All lawyers in private practice must purchase the Law Society’s mandatory professional liability insurance coverage and cyber coverage. Excess insurance coverage is voluntary. Further, all practicing lawyers must pay an annual fee to maintain the Assurance Fund.
Part A provides each insured lawyer with up to $1 million of coverage for each occurrence, to an annual maximum of $2 million for all errors reported during the year.
In addition to the basic coverage, CLIA offers a Voluntary Excess Program to lawyers and law firms through its subscriber law societies. The Voluntary Excess Program offers limits ranging from $1,000,000 to $9,000,000 in excess of the underlying mandatory limit. To apply for excess coverage, complete the application found here and submit to the Insurance and Risk Manager.
Part A of the errors and omissions insurance policy will not cover theft by a lawyer. For this reason, public protection coverage against theft is provided through the Law Society’s Assurance Fund. The Fund is comprised of cash reserves accumulated over many years (contributed by members as part of their annual fees) and, as well, coverage by an insurance policy on the Assurance Fund under Part C of the Society’s policy with CLIA. Rule XIII of the Law Society Rules provides information about the Assurance Fund and an application for an innocent member of the public to assert a claim for fraud or theft against a practicing lawyer.
CYBER INSURANCE COVERAGE
The Law Society arranges mandatory first response cyber insurance coverage for all insured lawyers. If you want protection under that policy, there are steps that you must take.
IMPORTANT: IT requirements for coverage to respond:
Many lawyers and law firms will already have these protections in place, but if you do not or are not sure, check with your IT consultant ASAP and take steps to implement multi-factor authentication and e-mail scanning today. For more information on both processes, including links to instructions, see below.
Multi-Factor Authentication (MFA)
MFA is a process by which users are prompted during the sign-in process for an additional form of identification, such as a code sent to your cellphone or a fingerprint scan. Hackers are gaining unauthorized access to networks by stealing log-in credentials. By requiring multi-factor authentication, you reduce the likelihood of an unauthorized third-party in possession of a username and password from accessing your computer networks.
The MFA feature has to be turned on.
If you use Microsoft Office 365, you can go to this link for instructions: https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide
If you use Gmail, go to this link: https://safety.google/authentication/
If you use an email system other than Microsoft or Gmail, you should contact your service provider for guidance on turning MFA on.
Here is a link to an article on MFA and other cyber issues: https://www.attorneyatwork.com/multi-layer-security/
If you use Microsoft Outlook or Gmail, it may be that this setting is automatically enabled. But you should check your settings to make sure.
For Microsoft, you can go to this link for information: https://support.microsoft.com/en-us/topic/spam-and-virus-protection-in-microsoft-365-small-business-7c4ea825-48e9-4cde-ab27-e5e131e3e652
For Gmail, you can go to this link for information: https://support.google.com/a/answer/9157861?hl=en#zippy=%2Cturn-on-spoofing-and-authentication-protection
If you use a different email system, you should check your settings and/or contact your service provider for guidance.