When cybercriminals hit the property industry, they can do a serious amount of damage – not only to the business but also to consumer confidence. And it is clear to see that cybercrime is on the rise, with attacks and data breaches often making headline news. However, it is beyond the headlines where the long cleanup operation occurs where conveyancers begin to understand the true challenges of recovering from a breach.
Indeed, details are only now emerging about the infamous cyberattack against the UK’s Simplify Group that occurred in 2021. This serves not only as an example of a conveyancing firm that saw catastrophic damage from a data breach, but also illustrates just how long it can take to understand the outcome of a cyberattack against a business.
During the attack, thousands of property transactions stalled, likely costing the business a significant amount of money. Worse is the fact that personal data was stolen during the attack, causing headaches and problems for customers.
So, how exactly did conveyancers become the cybercriminals’ favourite new target? And what can conveyancing businesses do to protect themselves against future attacks? In this article, we take a look.
High-value transactions
There can be no doubt that one of the key elements that attract cybercriminals to conveyancing and the property industry is the fact that they deal with high-value transactions. If a criminal can intercept an ecommerce transaction, the financial reward might stretch to hundreds. If they can intercept an industrial transaction, it might be thousands. But if they can intercept a deposit payment on a large property, this could see them steal tens or even hundreds of thousands.
Of course, not all cybercriminals directly target financial transactions – but the fact that conveyancers are dealing with some of the largest and most expensive transactions means they can be targeted.
One strategy of cybercriminals is the man-in-the-email attack, where a criminal is able to gain access to a conveyancer’s email account. They can then impersonate the conveyancer and request payment to their own bank account – by the time anyone realises what has happened, the criminal has moved the money on.
Personal data
It is also important to say that when cybercriminals aren’t targeting money, they tend to be targeting data. However, conveyancers also deal with a large amount of personal data. This makes them an ideal target from both perspectives, so it really isn’t hard to understand why they have become such an interesting proposition for criminals.
Data breaches, like the one that affected the Simplify Group mentioned above, are not only a problem for a conveyancing business because they lose data and the trust of their customers – but they can also fall foul of data privacy laws.
Regulations like the UK GDPR put an onus on businesses to keep customer data secure. Losing data and failing to inform customers can lead companies to face extremely heavy fines.
The rise of home working
Many more conveyancers work remotely than ever before. The rise of working from home has offered many benefits to companies including conveyancers. However, it has brought problems for cybersecurity too. As specialists Redscan stated:
“not only does remote working massively increase the surface of attack, it also renders many traditional controls, designed to protect workers inside the confines of a traditional network, ineffective.”
Home workers are much more likely to use devices that lack powerful cybersecurity protections – they may also be less stringent with cybersecurity at home. So, we not only have a situation where conveyancers are valuable targets for criminals, but they have also opened themselves up to make it easier for them to be exploited.
Cybercriminals want easy targets
Some conveyancers assume that cybercrime is something that will never happen to them. They presume that cybercriminals would be more likely to target a larger organisation that deals with more transactions and more money. However, it is important to understand that the majority of cybercriminals are looking for easy targets.
Cybercriminals like to target small businesses because they are less likely to have cybersecurity protections in place. Remember that they may well be targeting multiple businesses at once, and it will only be a small percentage who make the mistakes and find themselves the victim of cybercrime.
It is essential that you assume your business could be attacked, and as such, it forces you to take precautionary measures to minimise the risk to your company.
What conveyancers can do to protect themselves
Whilst earlier this year the Law Society issued revised guidance in relation to the purchase of cyber insurance, there are many other ways that conveyancers can protect themselves day to day against cybercrime, even if they don’t have the kind of security budget of larger organisations.
For example, knowledge is power when it comes to cybercrime, and the vast majority of hacks and breaches occur because members of staff made a mistake. As such, it is extremely valuable to invest in staff training. Staff cybersecurity training should take place on a regular basis (a one-off induction isn’t enough) – doing so allows you to keep everyone informed of the latest threats and types of attacks.
Another potential option for smaller conveyancing businesses that cannot necessarily afford an in-house security team is outsourcing. Working with a cybersecurity company can allow you to get the kind of powerful security measures in place without overspending.
