Lawyer's, Doctor's, Accountants, Investment Advisors - Need for Cyber Security and Protection is at an All-Time High

Professional Firms, such as; Law Firms, Accountants, Financial/Investment Advisors, Doctors/Healthcare Professionals, and other Professionals may not be in the technology industry, so a firm may not need cyber liability coverage, right?

Obviously, this discussion wouldn't be taking place if that were true.. Herein, we dive into how professionals are at high risk and often a prime target for cyber criminals; and the practices that can be taken in addition to purchasing a cyber insurance policy to properly protect you and your firm.

Coverage may be more affordable than you think, click here for a no risk cyber risk assesment and liability indication.

How is my risk increased as a professional?

For professionals it is important to consider the amount of sensitive or confidential information about your firm and your clients that you store electronically. Even when this information is stored at rest with a third-party.. A lot of liabiltiy is still placed upon you as the professional for the responsibility of storing this information with whichever vendors you choose. There are many considerations including; the liability of notification of a breach, lawsuits from third-party(s) due to breaches, as well as first party damages.

It is important to consider:

1. How do you value the risk of your client's data being exposed?
2. How do you think your client's value the security of their information if it was to be leaked?
3. Are you subject to HIPAA regulations? If there are any information you store subject to HIPAA regulations, there can be exorbitatnt breach notification costs as well as possible civil money penalties.
4. Do you hold any proprietary information of your client's?
5. How do your client contracts state you will handle the processing of their sensitive information?

Some may not think this kind of protection is necessary, but in an age where a stolen laptop or hacked network can instantly compromise the personal data of all of your clients, protecting yourself from cyber liability is just as important as protecting yourself from some of the more traditional exposures. And cyber risks and data breaches are most likely not covered under your professional liability or other standard policies.

Benefits of Cyber Liability Coverage:

Cyber liability insurance is specifically designed to address the risks that come with using modern technology. The level of coverage your firm needs is based on your individual operations and can vary depending on your range of exposure. It is important to work with a broker who can identify your areas of risk and tailor your policy to your firm. If your firm experiences a data breach, you have a responsibility, and are sometimes legally obligated, to report the breach to your clients. This can damage both your finances and your relationships with your clients. Cyber liability coverage may cover the costs of notifying the people or institutions affected as well as any lost income resulting from the data breach.

What Your Cyber Policy Should Cover:

Not all policies/coverages are created equally. It is important to make sure your policy includes these prime coverage options, if applicable to your firm:

1. First party coverage: Covers your own data or lost income after a data breach.
2. Third party coverage: Covers your liability to clients or government/regulatory entities.
3. Confidential information: Covers data when it is under the care, protection or control of third parties (the copy center you use, IT support services).
4. Media Liability: Defense and Indemnity for claims of libel, slander, copyright infringement, trademark infringement, invasion of privacy, etc.
5. Data restoration: Covers the work hours and money needed to regain your lost data.
6. Ransomware/Cyber Extortion: Coverage for the actual pay-out of ransomware/cyber extortion related attacks.
7. Cyber Business Interruption: A cyber attack can lead to an IT failure that disrupts business operations, costing your organization both time and money. Cyber liability policies may cover your loss of income during these interruptions. What’s more, increased costs to your business operations in the aftermath of a cyber attack may also be covered.
8. Social Engineering Fraud: Coverage for theft of funds by using deception or impersonation, where a criminal tricks you into parting with your funds; Often ties into a business email or other phishing-type scam compromise
9. Client Funds: Coverage extension to cover theft of client funds in the insured’s care, custody, or control
10. Reputational Harm: Coverage for lost income from an adverse media event due to a cyber event that damages the insured’s reputation

Steps to Lower Your Risks, Exposures, Potential Headaches and Possibly Premiums:

The size of a firm does not make it more prone to attack than another.

However, firms are more prone to attack if they exhibit a weakness that attackers know how to exploit.

For example, if your firm’s network can be accessed remotely, and if a portable device used to access it is left in an unlocked car, forgotten in a hotel room or lost at the airport, it would be easy for a data thief who picks up the device to access your network and the information on it.

There are many strategies that will decrease the chances of a data breach at your firm. Actions such as requiring strong password or using firewalls may seem obvious, but others may be less clear-cut. Did you know the administration of some of these, such as multi-factor authentication may actually help lower your cyber liability premiums as well?

Here are some steps you can take to increase your cyber security:

1. Install, use and regularly update anti-virus and anti-spyware software on every computer used in your business.
2. Use different passwords and usernames for everything. This way, even if a hacker finds one set of login credentials, the rest are still safe.
3. Multi-Factor Authentication. This has become a common way to avoid illegitimate access to protected information.
4. Use strong, encrypted passwords and change them regularly. Your network may be set up to automatically prompt you to do this after a certain amount of time. If not, set your own schedule.
5. Use a firewall for your Internet connection.
6. Utilize a VPN (Virtual Private Network) for remote workers. As COVID has driven much of the workforce home, there is an increase in the need for additional network security on the ever-mobile work spaces our employees work from.
7. Conduct regular risk assessments.
8. Be sure your laptop and other devices—including USB drives—are encrypted so if they are stolen or lost, your data is still protected
9. Train employees in cyber-security principles and develop a written IT policy.

Remember that even the best computer security can be breached. But conducting risk assessments will help you identify anticipated threats and be prepared to respond and recover. Taking steps to establish a cyber security program, including purchasing cyber liability insurance, is a smart way to protect your firm; and LG Planning Group is here to provide easy access to this coverage with our built-in Risk Assesment Calculator and Insurance Indicator, you can obtain a risk assesment and insurance indication in sometimes as little as 60 seconds.

Have a quesiton and want to review some concerns? We have a wide availability for consultations and eager to learn about your concerns and provide resolutions for your firm.

Schedule a consultation with one of our dedicated representatives here