Is Human Error The Biggest Cyber Risk?
What is your firm doing to combat cybercrime? The chances are it’s investing in security technology, tightening up information security policies and – in case the worst happens – considering cyber insurance. But what are you doing about your people?
Many firms will be publishing cybersecurity policies to circulate to staff and providing some form of training. In the day-in-day-out busyness of a conveyancing department, though, are your staff really putting these policies and training into practice or is there a knowing–doing gap?
Cybercrime attacks are, sadly, inevitable and law firms are prime targets because of the large amounts of money moving into and out of their accounts. The Solicitors Regulation Authority (SRA) reports that at least £10.7m of client money was lost to cybercrime in 2017-18 so it’s clear that a number of attacks are slipping through the protective net of technology.
Email modification fraud – where criminals divert funds to their own account by replacing bank account details in an otherwise legitimate-looking message from a client – accounted for more than 70% of cybercrime reports to the SRA in the first quarter of 2018. What would members of your team do if they received an email advising them of a change of bank details for a mortgage redemption? What if the email arrived on a busy Friday when the client’s property sale was due to complete? Awareness is key!
In addition to technology measures, the following steps can help you to protect your firm:
- Develop a cybersecurity policy that’s pragmatic and useable – if it’s perceived to be too strict or unworkable, staff may ignore it
- Ensure the policy is kept up to date, prominent and visible
- Regularly train staff, including showing them examples of fraudulent emails
- Establish a clear reporting process to escalate any suspicions
- Test your staff! Find out how they respond to an email that should raise suspicion
Central Law Training has the ideal solution to help your firm raise cybersecurity awareness amongst staff. We offer a range of flexible training options including a new concise e-learning course on Cybercrime in Conveyancing. Please email [email protected] for further information.