Cyber Liability Insurance

One of the primary responsibilities of an attorney is keeping client information confidential and secure. As most information is now stored electronically, keeping data confidential is in some ways more difficult than it was in the past. Law firm cyber security breaches often involve the leakage of client or employee information, which can be damaging for all involved. While breaches of cyber security have become increasingly common over the years, many fail to realize how susceptible they truly are to such attacks. However, the threat cyber hacking is particularly threatening for law firms. In fact, in 2009 the FBI issued an official warning that hackers were specifically targeting law firms.

Beyond hacking, are three main causes for Law Firm data leaks:

1. negligent disposal of client records
2. theft or ruin of devices
3. improper use of internal security

While steps may be taken to prevent a data breach from occurring in the first place, the consequences of such an occurrence are so great that law firms are advised to invest in cyber liability insurance.

Ramifications Of A Cyber Data BreachData Protection

Cyber data breaches may result in a series of harmful consequences for those involved. As attorneys are by law obligated to protect client information, following a data leak, firms may be presented with malpractice claims and lawsuits. Depending on the state in which you practice, laws regarding the appropriate treatment and disposal of client information vary. The consequences your firm will face following a cyber attack are often unpredictable, but recovery from a data leak is almost always an expensive process.

Cyber Liability Insurance For Your Firm

According to the Ponemon Institute, in 2013 the average cost of a data breach, for one company, was 3.5 million. The full study may be read here. Security breaches often result in unexpected costs, such as those related to hiring an IT investigator to determine what went wrong and allowed the breach to occur in the first place. There are costs related to public relations, alerting those whose information has been leaked, and managing any resulting legal expenses. Many believe cyber liability is covered under legal professional liability insurance. While traditional insurance may cover certain aspects of a cyber attack, there are many grey areas that remain exposed. The only way to truly protect your firm from the costs of a cyber data breach is by investing in cyber liability insurance.

Cyber liability insurance ranges widely in coverage and protection, to fit the needs of your firm. You should ask your insurance provider to conduct a cyber risk review to ensure your plan meets your needs. Consider whether or not you want your insurance to cover the following:

  • costs related to hiring an IT investigator following a data breach
  • third party claims (violation of one’s right to privacy, ect.)
  • meetings with PR firms
  • business interruption

For more tips on cyber safety, look here.

Kaplan Leaman & Wolfe Court Reporting & Litigation Support to be a Silver Sponsor for the 2014 Claims College

Kaplan Leaman & Wolfe Court Reporting & Litigation Support is proud to be a Silver Sponsor for the 2014 CLM Claims College. This event will take place from September 7-10 at the Downtown Philadelphia Marriott. Guided by some of the brightest minds in the claims industry, the Claims College is divided into seven schools, each focused on a specific audience. Each school is comprised of three levels, and successful completion of all levels in a particular school will earn participants a respected and sought after designation, which will become the industry standard for identifying top-notch claims professionals.

About the CLM

The Claims and Litigation Management Alliance (CLM) promotes and furthers the highest standards of claims and litigation management and brings together the thought leaders in both industries. CLM’s Members and Fellows include risk and litigation managers, insurance and claims professionals, corporate counsel, outside counsel and third party vendors. The CLM sponsors educational programs, provides resources and fosters communication among all in the industry. To learn more about the CLM, please visit


Susan Wisbey-Smith, Communications Manager

Claims and Litigation Management Alliance


A Law Firm’s Guide To Cloud Storage

Visual explanation of how cloud storage worksAs the number of law firms choosing to go paperless increases, the likelihood that your firm will use cloud storage is higher than ever. Even if your firm has yet to go entirely paperless, you may still employ cloud storage as a form of backup for important documents and files.

What is Cloud Storage?

The cloud is a virtual storage space that allows you to store information and documents offsite. Depending on the particular host you choose to work with, the cloud either allows you to access a desired file on the server, or sends the file back to you. There are many reasons for your firm to consider cloud storage.

