First, I discussed the details of the new scam, and then, several ethical and legal implications. Now, I will offer a wrap up, and offer a few tips to help reduce risk...

Risk management tips to reduce your risk 
Did you know a lawyer or law firm employee may unknowingly expose his or her law firm to a virus? Once a virus is present on the firm’s computer, hackers may be able to obtain back-door access to the law firm’s most sensitive information. Therefore, both lawyers and staff should receive training on detecting high-risk emails.  

Suspicious emails should not be opened and should be deleted immediately. If a suspicious email is opened, no one in your firm should reply to it under any circumstances, nor click on any links within the email. Most importantly, they should not install and download any software from the Web before first confirming they are working with a trusted source.  

It is also critical to recognize that unencrypted email is not a secure mode of communication for lawyers. When sending confidential information via email use email encryption technologies.  

Other important security precautions for law firms include the following:
  

• Install a personal firewall and an anti-virus program and keep them running at all times.
    
• Ensure that the firewall and anti-virus program are updated automatically.
    
• Install security patches for Windows and Microsoft Office programs immediately, and enable automatic updates.
    
• Adjust the security settings in your Web browser to the maximum protection level while simultaneously permitting the firm to use its browser as needed.
    
• Implement strong password policies and procedures.
    

Before wiring client funds always initiate a phone call, to a number known to be valid, (rather than a number referenced in an email), to confirm the wiring instructions. Be especially cautious about any sudden and emergency changes to prior wire instructions.

If it appears that client funds have been stolen, act immediately to investigate the breach and prevent further thefts. Professional advisors, including legal counsel, specializing in cybersecurity or lawyer’s professional liability issues should be retained to provide guidance on potential sources to cover the firm’s losses, as well as on any ethical and legal obligations the lawyer may have following the theft.

Tying it all together  
Lawyers are required to use reasonable care to prevent third parties from accessing client funds held in the trust account. Never wire funds based merely on an email communication – always telephone the number in the client file to confirm the wiring instructions, even if a different number is provided via email. By implementing proactive measures, you can significantly reduce your exposure to a hacking scam.

In this age of cyber terrorism, how can you minimize your data security risks and financially protect your business should you fall victim to a data breach?  Contact a CNA representative to learn how risk controls, such as professional liability insurance and data protection services can be tailored to your business or visit www.cna.com/lplriskcontrol.