Updated SRA Risk Outlook: Are you up to date?
The Solicitors Regulation Authority (SRA) have today updated their 2016/2017 Risk Outlook.
Setting out the main areas of risk within the legal sector, the guide aims to keep legal professionals up to date with how they could be affected, and how to protect against these risks.
One of the main purposes of the Risk Outlook is to display the priorities of the SRA and how resources are allocated to deal with them efficiently. Being able to control the risks is key and by helping legal professionals manage the risks, services can be carried out in the interests of the public, ensuring that justice is properly administrated.
Recently updated in the Outlook is the priority risks section; setting out for legal service providers where the SRA are focussing their attention and the issues which are of most importance.
One of the key areas updated was cybercrime, highlighting the latest trends and up to date information within the sector. As the biggest target for this kind of fraud, staying aware and keeping protected against the latest risks is essential for those in the conveyancing sector. Highlighting this, the update indicated that of all the cybercrimes reported to the SRA, three-quarters involved email modification fraud. Half of these reports are email modification frauds against conveyancing proceeds. Although all areas of work which involve client money are prime targets, the figures from the SRA demonstrate that conveyancing is one of the most vulnerable.
Leading experts were recently brought together by the SRA to discuss the risks posed by cybersecurity, coinciding with the update being issued.
Involved were experts and agencies from a variety of sectors, brought together to consider how businesses can best overcome the threat of cybersecurity. Also in attendance were representatives from multiple organisations including the Information Commissioners Office, the National Crime Agency, Pelican Underwriting, Cyber Strategies, and Microsoft.
In general, there was agreement that law firms posed an appealing target for fraudsters and other cyber criminals. Evident from recent cases published in the media, this is because of the large amounts of money transacted on a daily basis as well as the sensitive client information held.
The three main themes highlighted were:
- Cybersecurity being branded as an ‘IT risk’. Rather than merely being a concern for a specific section of the business, cybersecurity is a business risk and requires acknowledgement and action at the highest level. As well as ensuring that staff are appropriately trained, businesses and firms need to develop a culture which treats cybersecurity as a priority.
- Focussing on people and processes. Technology is far from being solely responsible when cybersecurity is breached. It is essential that firms consider making certain checks a mandatory procedure, especially when a client notifies them of personal information or bank detail amendments.
- Software should be supported in order to reduce business vulnerability. Organisations should consider the plus points of introducing Cyber Essentials as well as directly targeting the risk. Supported by the Government, Cyber Essentials is a scheme to assist businesses protect themselves against the most common cyber attacks.
The Authority have made clear that they will work with firms should they fall victim to cybercrime, taking a constructive and engaged approach. Nevertheless, the spring update also mentions that where firms fail to act proactively, the SRA will take action. This year, for example, they have issued rebukes in instances where a firm has been slow to compensate client losses or where loss of client money has not been reported.
Commenting on the Risk Outlook was SRA Chief Executive, Paul Philip. He mentioned the rapid development of technology related risks and the responsibility of businesses to take the appropriate steps to protect their clients.
“We all benefit from information technology, but that means we are all vulnerable to cybersecurity risks.
“These risks evolve rapidly. Whether it is money or sensitive client information, law firms are an obvious target. It is the job of firms to take steps to protect themselves and their clients, but we want to help.
“So in addition to regular updates and conversations with firms, we also want to make sure we learn from insights across all sectors. It was clear from our roundtable how similar the issues are. By working together we will be in much better place to stay cybersecure.”