Law Firm Cybersecurity: Insurance Questionnaires

Law Firm Cybersecurity: Insurance Questionnaires


This is the 1st in a 3-part series about IT Services and Security for Law Firms. Please click here for the next article.

Law firms are struggling with next-generation malware threats, social engineering attacks, and other forms of cybercrime that disproportionately target the legal services industry. To protect themselves against potentially catastrophic data loss or major downtime, many firms in the Tampa area have turned to cybersecurity insurance.

However, picking the right insurance plan and navigating the application process are often stressful for law firms, especially when it comes time to self-report on your cybersecurity defenses with the questionnaire they provide.

Those forms are filled with technical terms, such as multi-factor authentication (MFA), end-point detection and response (EDR), and “ransomware control.” Is your firm struggling to understand the boxes that your insurance questionnaire is asking you to check? Let’s take a deeper look.

Question 1: Can your users access e-mail through a web application or a non-corporate device? If “Yes,” do you enforce MFA?

All users accessing email should be required to use what’s known as multi-factor authentication (MFA).

MFA is a multistep account login process that requires users to enter more information than just a password. After entering a password, users might be asked to enter a temporary code, answer a secret question, or scan a fingerprint. A second form of authentication is one of the most effective ways to prevent email breaches, with Microsoft finding that it can help reduce password-based attacks by up to 99%.

Question 2: Do you allow remote access to your network? If “Yes,” do you use MFA to secure all remote access to your network?

MFA is extremely effective in preventing ransomware attacks, as well as traditional hacks. A ransomware attack begins when an attacker acquires account credentials. However, with MFA, the attackers lack the additional information required to gain access to the target account. This prevents the attack and keeps it from entering the system.

It’s worth noting that not all MFA systems are built the same in terms of the practical level of protection that they offer.

In recent years, there’s been a spate of attacks specifically targeting MFA solutions, including a very high-profile breach at hardware company Cisco. In that attack, criminals flooded users with requests to verify their identities on a mobile security application (in this case, Duo) until the overwhelmed party verifies the access out of sheer frustration. In other cases, hackers can use fraudulent landing pages or social engineering attacks to undermine an MFA system.

This makes it important to understand that MFA should be complemented by a robust cybersecurity awareness training program, but more on that topic later.

Question 3: Do you use an endpoint detection and response (EDR) tool that includes centralized monitoring and logging of all endpoint activities across your enterprise?

Endpoint detection and response (EDR) is an integrated security solution that combines real-time continuous monitoring and collection of data from your endpoints (PCs, laptops, and tablets) with rules-based automation to respond and analyze threats.

There are 4 primary functions of an EDR security system:

  1. Continuously monitor and collect data from your network endpoints
  2. Analyze data to identify anomalies or threat patterns, not just known malware or attacks
  3. Automatically respond to or remove those threats, then notify your security team
  4. Perform forensics analysis to research threats and understand their impact and reach

Having an EDR system is something we strongly recommend for our clients in the legal services field, though it’s worth noting that there are new concepts in detection and response technology that complicate answering this question.

If you have a managed detection and response (MDR) solution—like the kind we offer here at LNS Solutions—then you have greater protection than a standard EDR, which means you can confidently answer yes to the question above. MDR solutions add the vigilant support of human personnel to weave the EDR system into a larger security plan and analyze the data.

Question 4: Do you prescreen emails for potentially malicious attachments and links?

If “Yes" to the above question, do you have the capability to automatically detonate and evaluate attachments in a sandbox to determine if they are malicious prior to delivery to the end user?

Another security tool that we strongly recommend law firms adopt is advanced email scanning, which offers protection against malicious URLs and weaponized attachments. The latest generation of email security tools are tuned to help mitigate not just phishing, but also account-based takeover (ATO), impersonation, and business email compromise attacks.

The second part of that statement, “malicious links,” is equally important. In recent years, hackers have started to get creative about the ways in which they leverage fake domains to trick people into clicking on malicious links. Lookalike domain names are one such strategy that is designed to look like legitimate domains, but in fact provide a way for hackers to enter your systems.


  • vs.
  • vs.
  • vs.

Are you confident that your staff is going to notice the differences above while they’re busy working?

Cybercriminals are banking on the idea that they won’t, and statistics show that they’re often right. To mitigate this problem, there are tools you can employ, but your security team should also be vigilant about identifying high-risk domains, scanning for lookalikes during regular security maintenance, and training your staff on how to watch out for this form of attack as they work.

Cybersecurity Insurance Questions You Might See

The above are the questions that our legal services clients ask us about most often, but there are several other confusing questions that you may encounter during the cybersecurity insurance process. Here are some of the other common questions that give our legal services clients trouble:

  • How many personally identifiable information (PII) records is your business storing?
    Many firms are confused about what constitutes PII, or don’t have an inventory of exactly how much PII they’re storing.
  • Do you provide anti-fraud training to employees?
    Is fraud training the same as cybersecurity training? It can be. To check this off with confidence, you’ll want to ensure that cyber awareness training includes all the necessary modules.
  • How long does it take you to install critical network patches and updates?
    Without closely tracking the efficiency of your network management efforts, many law firms don’t’ have a clear answer to this question.

When in doubt, the best way to shop for and purchase cyber insurance is with the help of a trusted cybersecurity partner, who can help you navigate all the ambiguity.

LNS Solutions – 30 Years of Legal IT and Cybersecurity Expertise

For decades, we’ve helped Tampa’s legal services firms take control of their IT and face cybercriminals with confidence. If you’re struggling with security concerns or the questions around your cyber insurance, contact us any time at (813) 393-1626 or We look forward to speaking with you!


chevron-downmenu-circlecross-circle linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram