02 Apr 2019

Insurance companies are among the growing chorus of those who say it’s not a matter of if your law firm will get hacked, it’s a matter of when. And that has given rise to more carriers offering cybersecurity insurance.

“If I could convince people of one thing, it’s that security by anonymity is false. It’s not your typical hacker in a basement wearing a hoodie that’s trying to get into small law firm’s systems,” Patrick Brown, Lawyer’s Mutual Director of Information Security told me in a recent interview. “It’s really bots circulating out there. It’s any home appliance, computer, tablet or smartphone connected to the Internet that gets infected with malware that goes around looking for unlocked doors.

Cyber Insurance
One of the common things we see is a firm will want cyber coverage, but what they’re really asking for is protection from the wire fraud scams that have become so prevalent in the last five or six years. A standard cyber insurance policy is a breach policy that covers first and third-party calls associated with the aftermath of a data breach,” said Brown. “If coverage for funds transfer fraud is desired, some carriers require dual authorization for all wires over $25K.

Training
If a criminal tricks an attorney or one of the firm’s employees into voluntarily giving away your money, your client’s money or sensitive information, such as a spoofed phishing e-mail from a colleague it’s called ‘social engineering fraud’. This is not covered by most cybersecurity insurance policies. It really comes down to a matter of training.

I tell law firm clients to train their employees not to click on everything that looks interesting. I recommend this training be done with your staff at least weekly in small bite-sized chunks; just a few minutes per week, and then performing simulation tests to track which staff members are absorbing the material properly and which staff members are presenting a risk to your firm.

Prevention
I recommend vulnerability tests and penetration tests to score your practice cybersecurity and fill the gaps. Penetration tests can typically be done in the $5,000 to $15,000 range depending on the size of the firm and the time spent on each IP address/system.

Most insurance carriers will require a law firm to have basic cybersecurity, which they should already have in place such as using complex passwords. They should be changing their passwords every couple of months, not using the same passwords anywhere else. Enable multi-factor authentication. Encrypt everything; websites, storage, backups, email and keystrokes. Use commercial antivirus software and email. Avoid free software or free services such as Gmail, Yahoo, AOL, etc. Perform backups as often as possible and test them.

Some law firms may be depending on the vendors of practice management software to keep things secure. Hopefully they’ve implemented encryption on, at the very least, their mobile devices. But it’s not the vendor’s responsibility, it’s the law firm’s.

Do Balancing Analysis
“While the sky is the limit in terms of what you can spend on cybersecurity, it often comes down to dollars and cents. How sensitive is the information you are protecting and what is the damage caused by a breach versus the cost and inconvenience of taking the necessary security measures? You have to do that balancing analysis for your client’s data,” said Brown.

“Most small companies like law firms who have had a cyberattack go out of business within six months because they’ve had a loss of trust and a loss of reputation with their clients. In the event of a breach, the cost per record is $200 for the forensics, the recertification and everything else. Firms may have records going back 30 or 40 years. High volume firms such as real estate, personal injury and criminal defense firms could have tens of thousands of clients and millions of dollars in costs just responding to the breach,” Brown told me.

Even if they have insurance, the policies for small firms cap out at one to two million dollars. It’s so important to spend a little money up front to reduce the number of breaches,” said Brown. “It seems that some small firms are still reluctant to purchase cyber insurance policies that cost somewhere in the $ 2,000 range. That’s a lot of money for some small firms. The average cost for a breach is half a million dollars; so, it’s $2,000 now or half a million dollars later.”

Clearly your best defense from a cyberattack is a three-prong approach that includes training, prevention and cyber insurance.

Schedule an Appointment

Schedule an Appointment

    Our clients are awesome!

    Based on 55 reviews.
    Jeremy Richards
    Jeremy Richards
    2020-03-13
    Petronella provides great advanced digital marketing and automation solutions for my business!
    Kate Swenson
    Kate Swenson
    2020-02-14
    Highly recommended for CMMC certification assistance! Excellent and affordable options for secure data hosting on local infrastructure. 5 stars!
    Tom Matzen
    Tom Matzen
    2020-01-25
    Petronella Technology Group helped us setup our sales and marketing automation, cybersecurity and compliance for our new Blockchain startup. Great to work with! Craig in particular really knows his stuff, can translate into non-tech speak, and has wisdom beyond his years. Highly recommend them.
    Justin Summers
    Justin Summers
    2020-01-14
    Craig is awesome! He is very professional and efficient with his work. I would definitely recommend Petronella Technology to anyone who needs state of the art service.
    Blake Rea
    Blake Rea
    2020-01-14
    Craig is an expert in his field. Impressed by his knowledge, A true pioneer in Cybersecurity. My business is safer thanks to Petronella Tech!
    Robert Friedman
    Robert Friedman
    2020-01-10
    For the last five years Craig has been the Contributing Editor for Cybersecurity for NC Triangle Attorney Law Magazine which I publish. His base of knowledge is always leading edge, pragmatic and early to understand for our readers who are not techies. He is patient and easy to work with.
    Tammy Everett
    Tammy Everett
    2020-01-10
    Craig Petronella, CEO of Petronella Technology Group provided the members of the Defense Alliance of North Carolina expert advice on cybersecurity and NIST compliance. Eye opening experience! Thanks so much!
    Julie Brown
    Julie Brown
    2020-01-09
    Craig and the Petronella Technology Group, Inc. team made HIPAA compliance for my small practice so simple and easy! They helped me with all of my HIPAA training, HIPAA Security Risk Assessment, Penetration Test, and HIPAA secure hosting so I can rest easy.
    Pivot Point
    Pivot Point
    2020-01-03
    Petronella Technology Group helped us with our marketing strategy for our new web startup. Awesome experience!!!!
    Richard Brunet
    Richard Brunet
    2019-12-30

    SCHEDULE AN APPOINTMENT

    Make It Happen Now

    CLIENT SUPPORT

    Don't Feel Stranded

    CONSULTATION

    Get Best Advice

    PAYMENTS

    Make A Payment

    Top