SRA has issued 19 scam alerts in September so far

Print This Post

23 September 2015

PrintLaw firms need to tighten up their email security and revisit their cybercrime prevention strategies as the Solicitors Regulatory Authority has issued 19 scam alert announcements since the start of September, advises Converge Technology Specialists (ConvergeTS), the country’s only dedicated Cloud computing provider for law firms.

The vast majority of scams have been phishing emails sent to members of the public in the name of particular firms or individuals at firms and attempted to obtain bank account details or money. Just this week, Suffolk Police has reported how one local business was targeted by a bogus caller who pretended to be from the business’s bank. The business urgently downloaded what it believed to be security software and subsequently transferred £1m into the scam caller’s account.

In August, the SRA issued a note about a specific email scam targeting conveyancing firms, which invites the reader to click on links that are suspected to contain hostile and intrusive software, including viruses and other malicious programmes. The most popular virus is the Crypto Locker virus which now has as many as 16 variants. It effectively removes files from systems, demanding payment for their return – usually in Bitcoin payment – which can’t be traced back to the hacker.

Nigel Wright, managing director of Converge TS, says: “As a matter of urgency, law firms should be reviewing their cybercrime prevention strategies and email security. Firms could be subject to reputational issues if clients and/or client information is affected as a result of cybercrime. They could also face reprimand by the SRA and the Information Commissioner’s Office (ICO) with potential costs if they breach the SRA’s strict Code of Conduct or the ICO’s data protection rules.

“Scammers hope that their infiltration attempts will access people who are not necessarily familiar with your firm’s policies and procedures. So, with a little creativity, they can access systems and potentially take down your firm’s IT. It’s essential that you are doing all you can to protect your system and client files and data.”

To manage cybercrime risks, Converge TS advises law firms to:

1)       Put in place a risk management committee to review and manage the risks. This governing body should be connected to the board. Ignore data management and security at your peril. If the regulator comes knocking there won’t be much sympathy for those showing no awareness or competence.

2)       Establish ownership for data protection and information security and make it responsible for reporting to the risk committee.

3)       Put in place some simple but effective data access policies and controls to systems and key data, and detail who should have access to what.

4)       Understand your data. Where is your business data and your client data? Design a data strategy or, at least, start with a workable retention policy which covers both paper and electronic material.

5)       Ensure password policies are implemented across the business.

6)       Train staff to be aware of potential threats, including bogus emails and suspicious requests for information.

7)       Take advice from a specialist and review your IT security position to ensure you have a reasonable level of defence against external attacks and malware, as well as ensuring penetration tests on your systems are a regular event.

8)       Use double verification (two-factor) security to access your IT system and files and limit the potential for hackers to access all parts of your IT systems and files.

9)       Diarise regular penetration tests on your systems and enlist the help of ethical hackers who will be able to identify the weak spots in your IT. Implement all (or as many) of the recommendations as soon as possible.

10)   Take an honest view of your capability and consider moving data and applications to a competent cloud operator. Cloud operators of substance make security a centrepiece of their proposition and commit more money to the matter than you could possibly do.

Nigel concludes: “No firm wants to pay out for additional IT services, but investment in preventative measures is always more cost effective than picking up the costs of a targeted cybercrime attack on your business.”


Associate News is provided by Legal Futures Associates.
Find out about becoming an Associate

Legal Futures Blog

Is your marketing budget actually delivering a return?

Qamar Anwar 2

“Half the money I spend on advertising is wasted: the trouble is I don’t know which half.” Marketing pioneer John Wanamaker may have been forgiven for his lack of insight into his advertising budget back in the late 19th century, but what of today’s marketers? Surely in today’s data-driven age, accessing and utilising marketing budget data is commonplace? But in a world where there is a plentiful supply of data and information to aid marketing planning and decision making, it was quite shocking to see in new research that so many firms are investing in marketing activities that they openly admit are neither important nor effective.

October 19th, 2017