Feb. 19, 2020 – Cyber threats continued to evolve in 2019 – as did cyber protection and the importance of cyber liability insurance.
As a leader in your firm, it’s imperative that you stay on top of current trends in this space to keep your organization, your employees, and your clients protected.
What to Watch for in 2020
Cyber law will be rewritten to be more in line with European standards. This shift will provide more consumer protection at the state level, and increase frequency of investigations and penalties. Ultimately, your firm will carry the exposure of client data and how it is managed, or face stiff consequences from regulators.
Derek Laczniak is director of cyber liability at M3 Insurance, Madison, a cyber insurance member benefit business partner of the State Bar of Wisconsin. Laczniak serves as a cybersecurity strategist and advisor for organizations of all sizes.
Underwriting of cyber liability will include increased scrutiny of high exposure industries like legal firms. 2019 cyber losses have generated a need for a more stringent underwriting process. Expect that insurance carriers will look to increase rates for accounts that are not at risk or where the premium is small enough to be hidden. To prepare your firm, focus on implementing best practices for cybersecurity.
Ransomware is still a significant threat. Today’s ransomware has introduced opportunity to a much larger field of bad actors who are armed with software that can be dispatched as easily as attaching a picture to an email. This unique combination of ease of entry and high reward (i.e. your firm’s and clients’ personal data) led to triple digit frequency increases in 2019 and reported payments of $10 billion.
Your data is still your data in the cloud. One of the perceived advantages of migration to cloud based storage is the expectation that the cloud’s security is better than what you can achieve on your own. However, most customers have very little protection against cloud breaches. Typical contracts include one sided indemnification and a failure to communicate with customers in the event of a security incident. Work with your insurance advisor to review contracts and protect your firm and your clients.
Outlook users should be aware of compromising convenience over security. Users need to be mindful of the use of Outlook Web Access, as it allows users to log into business email from any web connected computer. Your firm can configure Outlook, oftentimes for free, to force enhanced logging. Logging is the primary tool that investigators use when reviewing how a security incident occurs, it allows forensics professionals to review every action that was taken on a particular machine or in a specific network environment. Without the logging detail, investigations can be limited in determining the approximate cause of the incident. This small step remains critical for the investigation of data compromises.
Multi-factor authentication will emerge as the standard. Providers have emerged to offer dual authentication at low costs and make access to this critical tool available to the masses. Using multi-factor authentication can eliminate most email-based attacks which continue to rise in the cyber liability landscape.
Staying Current
2020 is shaping up to be another important year for law firms when it comes to cyber liability. With your clients’ data on the line, it’s vital that you stay current on the cyber landscape and put the proper procedures, policies, and best practices in place for protection.
As a State Bar of Wisconsin member, you have an extensive system of support at your fingertips to help you stay current on cyber liability. Check out these resources:
Keep an eye out for articles on cyber liability in Wisconsin Lawyer™ magazine and WisBar’s InsideTrack. Recent articles include:
-
“Law Firm Cyber Security: Start Simple,” InsideTrack, Oct. 2, 2019
-
“When Ransomware Strikes: Strategies to Prevent and Recover,” Wisconsin Lawyer, October 2019
-
“Scams are Gaining in Sophistication: Are You Protected?,” InsideTrack, Sept. 18, 2019
-
“Once Upon a Cybercrime: Are You Covered?,” Wisconsin Lawyer, July 2019
-
“13 Cybersecurity Questions Lawyers Often Ask,” Wisconsin Lawyer, June 2019
Find out more about cybersecurity insurance. The State Bar is partnered with M3 Insurance, a cyber insurance member benefit business partner. Or reach out to your insurance partner for assistance in reviewing your current cyber protection and for timely advice on cyber liability trends.
Get assistance by calling Practice411™, the State Bar’s practice management assistance program, for a confidential consultation at (800) 957-4670.
Turn to the State Bar to Help You Manage and Protect Your Practice
As a State Bar of Wisconsin member, you have an extensive system of support at your fingertips. In partnership with M3 Insurance, members can obtain greater protection with cybersecurity, option bond or crime policy, and expanded bond coverage.
Cybersecurity insurance. Coverage is tailored to your firm’s size and needs and can include these areas: cyber extortion (such as ransomware), business interruption, data reconstruction, website liability, breach response mitigation expenses, and more.
Optional bond or crime policy. This coverage helps lawyers comply with the amended trust account rule, SCR 20:1.15(f)(3)c.2. Coverage encompasses employee dishonesty, forgery or alteration, computer fraud, money orders and counterfeit currency, funds transfer fraud, partners inclusion endorsement, social engineering fraud, and loss of clients’ property.
Expanded bond coverage. Expanded bond coverage is available for the following areas: court bonds (appeal, attachment, bankruptcy trustee, injunction, receivership, release of lien, replevin, sheriff indemnity, TRO); probate bonds (administrator, conservator, guardian, trustee); notary bonds (individual); notary errors and omissions (individual or business); and title agency or agent bond.
See 1, 2, 3 … New Member Benefits to Help You Manage and Protect Your Practice, InsideTrack, Sept. 19, 2018.