  • Cost Effectiveness: Using cloud storage allows you to save room in your firm’s office by storing as many files as needed without relying on external storage devices such as filing cabinets, or a larger hard drive. Depending on the provider you select, using the cloud is often more cost effective than relying on an external storage device. Many cloud service providers are free of charge or free up to a certain point of storage.

  •  Accessibility: As long as you are connected to the internet, the cloud allows you to access information from a range of devices in a matter of moments. Service providers store duplicate files on multiple machines to ensure that any technical problem on their end doesn’t prevent you from accessing a file when you need it.

  •  Backup: Even if your firm continues to keep all files onsite, simultaneously storing them on the cloud is a great way to provide backup for your documents. If something happens to your firm’s office or computers, files may be easily retrieved from the cloud on another device.

  •  Teamwork: Cloud storage allows coworkers to share and collaborate on documents with greater ease.

 Protecting Your Law Firm While Using Cloud Storage

While using cloud storage protects your firm’s files by decreasing the likelihood they could be lost or destroyed, there is always an element of risk associated with storing information on the internet, out of your sight. This risk is particularly dangerous for a law firm, as insecure information could result in a breach of client confidentiality. Law firms must take extra precautions to ensure the safety of their documents.

    1. Consider your options when selecting a cloud service provider. Read over the provider’s policies and customer reviews to ensure that it is reputable and the best possible fit for your law firm.
    2. Check if the cloud service you have selected has built-in encryption tools. Encryption is used to protect documents by converting text into a code that can be understood only by authorized personnel. Even if the selected cloud service has built-in encryption, some law firms use additional encryption software for greater security. Consider which employees will be authorized to see what information.
    3. Don’t be lazy in password selection. Strong passwords, which are longer and more complex, can be a hassle to memorize but are worth the trouble if they help better secure your documents. Don’t repeat passwords on multiple sites. If someone gained access to one of your sites or files, repetitive passwords could potentially give them access to all your secured information. Consider employing the help of an online password manager to generate strong passwords.
    4. If using the cloud as a primary source of storage, play it safe by having an additional form of backup.
    5. Be selective about what content you put on the cloud; if a document contains highly sensitive information, your firm may choose to keep it onsite only.


How Lawyers Can Secure PDF Documents

With cyber security being a major issue for law firms today, we decided to post this article on some very basic things you can do to ensure your documents are secure and that the wrong eyes are prevented from seeing sensitive and privileged information.

How To Protect Yourself

PDF files are potentially safer than paper documents, at least in the event you apply security to them. PDF security isn’t infallible, but it’s important for lawyers to know ways to enable it, and to know what it can and can’t do.

1. Two Kinds of PDF SecurityPDF Documents

Acrobat enables you to lock down PDF files in two ways: (1) to stop a user from opening a PDF without having a “document open password,” and (2) to limit what can be done with a PDF once opened, unless the user enters a “permissions password.”

Why might you wish to restrict PDFs in these ways? The answer undoubtedly differs from lawyer to lawyer, but listed below are some common scenarios.

Let’s say you want to send a confidential document to a client by e-mail, but you’re wary that a spouse or secretary could possibly have access to the client’s e-mail program. You should enable security that prevents the PDF from being opened without a password; then call your client and be sure to disclose the password (and maintain that password for virtually every future PDF you need to send to this client).

If you’re producing documents in PDF form to opposing counsel, you may want to restrict their capability to insert or remove pages. If the PDFs are text searchable, you might want to inhibit the capability to select and copy text (although doing this is likely to create problems under F.R.C.P. 34(b)(E)(ii), which mandates that documents be produced in a “reasonably usable form”). If a protective order specifies the documents are not to be printed, you may properly restrict printing.

2. Setting Security On the PDF

So, how can you enable security to achieve such goals? In the File menu, choose Document Properties (or utilize the shortcut CMD/CTRL + D) and then click the Security tab. From there, choose the Security Method drop-down menu. Choose Password Security on the drop-down.

