Firms holding client information and funds are increasingly vulnerable to the risk of theft of confidential data which could lead to the loss of monies held in client accounts. Firms of all sizes can be, and are, targeted and the effect on the scammed firm and its clients can be extremely serious.
According to the Office for National Statistics, in 2015 there were an estimated 7.6 million cases of fraud and cybercrime in England and Wales alone.
Recent Law Society research shows that 1 in 5 law firms were targeted by scammers in the past year.
The reputational impact on the business, management time spent dealing with related issues and cost of covering losses can be significant to practices. However some simple steps can be taken to minimise these risks.
With cybercrime and fraud on the increase it is important that practices take all reasonable steps to protect themselves and their clients from possibly devastating consequences.
However a recent GCHQ report indicated that around 80% of cyber attacks could be prevented if businesses put simple security controls in place
GCHQ has provided documents on reducing the risks of cyber attacks that might prove helpful and provide some assistance in implementing some simple steps.
Here are some actions that CLC Regulated practices have taken to mitigate their risks.
Typically the fraudster has to be provided with access to your system, so an e-mail has to be opened or a link clicked on. Staff need to be trained to spot phishing emails and advised how to deal with them.
Consider how you manage your staff’s internet activities, possibly blocking access to certain types of sites where security risks may exist.
Are you and your staff using strong, secure passwords?
Review the results with your IT experts.
Keep your software and operating systems up to date, and install the latest versions which often contain enhanced security features.
Consider if you should prevent your staff using personal email accounts for work related matters.
Recently a number of practices have ceased sending any bank details by email, after incidences of emails being intercepted and banking details changed by fraudsters.
For example do all employees need access to the account systems? Ensure that staff who leave the organisation have their access rights revoked.
Limit third party access to your systems as much as possible and ensure that you have an appropriate contract in place with your IT providers, especially around access and use of data.
Where you have concerns over the validity of a potential client’s identity or the authenticity of the proposed transaction you should consider informing HM Land Registry (HMLR). It might not be that you suspect fraud, but there may be something dubious, which for example may lead you to decide not to represent the person. This information could help HMLR to combat fraud. You can do this by emailing firstname.lastname@example.org or calling the HMLR property fraud line on 0300 006 7030.
Should you require any further assistance then please contact your Regulatory Supervision Manager.
Do not waste any time. As soon as you become aware of fraud, report the matter to
You should also discuss what has happened with your client.
The CLC has gainedCyber Essentials PLUS certification.
|CookieConsent||https://www.clc-uk.org/||Stores the user's cookie consent state for the current domain||1 Year||HTTP|
|_ga||https://www.clc-uk.org/||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||1 Year||HTTP|
|_gat||https://www.clc-uk.org/||Used by Google Analytics to throttle request rate||Session||HTTP|
|_gid||https://www.clc-uk.org/||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||Session||HTTP|
|collect||google-analytics.com||Used to send data to Google Analytics about the visitor's device and behaviour. Tracks the visitor across devices and marketing channels.||Session||Pixel|
|GPS||youtube.com||Registers a unique ID on mobile devices to enable tracking based on geographical GPS location.||Session||HTTP|
|VISITOR_INFO1_LIVE||youtube.com||Tries to estimate the users' bandwidth on pages with integrated YouTube videos.||1 Year||HTTP|
|YSC||youtube.com||Registers a unique ID to keep statistics of what videos from YouTube the user has seen.||Session||HTTP|