More than 55% of British law firms suffered at least one cyber attack in the past 12 months.
Add into the mix asset conversion fraud which saw a 10% increase, rising from 547 incidents in 2017 to 602 incidents in 2018 (Cifas ‘Fraudscape’ 2019 report). It’s safe to say the fraud problem just won’t be swept under the carpet.
Email Hijacking
Criminal hacking into a firm’s email server to incept and send false emails to clients, is one of the biggest threats to a firm. A fraudster can access the firm’s account, impersonate a client or other firm all with the motive of obtaining money.
However, the issue of email hijacking doesn’t just stop at stolen money. Under the General Data Protection Regulation (GDPR), any incidents of email hijacking must be reported as criminals will have received confidential and identifiable information.
Phishing
Phishing emails are sent to deceive employees to reveal confidential information. These attacks are becoming more and more common, with around 80% of law firms reporting at least one attack in the past 12 months. This type of fraud doesn’t just focus on small businesses as global law firm and magic circle firm, Linklaters, have fallen foul to phishing numerous times in 2019.
Malware
Harmful software, called Malware, encrypts files and steals data. More commonly known as ransomware, it ‘kidnaps’ your files in return for a ransom payment. This type of cyber crime made up 16% of the reports in 2018.
The National Centre for Cyber Security has identified the legal sector as a top target for cyber criminals so having a positive cyber culture in your workplace that cascades from the top down is a great way to start.
Implementing Cyber Essentials certification, which is a recommended Government backed scheme, is one of the ways you can prevent cyber criminals from accessing your firm’s technology. It ultimately protects your business, prevents data breaches and demonstrates to your clients, other firms and stakeholders that cyber security is top of your agenda – by protecting businesses against 80% of common cyber attacks.
Securing your email using OnDMARC will help to prevent criminals from cloning your domain, preventing other firms and your client’s falling foul of email fraud.
However, not everything can be done with technology though. Staff training surrounding due diligence and encouraging employees to raise concerns when they see something suspicious will help to cement the positive cyber security culture.
