The CLC has urged all the firms it regulates to use the guidance from the National Cyber Security Centre following an incident where a firm’s mail server was hacked and compromised.
During the breach, cyber criminals were intercepting all incoming email communications. The hackers then used this sensitive data to send spoof emails, claiming to be the firm, to their clients. It is unknown as to the extent of the data breach; however, it highlights the precarious situation that is created when communicating online.
According to the Annual Regulatory Return (ARR) for 2017/18, a form completed by all 228 businesses regulated by the CLC, 37 firms had resisted attempted frauds last year. This equates to 16% of firms that were aware of an attempted attack.
Furthermore, 11 firms reported that cyber criminals had successfully defrauded their firm. When you consider that 82% of CLC firms specialise in residential conveyancing and 7% complete commercial conveyancing work, these firms stand to lose huge amounts of client money that will also impact their reputation.
In attempts to ensure that the firms it regulates reduce the success of cyber crime, the CLC has issued updated guidance that includes following NCSC advice like completing cyber certifications such as the government approved Cyber Essentials accreditation.
The ARR also found that 34% of CLC regulated firms are concerned that they could become victims of fraud or money laundering. This figure has increased by 7% from the 27% worried about this issue in 2017.
Almost a fifth (19%) are concerned of the impact that Brexit will have on the conveyancing sector. Again, this issue has increased from the 12% a year earlier. Only 41% of firms expected their work to increase and their business to grow in comparison to 53% in last year’s report. The decline was attributed to fears in the property market because of Brexit.
Despite the CLC’s recent warning, only 22% of firms were concerned by the threat of cyber crime; this figure has decreased from 29% in 2017.
The CLC Annual Report 2018, states: “During 2018 the CLC has continued to take steps to reduce the risk of fraud faced by CLC Practices and their clients. We have updated the advice section of our website to include help and advice from National Cyber Security Centre, National Crime Agency, and the Information Commissioner’s Office. We have also developed consumer facing advice on our website that is also shared regularly on social media.
“We have continued to support and promote the Take Five to Stop Fraud Campaign, encouraging firms to join the campaign and raise awareness of types of fraud risk. We have also used campaign assets to help lawyers and clients protect themselves from fraud.
“As part of our new transparency requirements we have amended our rules to make the use of the CLC Secure Badge mandatory on the websites of all CLC Practices. Following the introduction by the CLC of the badge a number of other frontline legal sector regulators are introducing similar schemes.
“The badge helps to protect customers by making it more difficult for fraudsters to imitate real law firms or create fake law firms. It also allows consumers to check the regulatory status of a firm they are considering instructing and leads them to the CLC website where they can find more information about how to raise complaints and seek redress
Whilst the majority of firms remain optimistic that they will avoid cyber attacks in the future, the increase in successful attacks should encourage all legal professionals to ensure they have a rigorous cyber security policy in place.
Is your firm concerned by the threat of cyber crime? Have you implemented a robust cyber certification to help prevent attacks?
