Tuesday, December 28, 2010

An Ounce of Prevention

Today, I received a letter from hedge fund where I have a small investment, letting me know that a laptop, along with my personal information, had been lost.  It read: “In order to assist you, we have arranged with a security company to provide you with complimentary use of an identity theft protection service, which includes $1 million in identity theft expense insurance, for two years.”  They were obligated to contact over 600 past and present investors.  The estimated cost for their new insurance expenditures is over $10,000.  That doesn’t include the long term costs they might incur if any identity theft actually occurs, nor does it include the time and reputational damage they’ve experienced, nor the sleep I’m sure they’re losing, worrying if this will be the death of their three-person firm.
Learn from their example.  The New Year is a great time to think about liability issues, the potential game-ending risks at your firm and above all, what you can do to mitigate or completely remove them.  Often, a small effort can fix potentially big problems.  In the example above, employing endpoint encryption on users’ PCs, only a few hundred dollars per year, could have avoided this entire fiasco.  (Shameless plug:  NexFirm provides encryption service.)  As your firm grows and matures each year, the risks you incur will change; and ongoing, periodic review is required.  For most law firms, the largest risks lie in three areas:  Data protection, Regulatory compliance and Insurance coverage.
Data protection
It’s good if your firm protects data from potential loss with a security system.  It’s better to prevent unauthorized users from accessing that data, whether it’s lost or sitting on your office desk.  So, get encrypted.  Encryption is a get out of jail free card:  If encrypted data is lost, you don’t need to notify clients, you don’t incur liability and you don’t need to worry that the data will be compromised.  Virus protection is the other side of the coin.  We recommend an administrator-directed security solution so you can confirm that your anti-virus regimen is followed religiously.  And to make your data protection plan complete, you need firm backup procedures, replete with data recovery plans.  To be fully effective, your backups must be off site, encrypted and provide a restore time frame that supports your business needs.
Regulatory compliance
Requirements change with surprising frequency and effect many parts of your operation, including data archival and employment responsibility.  Touch base with the regulatory bodies in your jurisdictions of practice and confirm that your procedures comply with regulations.  It makes sense to have an employment attorney review your employee handbook each year to make sure that you incorporate changes to the law and to confirm that your firm is using the best practices available.
Insurance coverage
You are forced to review your malpractice coverage each year for renewal, a helpful process that allows you to reassess your professional liability.  This is a good time to review the other types of liability your firm incurs and to assess whether additional coverage strategies make sense.  General liability, crime, fiduciary, employment practices, error and omissions and several other types of coverage could be worthwhile.  This is also a good time to consider creating or updating a buy/sell agreement for the partnership and purchasing life insurance and long term disability insurance for the principles of the firm.
I wish I could promise you that doing this type of review will be fast, easy and inexpensive; it may not be.  Compare that to the tumult you will experience should your firm face an issue, and you will find that the time and expense are well spent.  And, of course, if you feel stuck or generally unenthused by the project, give us a call at NexFirm.  We’re happy to help!


David DePietto is the founder and CEO of NexFirm.  He can be reached at dd@nexfirm.com.