that any client is a good client. It’s not that simple.

Coverage Denial Due to Colleague’s Misrepresentations

About the only thing worse than getting slapped with a malpractice suit is learning that your firm is not covered despite the professional’s belief that insurance was in place.  Consider the possibility that one of your colleagues’ actions could result in a firm-wide declination of coverage— a scary thought. A recent decision demonstrates how one colleague’s actions could result in a denial of coverage for everyone.

In Illinois State Bar Ass’n Mut. Ins Co. v. Law Office of Tuzzolino and Terpinas, the Illinois Supreme Court ruled that an insurance company could rescind the entire malpractice policy for a Chicago law firm due to one partner’s false response on a renewal application.  In the underlying malpractice suit, one of the law firm defendant’s partners (“Partner A”) was tasked with filing a client’s bankruptcy action.  The suit was dismissed when he failed to timely file.  Instead of promptly reporting the error to the client and the firm’s malpractice insurer, Partner A allegedly lied to the client and represented that the suit was still pending.

Shortly after the client uncovered the truth about the action, Partner A attempted to renew his firm’s malpractice insurance policy.  He submitted a renewal quote and acceptance form to his insurance company on behalf of himself, his law partner (“Partner B”), and the entire firm.  One of the questions on the renewal form asked, “[h]as any member of the firm become aware of a past or present circumstance(s) which may give rise to a claim that has not been reported?”  Partner A responded “no” and signed the verification indicating the information contained in the renewal application was “true and complete to the best of [his] knowledge.”

After the renewal application was submitted, Partner B learned of the impending malpractice claim against Partner A and promptly notified the firm’s malpractice carrier.  A malpractice suit was eventually filed against Partner A, Partner B, and their firm. In turn, the malpractice insurance carrier filed suit against the firm and partners to rescind the policy based upon Partner A’s material misrepresentation.

The appeals court found that the “innocent insured” doctrine protected Partner B.  Partner B was therefore entitled to malpractice coverage even though Partner A was not.  However, the state high court disagreed, holding that the “innocent insured doctrine” is inapplicable in rescission and contract formation cases.  The court distinguished between applying the innocent insured doctrine to scenarios where the insured’s actions may trigger some exclusion in the policy instead of the instant scenario where the policy itself is voided through misrepresentation in the formation of the contract leading to rescission.

The court reasoned that in rescission cases, the focus is the effect of a misrepresentation on the validity of the policy, not the innocence of other insureds.  The court’s decision was fatal to all insureds’ insurance coverage under the firm’s malpractice policy.

The decision also serves as a good reminder to properly detect and report potential claims promptly.  The process of applying for insurance should be treated as a serious and significant event, and a firm should carefully designate a representative who will act thoroughly and truthfully when interacting with the insurer because one dishonest or careless colleague could result in rescission for everyone.