In this short blog series, Lawyer Checker’s Jennifer Williams outlines how cyber crime and fraud affects the legal industry; the different types of cyber crimes and how law firms can protect themselves.
Practical Vision Network’s leading provider of risk management solutions to the legal sector, Lawyer Checker, offers a full inclusive suite of products and services which have one thing in common – they are all designed to protect and to promote your firm.
Furthermore, we host leading publications such as Today's Conveyancer and Today’s Wills and Probate, Today’s Legal Cyber Risk along with our newest publication Today's Family Lawyer – which are all respected as a source of reliable advice and information in their markets.
The risks associated with the transmission of funds in your conveyancing departments are extremely high but there is also a real risk in other departments where there is any transmission of funds, for example, the execution of a will, the award of compensation or claims.
What is cyber crime and fraud?
The news is filled with reports of criminals hacking into various companies and obtaining information that should be held securely.
5.9 million payment cards were stolen from Dixons Carphone in 2017 and during the summer of 2018, British Airways was compromised for 2 weeks. T-Mobile, the Marriott hotel chain and EE have all been the victims of cyber attacks with various personal data about their customers stolen.
So, what is a cyber security incident?
According to The National Cyber Security Centre (NCSC), which was established by the Government Communications Headquarters in 2016, a cyber security incident is:
Although the effects of a cyber security incident can be reasonably minor, it can also have catastrophic consequences resulting in severe reputational damage to your business.
If a major incident occurs, such as a ransomware virus, it can affect the way your business operates. The financial cost of cyber security failures can be the loss of contracts, negative press coverage leading to a fall in work and potential compensation for claimants.
But what does this mean to you?
Law firms are at risk and under scrutiny because they are a prime target due to the sort of personal data they hold, and the nature of the work they do - including the transfer of significant funds during conveyancing, probate and PI cases.
According to the Solicitor’s Regulation Authority (SRA) 60% of law firms reported a security incident in 2018, which is almost certainly an under reported figure.
There were also 287 scam alerts in 2018 and 20 in 2019 to date and the SRA’s scam alerts warn you “about people who call themselves solicitors but are not.”
This is an issue that the country, business communities and the legal sector are starting to take more seriously.
Representative bodies in the legal sector are putting pressure on law firms to take a more robust approach to cyber security with the introduction of dedicated information security resources to help.
The most recent updates which are relevant to the Society of Licensed Conveyancers and yourselves are changes to the Conveyancing Quality Scheme (CQS) and Lexcel accreditations.
Effective from the 1st May, both CQS and Lexcel now include reference to a specific information management and security policy which incorporate the following controls:
a) register of relevant information assets of both the practice and clients
b) procedures for the protection and security of the information assets
c) procedures for the retention and disposal of information
d) the use of firewalls
e) procedures for the secure configuration of network devices
f) procedures to manage user accounts
g) procedures to detect and remove malicious software
h) a register of all software used by the practice
i) training for personnel on information security
j) a plan for the updating and monitoring of software
k) a procedure for the secure transmission of the practice’s bank information to clients and receipt of banking information from clients
l) a procedure for verifying the banking details of other conveyancers and third parties to whom money is sent
m) a procedure for communications with the practice’s bankers
These changes, which have been extensively consulted on, aim to help firms tackle the range of information attacks they are now subject to.
Cyber Essentials Certification
The National Centre for Cyber Security (NCSC) has launched "Cyber Essentials"; a government endorsed accreditation which, when implemented fully, protects your business from low and mid-level attacks. Lawyer Checker work day in day out with law firms helping them to implement robust risk procedures to protect their business. Getting Cyber Essentials certification for your firm is quick and easy. Lawyer Checker is a Cyber Essentials assessor who can conduct your online assessment and issue your certificate in less than 48hrs. As we are a business that revolves around the law, we know how your business works and we know the nuances of law firms. Find out if you are 'cyber certification ready'.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Lawyer Checker (Part of The Practical Vision Network) provide a range of products and services for law firms to help them combat cyber fraud.
Furthermore, we host leading publications such as Today's Conveyancer and Today’s Wills and Probate, Today’s Legal Cyber Risk along with our newest publication Today's Family Lawyer – which are all respected as a source of reliable advice and information in their markets.
