Tackling Fraud and Cybercrime
Firms holding client information and funds are increasingly vulnerable to the risk of theft of confidential data which could lead to the loss of monies held in client accounts. Firms of all sizes can be, and are, targeted and the effect on the scammed firm and its clients can be extremely serious.
According to the Office for National Statistics, in 2015 there were an estimated 7.6 million cases of fraud and cybercrime in England and Wales alone.
Recent Law Society research shows that 1 in 5 law firms were targeted by scammers in the past year.
Protecting yourself and your clients
The reputational impact on the business, management time spent dealing with related issues and cost of covering losses can be significant to practices. However some simple steps can be taken to minimise these risks.
With cybercrime and fraud on the increase it is important that practices take all reasonable steps to protect themselves and their clients from possibly devastating consequences.
However a recent GCHQ report indicated that around 80% of cyber attacks could be prevented if businesses put simple security controls in place
GCHQ has provided documents on reducing the risks of cyber attacks that might prove helpful and provide some assistance in implementing some simple steps.
Here are some actions that CLC Regulated practices have taken to mitigate their risks.
Appropriately and regularly train staff
Typically the fraudster has to be provided with access to your system, so an e-mail has to be opened or a link clicked on. Staff need to be trained to spot phishing emails and advised how to deal with them.
Consider how you manage your staff’s internet activities, possibly blocking access to certain types of sites where security risks may exist.
Are you and your staff using strong, secure passwords?
Install and run regular anti-virus and malware checks
Review the results with your IT experts.
Keep your software and operating systems up to date, and install the latest versions which often contain enhanced security features.
Reduce the amount of confidential information sent by email
Consider if you should prevent your staff using personal email accounts for work related matters.
Recently a number of practices have ceased sending any bank details by email, after incidences of emails being intercepted and banking details changed by fraudsters.
Consider appropriate controls of employee access to data and documentation
For example do all employees need access to the account systems? Ensure that staff who leave the organisation have their access rights revoked.
Third Party Access
Limit third party access to your systems as much as possible and ensure that you have an appropriate contract in place with your IT providers, especially around access and use of data.
Help from the CLC
Should you require any further assistance then please contact your Regulatory Supervision Manager, Nicola Anthony firstname.lastname@example.org or John Hosie email@example.com.
What to do if you are a victim of fraud
Do not waste any time. As soon as you become aware of fraud, report the matter to
- your professional indemnity insurers
- the police
- the Council for Licensed Conveyancers
- your bank
- the National Fraud and Cyber Crime Reporting Centre on 0300 123 2040
You should also discuss what has happened with your client.