Cyber security – protecting your client, your reputation and your PII
Do you perform background checks as a matter of course on each transaction? How secure are your email systems? Do you have stringent cyber security policies in place? Are you complying with AML regulations? If the answer to any of these is no, then you really should consider how well you actually know your clients. Not sure where to start? PSG can help.
Cybercrime, phishing, scam emails – unfortunately these are all too familiar phrases in our modern technology driven world. In fact, cybercrime is now one of the most prevalent crimes in the UK with fraudsters using increasingly sophisticated tactics to infiltrate computer systems and divert funds.
Action Fraud, the national fraud and cyber crime reporting centre, revealed last summer that a startling £1 billion was lost by businesses to online crime in the twelve months previous. The legal sector is a huge target, and it will come as no surprise that the large money transfers involved in conveyancing act as a significant draw for cyber criminals.
Research conducted by the SRA shows that a quarter of UK law firms have been targeted in one form or another by online fraudsters, with one in ten of those cases ending in the loss of client funds.
It is of upmost importance, not only from a compliance perspective, but also to preserve your reputation, that law firms remain vigilant in the fight against cyber crime and are aware of the tactics that are being used to gain trust, obtain personal information and divert client funds.
Cyber criminals will often seek to use the name and address of existing firms, and even the name of individual solicitors to confuse the intended target and get them to reveal sensitive information. These emails can be extremely difficult to detect amongst your usual communication, they can feature company logos and footer information and can even include links to websites that are cloned from real sites to make them appear genuine.
Scam emails purporting to be from the other side can also contain links or attachments which when clicked will download ‘Malware’, programmes which can allow them to harvest data directly from your computer.
In January of this year alone, the SRA scam alert system was triggered 15 times.
‘Friday Afternoon Fraud’
Completion day, the busiest day of the week for conveyancers up and down the country. Also, the perfect opportunity for fraudsters. A whopping 75% of all cybercrime reports that are reported to the SRA occur on a Friday afternoon. The scenario - you are ready to complete and you get an email from the other side saying that there has been a last minute change and could you update the bank account details of the vendor. You might question it, but the email looks genuine – they have the name and other details correct so what could go wrong? You change the details and send the funds and just like that your client is out of pocket by hundreds of thousands of pounds.
Just recently the case of City firm Mischon de Reya, which was found liable for breach of trust after a client was tricked by a tenant posing as a homeowner, has sent alarm bells ringing throughout the conveyancing sector.
Keeping information safe
There are, of course, steps that you can take to protect your firm and your client from the risk.
If you use a cloud server to store information, as so many people do these days, you need to ensure that it meets with requirements of your regulatory body, that it meets your legal obligations under the Data Protection Act and that you have performed stringent due diligence to ensure that your data is secure from hackers.
You should also regularly review and update your Malware protection and ensure that all staff are fully trained in how to identify and safeguard against a cyber attack. Back up data and consider implementing a cyber security policy. If you receive a suspicious email, especially on a Friday afternoon, follow your instincts and check it out further.
The 3 step solution from PSG
1. Enhanced AML
Using the latest technology from global ID specialists GB Group, you can verify the identity of more than half the world’s population, access a broad portfolio of PEPS information and perform sanctions screening. This secure and automated service streamlines your processes, supports your AML obligations and removes the risk and costs associated with manual checks.
2. Consumer Bank Account Validation and Verification
Accessible and usable worldwide, this cost-effective service checks bank account, name and address details against the latest reference data – online and in real time to verify that the account belongs to the customer. The check will alert you when an entered bank account has been closed, when a match hasn’t been found or if account details known to be fraudulent are supplied, allowing you to protect all parties in the transaction.
Combat the increasing risk of vendor conveyancer fraud by checking the previous use of the client account to which you are sending funds. This low cost measure allows you to check the client account purported to belong to a legitimate vendor’s solicitor is just that and not just a gateway to the fraudsters pocket.
Additional Practice Support Services
We have recently launched a range of Practice Support Services to assist in compliance and optimising best practice and performance. Working closely with Legal Eye and Training Eye we can offer support with your cyber crime policies, data protection and IT security whilst ensuring that you and your staff are fully trained in understanding Cyber Security.
For more information on Practice Support Services, our AML solution or Bank Account Validation and Verification services, contact your local PSG office which can be found at www.psgconnect.co.uk.
You can also contact our national customer services team on firstname.lastname@example.org or by calling 01226 246644