From the next dialog box, you can (1) enter your password which will be necessary to open the PDF, (2) enter a password which will be necessary to make changes to your PDF, and (3) specify the changes that are allowed or disallowed.
You’ve got options to prohibit printing (or limit printing quality) and preclude changes (e.g., inserting or deleting pages, content copying, and commenting). You can also set your password to restrict modifications to the PDF without setting a password for opening it.

Better Safe Than Sorry

3. PDF Security Isn’t Perfect By Any Means

After you apply security, Adobe will warn you that, while all of its products will enforce security settings, some third-party products might not, enabling recipients of the secured PDF to bypass a number of the restrictions you set. Put simply, Acrobat’s security is pretty good, but far from perfect. Still, it’s an improvement on nothing, and for that reason useful.

4. Save Security Settings for Reuse In The Future

If you find that you reap the benefits of utilizing the security settings, you might start making use of them a lot. You may realize that you’re utilizing a certain group of security restrictions over and over. Fortunately you can create a saved policy that you may quickly apply to future PDFs.

To do this, navigate to the Tools menu and choose Protection > Encrypt > Manage Security Policies. Then, choose New > Use Passwords and provide the policy a name (and description, if you want). Following that, you’ll see a dialog box, and you can define the security settings you would like to save for future use.

When you want to make use of the saved security settings, open the Tools menu and select Protection > Encrypt. Select the policy you created and apply it to the open document.

One Last UpdateData Protection

The very last important thing to cover about security is that you should frequently update Acrobat (and Reader, if you are using that as well). Adobe is constantly pushing out important security patches, so you want to have those right after they are available. To check for updates visit Help > Check for Updates

Law Firm Cyber Threats

Forensics investigators at Mandiant, an American cybersecurity firm, have reported working on twice as many targeted attacks by Cyber threats from viruses  spam hackersso-called advanced persistent threat (APT) adversaries against law firms than in years past. The FBI, during the course of ongoing investigations, has identified noticeable increases in computer manipulation attempts against law firms. Over the last decade, malware has made its way into organizations large and small. The number of cyber threats has spiked, and malware has become both risky and sophisticated. So why go after law firms? The answer lies in intelligence on their corporate clients.

Why Law Firms Are Cyber Threat Targets

Law firms are increasingly getting targeted by crafty, low-profile targeted attacks going after intelligence on their corporate clients. The specific intrusion vector used against the firms is a spear phishing or targeted socially engineered e-mail designed to compromise a network by bypassing technological network defenses and exploiting the person at the keyboard. Phishing, spear-phishing and other malware attacks have become a daily reality for law firms. The dangers of these attacks is in the ability to obtain confidential company information that can radically change the stakes of a business transaction or legal matter. Law firms are also targeted because attackers find them to be attractive and somewhat soft targets for gathering the intelligence they want on a new weapons system or software, for example. Firms that represent clients in mergers and acquisitions, or civil litigation, seemed to be one of those targets getting hit, including when their clients are involved with deals involving Chinese companies.

Hackers exploit the ability of end users to launch the malicious payloads (the cargo of a data transmission) from within the network by attaching a file to the message or including a link to the domain housing the file and alluring users to click the attachment or link. Because subject lines tend to be crafted, in a way that uniquely engages recipients with content appropriate to their specific business interests, it makes network defense against these attacks difficult. Furthermore, the messages are made to appear as though they originate from a trusted source based on the relevance of the subject line. However, it should be noted that opening a message will not directly compromise the system or network because the malicious payload lies in the attachment or linked domain. Infection is bound to occur once someone opens the attachment or clicks the link, which launches a self-executing file and, through a variety of malicious processes, attempts to download another file. What’s unfortunately more disconcerting is that a majority of companies don’t know or can’t detect when they’ve been attacked. Having clouds, mobile environments and a multitude of other tech tools aren’t making detection any easier.

