Important – Your Cyber Insurance – Change to Conditions of Coverage
The Law Society arranges mandatory first response cyber insurance coverage for all insured lawyers. However, there has been a significant change in the conditions of coverage. If you want protection under that policy, there are steps that you must take now.
These are the three new conditions:
- Multi-factor authentication must be enabled on email accounts and for remote network access (also known as VPN or Virtual Private Networking, or remote desktop access).
- Email scanning must be enabled on your mail services to ensure each email is scanned before entering your inbox or leaving your sent box for malicious attachments, links, or other content.
- Firm members must engage in cyber awareness training before June 30, 2023.
These new conditions are in addition to the following longstanding conditions:
- Weekly backups of data, stored offsite, and tested at least annually.
- Application of critical patches to your systems, anti-virus software, and anti-spyware software must be made within two weeks of release.
- Installation and maintenance, and active monitoring within reasonable business practices, of firewalls and endpoint protection (also known as anti-virus and anti-spyware).
Many lawyers and law firms will already have these protections in place, but if you do not or are not sure, check with your IT consultant ASAP and take steps to implement multi-factor authentication and e-mail scanning today. For more information on both processes, including links to instructions, see below.
Multi-Factor Authentication (MFA)
MFA is a process by which users are prompted during the sign-in process for an additional form of identification, such as a code sent to your cellphone or a fingerprint scan. Hackers are gaining unauthorized access to networks by stealing log-in credentials. By requiring multi-factor authentication, you reduce the likelihood of an unauthorized third-party in possession of a username and password from accessing your computer networks.
The MFA feature has to be turned on.
If you use Microsoft Office 365, you can go to this link for instructions: https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide
If you use Gmail, go to this link: https://safety.google/authentication/
If you use an email system other than Microsoft or Gmail, you should contact your service provider for guidance on turning MFA on.
Here is a link to an article on MFA and other cyber issues: https://www.attorneyatwork.com/multi-layer-security/
If you use Microsoft Outlook or Gmail, it may be that this setting is automatically enabled. But you should check your settings to make sure.
For Microsoft, you can go to this link for information: https://support.microsoft.com/en-us/topic/spam-and-virus-protection-in-microsoft-365-small-business-7c4ea825-48e9-4cde-ab27-e5e131e3e652
For Gmail, you can go to this link for information: https://support.google.com/a/answer/9157861?hl=en#zippy=%2Cturn-on-spoofing-and-authentication-protection
If you use a different email system, you should check your settings and/or contact your service provider for guidance.