Firms holding client information and funds are increasingly vulnerable to the risk of theft of confidential data which could lead to the loss of monies held in client accounts. Firms of all sizes can be, and are, targeted and the effect on the scammed firm and its clients can be extremely serious.
This risk has been increased due to futher measures that may be taken by Russia or its proxies in response to the new sanctions regime (e.g. a cyber-attack on critical infrastructure or groups of firms).
The National Cyber Security Centre’s (NCSC) announcement to organisations in the UK to bolster their online defences can be found here. The NCSC (part of GCHQ) has urged organisations to follow its guidance on steps to take when the cyber threat is heightened. The guidance encourages organisations to follow actionable steps that reduce the risk of falling victim to an attack.
Further information on the sanctions regime can be found on our website here
According to the Office for National Statistics, in 2015 there were an estimated 7.6 million cases of fraud and cybercrime in England and Wales alone.
Recent Law Society research shows that 1 in 5 law firms were targeted by scammers in the past year.
Find out about the different types of fraud
See the latest scam alerts
Find out about the CLC’s secure badge for your website
Visit the National Cyber Security Centre for lots of guidance and materials you can use
Make sure you are training your staff. Make use of the National Cyber Security Centre e-learning package ‘Top Tips For Staff’. Which can be completed online, or built into your own training programme. It has been developed following a recognition that many smaller business, including law firms, may not have the resources to put cyber security training in place, leaving so staff exposed as their frontline defence against cyber attacks.
‘Stay Safe Online: Top Tips for Staff’ is free, easy-to-use and takes less than 30 minutes to complete. The training introduces why cyber security is important and how attacks happen, and then covers four key areas:
* defending yourself against phishing
* using strong passwords
* securing your devices
* reporting incidents (‘if in doubt, call it out’)
You can find it here
Watch this useful webinar from the Information Commissioner
Promote the Take Five to Stop Fraud campaign to your clients
Protecting yourself and your clients
The reputational impact on the business, management time spent dealing with related issues and cost of covering losses can be significant to practices. However some simple steps can be taken to minimise these risks.
With cybercrime and fraud on the increase it is important that practices take all reasonable steps to protect themselves and their clients from possibly devastating consequences.
However a recent GCHQ report indicated that around 80% of cyber attacks could be prevented if businesses put simple security controls in place
GCHQ has provided documents on reducing the risks of cyber attacks that might prove helpful and provide some assistance in implementing some simple steps.
Here are some actions that CLC Regulated practices have taken to mitigate their risks.
Appropriately and regularly train staff
Typically the fraudster has to be provided with access to your system, so an e-mail has to be opened or a link clicked on. Staff need to be trained to spot phishing emails and advised how to deal with them.
Consider how you manage your staff’s internet activities, possibly blocking access to certain types of sites where security risks may exist.
Are you and your staff using strong, secure passwords?
Install and run regular anti-virus and malware checks
Review the results with your IT experts.
Keep your software and operating systems up to date, and install the latest versions which often contain enhanced security features.
Reduce the amount of confidential information sent by email
Consider if you should prevent your staff using personal email accounts for work related matters.
Recently a number of practices have ceased sending any bank details by email, after incidences of emails being intercepted and banking details changed by fraudsters.
Consider appropriate controls of employee access to data and documentation
For example do all employees need access to the account systems? Ensure that staff who leave the organisation have their access rights revoked.
Third Party Access
Limit third party access to your systems as much as possible and ensure that you have an appropriate contract in place with your IT providers, especially around access and use of data.
Suspicions?
Where you have concerns over the validity of a potential client’s identity or the authenticity of the proposed transaction you should consider informing HM Land Registry (HMLR). It might not be that you suspect fraud, but there may be something dubious, which for example may lead you to decide not to represent the person. This information could help HMLR to combat fraud. You can do this by emailing reportafraud@landregistry.gov.uk or calling the HMLR property fraud line on 0300 006 7030.
Help from the CLC
Should you require any further assistance then please contact your Regulatory Supervision Manager.
What to do if you are a victim of fraud
Do not waste any time. As soon as you become aware of fraud, report the matter to
- your professional indemnity insurers
- the police
- the Council for Licensed Conveyancers
- your bank
- the National Fraud and Cyber Crime Reporting Centre on 0300 123 2040
You should also discuss what has happened with your client.
The CLC has gained
Cyber Essentials PLUS certification.