Holistic Approach To Online Security

However, phishing attacks against law firms are nothing new – the FBI warned firms back in November 2009 of a massive phishing attack aimed at them. The solution to this prevailing problem is taking a more holistic approach to security. Other firms have reported deploying an array of conventional tools— such as intrusion detection, firewalls, prevention systems, and data- loss prevention virtual sandboxes. In the event that a threat alert is received, a solution would be to use a threat management platform like NetCitadel, to analyze contextual data about the incident, including user identity, IP reputation, indicators of compromise and geolocation data for IPs.Malware Warning

At the end of the day security is an enterprise issue, which means that attorneys, firm management and support personnel need to be involved. Essentially some basic activities must be undertaken to establish a security program, no matter which best practice a firm decides to follow. It goes without saying that technical staff will manage most of these activities, but firm partners and staff also need to provide critical input. Firm management has to outline security roles and responsibilities, develop top-level policies and exercise oversight. What this means is reviewing findings from critical activities, receiving regular reports on intrusions, reviewing the security plans and budget, system usage and compliance with policies and procedures.

Advantages Of Taking Action

Making sure that action is taken towards any potential malware and breach notification laws will keep a firm in a far superior position with its clients, its state bar and any regulators that may become involved if it can show that its security program is aligned with best practices, and its management is engaged. Furthermore, it bodes well for the firm as it proves it is complying with its policies and procedures, and tools are deployed to detect malware and criminal behavior.

Mental Illness: The Helping Families In Mental Health Crisis Act

There was a time in the U.S., when mentally ill people were denied many of their civil rights and civil liberties, and simply locked away in institutions. Representative Tim Murphy (R-Pa.), chairman of the Oversight and Investigations subcommittee within the Energy and Commerce Committee, released legislation for changes in the mental health system on both the federal and state level. He believes the current state of the country’s approach to mental health is not much better, with more than 11 million Americans suffering from severe schizophrenia, bipolar disorder, and major depression. Yet millions are going without treatment and families struggle to find care for loved ones. The Helping Families In Mental Health Crisis Act is supposed to fix the nation’s broken mental health system by focusing programs and resources on psychiatric care for patients & families most in need of services.

Help Is On The WayHelping Families In Mental Health Crisis Act

The Helping Families In Mental Health Crisis is set to increase inpatient and outpatient treatment options; clarify standards used to commit an individual to medical care; update the existing legal framework to help families and physicians communicate during a crisis; and move toward data-driven, evidence-based models of care so treatment is accessed not through the criminal justice system but the healthcare system.

“Those who need help the most are getting it the least because the nation’s mental health system is broken,” said Dr. Murphy, a clinical psychologist with over three decades’ experience. “Too many individuals with mental illness are ending up on the street or in jail because of mental illness. We must no longer be silent on the need to help the mentally ill because millions of families are struggling with a son, daughter, or loved one who is sick and needs help.”

Congressman Bill Cassidy M.D. echoes the same sentiments stating that, “The tragedy of Sandy Hook is the most obvious consequence of failing to address mental illness. More common are the individual families whose lives are broken by mental illness. This critical legislation begins to address our broken mental health system and will help those suffering from mental illnesses get the care they need”.

Addressing The Gaps

Not only is this bill addressing the gaps in care for adults and children with serious mental illnesses (SMI) like schizophrenia, bipolar disorder, and major depression, the Helping Families In Mental Health Crisis Act also addresses concerns that the Health Information Privacy and Accountability Act (HIPAA) and Family Education Rights and Privacy Act (FERPA) frustrate the efforts of physicians to share critical information about a young adult’s mental state with parents. It empowers parents and caregivers by breaking down the barriers that prevent mental health professionals from talking to parents of a loved one who is suffering from an acute mental health crisis.

