by Don Nokes | Law firms in today’s marketplace are facing a slew of cybersecurity mandates from their insurers and, in some cases, their business partners (banks, credit card processors and other large vendors), given the proliferation of hackers and breaches.
In fact, we’ve seen evolving policy requirements and firms dealing with the immediate need to implement increased cybersecurity safety protocols — in a fire-drill mode — prior to renewal of their policies.
As a result, law firms are well advised to proactively cover their bases. Basically, we tell law firms that just because they have met the criteria for their current policy, they shouldn’t be lulled into thinking their renewal will require the same levels of cyber safety.
For example, as our clients have been renewing their cybersecurity insurance policies, they are discovering security strategies, once optional are now mandatory to keep or purchase new coverage. What’s more, it’s common for firms to learn of more stringent renewal requirements close to the actual policy termination date.
Beyond the technical safeguards, we know that implementing best practices include protecting law firms’ systems and data, guarding against damage to law firms’ reputation and, ultimately, minimizing the law firm’s liability. For those who have experienced a hack, they know breach notifications alone are enough to paralyze a law firm for several weeks.
MFA: A Necessary Security Protocol or a Nuisance
The most common new requirement that we’re seeing is Multi-Factor Authentication or MFA. When it comes to MFA, law firms are finding they will need to attest that MFA is invoked at every level and for every user. Carriers are now placing this attestation as a new condition for renewal.