For all its awfulness, it’s clear there is never a time when conveyancing firms, and their clients, aren’t – at the very least – being considered by fraudsters as a potential target, or actively being probed for areas of weakness, particularly from a cyber point of view.
That will not be anything new to conveyancing firms who have clearly had to accept that, due to the sums of money involved in the property buying and selling process, they are always likely to be pursued by criminals because of their handling of this money.
Just recently, research from Indusface, revealed that almost two-thirds of all law firms have been the victims of a cyber breach, yet they argue 35% don’t have a cyber mitigation plan in place, and argue that 73% of all UK employees say they haven’t had any cyber security training in the last 12 months.
Whether those figures would stack up for the conveyancing profession remains doubtful, but there’s no argument that a severe threat always exists, not just for firms themselves but clearly consumers.
Lloyd’s Bank figures from earlier in the year suggested that the number of conveyancing scams had increased by 29% year-on-year, with the hacking of client emails being a huge part of this, with many fraudsters still able to convince people to send their property deposits to a bank account different to that of the firm.
Now, within the conveyancing sector, we have put in place a number of measures designed to outline this threat to clients, to assure them that bank account details won’t be changed, to check first before sending any money, to only send a small amount, etc, but there is clearly a gap that can still be infiltrated by fraudsters, especially when emails are hacked, where they can find personal information and where they can purport to be the conveyancer in email messages.
Certainly, I would point firms in the direction of the CA’s Cyber Fraud and Fraud Protocol which outlines the various methods that fraudsters can use, and to avail themselves of this info, in order to be able to highlight the threats that can exist to clients and how they can be aware of them and protect themselves.
That is a serious part of fraud prevention, but there is also another side in terms of protecting the firm itself from being the victim of fraud, either accessing confidential client information to be used against them, or indeed hacking into systems/processes/bank account details which can result in significant disruption and/or financial loss.
To that end, and to combat the obvious threat that exists, it’s clearly important for conveyancing firms to keep up to date with all the fraud-fighting support, resource and information that is currently available.
As you would hopefully know, the CA works very closely with the National Cyber Security Centre (NCSC) and not only does it regularly review our own Cyber and Fraud Protocol which gives firms a range of information to incorporate into systems and processes, but it has recently published a range of new security tips specifically for barristers, solicitors and legal professionals.
You can find that information here, however for a high-level appraisal of what you can do at your firm, focus on: creating and testing backups of data; keeping software updated; turning on encryption; using strong passwords and two-step verification; controlling access to your firm’s devices; turning on your firewall; limiting the number of administrators; turning on antivirus software; ensuring lost or stolen devices can be tracked/locked or wiped; auditing and reviewing privacy permissions; plus being aware of what you can do if you fall foul of a cyber attack.
Now, I fully expect conveyancing firms to be on top of all of these aspects, however it never hurts to keep refreshing your knowledge in this area, to review what you do have in place, and to understand the new and varied ways that some fraudsters are pursuing in order to attack what they might see as the ‘weak edges’ of your business, and importantly, those of your clients.
For example, you might feel you have the strongest possible protections in place, however, as we’ve highlighted above, when it comes to those that your client might have, and be adhering to, can you honestly say they will be anywhere near what you might have in place as a corporate entity?
So, fraud prevention is effectively two-pronged; protecting the firm and protecting the client – particularly difficult in the social media age and when email/text/message communication is so prevalent and, unfortunately, can often be easily accessed and intercepted.
It’s always a good idea to keep your business and staff up to date with fraud ‘trends’ and recent ‘successful’ attacks and the ways they can be combatted and protected against, and it is vital your clients are also aware of the threat that exists, the reasons behind this, and why they could also be targeted. We will be covering this topic in some depth at our next All-Members meeting taking place in London on the 5th December if you’d like more information.
We know that the threat will probably never diminish, but with the right plans in place, the chances of it working can be significantly reduced.
Beth Rudolf is Director of Delivery at the Conveyancing Association (CA)
One Response
How about the Conveyancing Association gets off the “digtisation” bandwagon which will surely help more fraudsters provide fake documentation to sell properties that do not legally belong to them