Also supporting this bill is Rep. Leonard Lance, a member of the Health Subcommittee. Lance believes the “bill takes a clinical approach to supporting families and individuals undergoing sudden or long-term mental health crises. Quality mental health care is of great importance to countless Americans and it is indeed one of the most significant healthcare challenges we face as a Nation”.
Recent data suggests less than one-third of Americans with diagnosable mental illness actually get treatment. Similarly, experts estimate that more than half of those who suffer from severe mental disorders do not receive treatment in a given year. Veterans, young people and countless others are being failed by the current system, so much so that 70 percent of young people in juvenile justice systems have at least one mental health condition and at least 20 percent live with a severe mental illness. Suicide is the tenth leading cause of death in the U.S. (more common than homicide) and the third leading cause of death for ages 15 to 24 years. More than 90 percent of those who die by suicide had one or more mental disorders.

A Better OptionMental Health

Those in support of the legislation see it as offering viable and cost-effective alternatives to the institutionalization model. The Helping Families In Mental Health Crisis Act provides an option to existing inpatient care through court-ordered Assisted Outpatient Treatment (AOT), reducing rates of imprisonment, homelessness, substance abuse, and costly ER visits for the chronically mentally ill.

The way Congressman Murphy sees it, the federal government’s approach to mental health has been a chaotic patchwork of outdated programs and ineffective policies across numerous agencies. Unfortunately, patients end up in the criminal justice system or on the streets because services are not available. This Act is set to change that.

The Case Of Philip Seymour Hoffman’s Dealer: Should A Dealer Be Tried For Murder?

Academy Award-winning actor Philip Seymour Hoffman was found dead in his apartment, February 2 of an apparent drug Death Of Philip Seymour Hoffmanoverdose. Investigators found close to 50 packets of what they believe to be heroin in the actor’s apartment. Police immediately set out to track down Hoffman’s source for heroin. On February 4, Robert Vineberg, Juliana Luchkiw, and Max Rosenblum were arrested after police raided a Manhattan apartment, recovering 350 small plastic bags of what is believed to be heroin with labels that match those found at Hoffman’s residence, according to officials. The three were charged with criminal possession of a controlled substance in the seventh degree, misdemeanors. With heroin use and overdose on the increase, these charges raised a hypothetical question of whether the dealers should be charged with murder instead.

The Rise Of Deaths

Heroin-related deaths increased 84% from 2010 to 2012 in New York City alone and involved 52% of all overdose deaths in 2012, according to the city’s Department of Health and Mental Hygiene. Everyone in law enforcement agrees there has been a spike in heroin use in the United States, prompted by a crackdown on abuse of prescription pills and an increase in heroin production in Mexico. As a result, heroin-related deaths are on the rise.

According to CNN legal analyst Mark O’Mara, as it stands now “there are laws in most states that say if you give drugs to somebody who kills themselves, you are responsible for their death”. But, is this the correct application of the law? Harvard Law professor Alan Dershowitz called the murder charge “an absurd misapplication of the law”. Referring to the Hoffman case he asked “what about the guy that gave the addict the drug that didn’t kill him? You’re playing Russian roulette. In this particular case, he died. In many cases, they don’t. You are going to pick a scapegoat and put this guy in jail for all the crimes that all the other addicts did?” However, this charge for this case might be viable as an example to other dealers of the impending consequences of drug dealing. George Zimmerman defense attorney Mark O’Mara, weighed in on this argument saying, “The government has done a number of different things to hold people responsible”. He further supported his statement saying he likes “the idea of saying to somebody, ‘If you give a drug that causes a death, we’re going to hold you responsible.’ Only because I think we have to go up the ladder to get to the people and let them know, dealing drugs can put you in prison for life”.Rise Of Heroin Addiction

Pending Decision

The question still remains, is charging the drug dealer with murder a foolish quest that does nothing to make the problem go away? Does the person who gave an addict the drug that killed him deserve to be put away for life? In actual reality the addict would have gone to all sorts of lengths to get the drug anyway. So, is this the right way to prosecute or should drug dealers be charged with possession of a controlled substance only and not be held liable for a pandemic that needs to be dealt with separately?