banner banner

All lawyers in private practice must purchase the Law Society’s mandatory professional liability insurance coverage and cyber coverage.  Excess insurance coverage is voluntary.  Further, all practicing lawyers must pay an annual fee to maintain the Assurance Fund.

PROFESSIONAL LIABILTY

Mandatory Insurance, Part A

Part A provides each insured lawyer with up to $1 million of coverage for each occurrence, to an annual maximum of $2 million for all errors reported during the year.

Excess Insurance, Part B

In addition to the basic coverage, CLIA offers a Voluntary Excess Program to lawyers and law firms through its subscriber law societies. The Voluntary Excess Program offers limits ranging from $1,000,000 to $9,000,000 in excess of the underlying mandatory limit. To apply for excess coverage, complete the application found here and submit to the Insurance and Risk Manager.

Assurance Fund, Part C

Part A of the errors and omissions insurance policy will not cover theft by a lawyer. For this reason, public protection coverage against theft is provided through the Law Society’s Assurance Fund. The Fund is comprised of cash reserves accumulated over many years (contributed by members as part of their annual fees) and, as well, coverage by an insurance policy on the Assurance Fund under Part C of the Society’s policy with CLIA. Rule XIII of the Law Society Rules provides information about the Assurance Fund and an application for an innocent member of the public to assert a claim for fraud or theft against a practicing lawyer.

Cyber Liability

CYBER INSURANCE COVERAGE

The Law Society arranges mandatory first response cyber insurance coverage for all insured lawyers. If you want protection under that policy, there are steps that you must take.

IMPORTANT: IT requirements for coverage to respond:

  1. Weekly backups of data, stored offsite, and tested at least annually.
  2. Application of critical patches to your systems, anti-virus software, and anti-spyware software must be made within two weeks of release.
  3. Installation and maintenance, and active monitoring within reasonable business practices, of firewalls and endpoint protection (also known as anti-virus and anti-spyware).
  4. Multi-factor authentication must be enabled on email accounts and for remote network access (also known as VPN or Virtual Private Networking, or remote desktop access).
  5. Email scanning must be enabled on your mail services to ensure each email is scanned before entering your inbox or leaving your sent box for malicious attachments, links, or other content.
  6. Firm members must engage in cyber awareness training before June 30, 2023.

Many lawyers and law firms will already have these protections in place, but if you do not or are not sure, check with your IT consultant ASAP and take steps to implement multi-factor authentication and e-mail scanning today. For more information on both processes, including links to instructions, see below.

Multi-Factor Authentication (MFA)

MFA is a process by which users are prompted during the sign-in process for an additional form of identification, such as a code sent to your cellphone or a fingerprint scan. Hackers are gaining unauthorized access to networks by stealing log-in credentials. By requiring multi-factor authentication, you reduce the likelihood of an unauthorized third-party in possession of a username and password from accessing your computer networks.

The MFA feature has to be turned on.

If you use Microsoft Office 365, you can go to this link for instructions:  https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide

If you use Gmail, go to this link: https://safety.google/authentication/

If you use an email system other than Microsoft or Gmail, you should contact your service provider for guidance on turning MFA on.

Here is a link to an article on MFA and other cyber issues: https://www.attorneyatwork.com/multi-layer-security/

E-Mail Scanning

If you use Microsoft Outlook or Gmail, it may be that this setting is automatically enabled. But you should check your settings to make sure.

For Microsoft, you can go to this link for information: https://support.microsoft.com/en-us/topic/spam-and-virus-protection-in-microsoft-365-small-business-7c4ea825-48e9-4cde-ab27-e5e131e3e652

For Gmail, you can go to this link for information: https://support.google.com/a/answer/9157861?hl=en#zippy=%2Cturn-on-spoofing-and-authentication-protection

If you use a different email system, you should check your settings and/or contact your service provider for guidance.