Law firms beware: the hacker hunt has begun
Firms are still failing to take basic precautions against cyber-attacks. Lack of employee training around the dangers of cyber security and failure to deliver a consistent message to protect critical client data, may result in your firm being the easiest target.
By implementing a routine check, firms undertaking conveyancing could potentially avoid increased insurance premiums, professional indemnity claims, internal stresses and perhaps most importantly reputation and brand damage.
The phrase ‘I know most of the firms I’m dealing with’ forms a worryingly significant part of the due diligence process for too many conveyancers. Historically conveyancing has been an industry based on trust; as technology has advanced and suitcases of cash become redundant, this can no longer be a strategy that can be relied upon.
These conveyancers are not only opening themselves up to a personal and professional risk, they are also increasing the threat of client monies going amiss.
The case of Santander v RA Legal highlighted how devastating fraudulent activities in ‘Vendor Conveyancing Fraud’ can be. The judgement stressed that the burden of proving the conveyancer acted ‘reasonably’ is on the defendant; it should take into account all elements of reasonableness in its broadest term, rather than whether the loss would have not occurred ‘but for’ the conveyancing failures.
In a worst case scenario firms can cease to exist. Whereas a deposit amount lost may be able to be brushed under the carpet, the loss of the full value of the property cannot.
Even if your personal indemnity insurer does cover the costs, it is highly probable that premiums would massively increase (potentially double) and it is this ripple that creates serious and potentially catastrophic effects, long term.
In the case of RA Legal it was a combination that signified the end of their existence as a firm.
The reality is that cybercrime will target the most vulnerable, and even firms with a low public profile are not free from the criminals’ attention. Even if your data does not appear of value, it can still be stolen and ransomed. This all creates a sense of firms being hunted and it is very much a survival of the fittest.
The fact that the crime is committed digitally, and often remotely, makes it almost impossible to police. Local police are baffled and simply do not have the resources to trace the attack, whilst the same can also be said of international policing groups.
Paul Tucker, Business Development Manager at Lawyer Checker, has recently spoken at The Society of Licensed Conveyancers’ and Bold Legal Group’s Roadshows on cybercrime, said:
“Doing due diligence alone is not sufficient, there must be a risk management process in place to underpin the due diligence process. No one is able to stick their head in the sand and say you didn’t know the risks. The courts will not find this acceptable and neither will your professional indemnity insurers.
“If a problem occurs, you have to show you did everything reasonable to establish identity of the other side. Your risk management processes need to be robust; they have to be clear and logical for the staff to follow and all grey areas, need to be eliminated.
“Having spoken to Insurers and Brokers recently, it is clear that they are keen to hear from firms that they have policies and processes in place to manage the transactional risks involved in a conveyancing transaction.
“Lawyer Checker provides the tools to allow firms the comfort of knowing that they have the due diligence in place before releasing the client’s funds.
“Our solution allows firms to come and check the bank details they are provided with to ensure it’s a bank account used for conveyancing transactions. If it is not regularly seen in our database, and we cannot give you the immediate satisfaction to proceed with the transaction, then we will provide full due diligence on the firm.”
LinkedIn – Lawyer Checker
Associate News is provided by Legal Futures Associates.
Find out about becoming an Associate