How safe is your “safe” list?
“Risks are often described like cockroaches – they hide well, multiply quickly and become everyone’s problem to stamp out…..…we need a clear view of the risks and to put in place controls, which include Law Firms’ management of risk and the actions they take and are able to evidence with documentation, to manage the risks within their business.”
Samantha Barrass – SRA Executive Director 2013
The ‘cockroaches’ are breeding and they are breeding fast. One of the biggest bugs is the cyber-criminal.
The conveyancing industry knows about the damaging effect a bogus law firm can have on a client and the reputation of a firm.
Here at Lawyer Checker we recommend as an absolute minimum the implementation of a Safe List policy throughout your conveyancing department.
Transactions thus fall into two categories:
1. Transactions with firms you deal with on a regular basis
2. Transactions with firms you have had little or no dealings with previously.
In list two, this could include transactions where you are dealing with a firm that you recognise, BUT the Fee Earner is not known to you, equally it could just be that the transaction has thrown up some concerns.
How do you manage your ‘Safe List’? Is it a physical list or a mental one? “We always deal with XXXX therefore they must be safe….”
How do you really know whether or not the transferring of funds is ‘safe’?
In order to adequately manage the risk associated with conveyancing transactions, Lawyer Checker suggests that, where there is not a ‘Blanket Use’ policy applied to using Lawyer Checker, keeping a ‘safe list’ is ‘the next best thing’.
How can you ensure that your safe list is safe? Firstly use a physical one, ensuring that it is impenetrable:
Ensure that your safe list is encrypted in order to keep the hackers out. Remember – tablets and smartphones can all too easily fall into the wrong hands
2. User authentication:
Control your user accounts – an ex-employee should no longer have access to company information – in 2014 CIFAS reported an 18% increase in employee fraud. Set passwords for the safe list which then ‘lock out’ an individual who fails to enter the right password.
3. Audit trails
Have a service which allows your firm to keep detailed logs of which employees download, upload and share files with whom and when. Gain better visibility into your operations – then if there is a security breach it ought to be easier to work out how and when it happened and who was the culprit.
All of the above can most certainly aide and abet in this fight against the cyber-criminals, but without doubt Blanket Policy use avoids any potential problems that Safe Lists fails to.
Next week’s spotlight will focus on Blanket policy use…