The rise of cyber-criminal threat for law firms since Covid-19

The rise of cyber-criminal threat for law firms since Covid-19

The global coronavirus pandemic, and the rise in people working from home, has unfortunately provoked a growth in cyber-crime. The UK Government estimates that the cost of cyber-crime is £27bn per annum.

The legal sector handles sensitive data and large financial transactions, which makes it an attractive target for cyber criminals, who are constantly looking for new ways to exploit any situation they can. In September 2020, the Solicitors Regulation Authority (SRA) published its review of firms who had suffered cyber-security breaches and found that the results ‘were often catastrophic’.  In addition to the money stolen, law firms incurred additional costs in higher insurance premiums, lost time and damaged client relationships.

The SRA publishes recent scam alerts on their website, so that we can all see what to look out for. It also presents a Scams Round-up as an overview of current scam activity.

Cyber-security steps you can implement now

The repercussions of cyber-attacks can be devastating for both clients and law firms, who may never recover their business reputation. It has never been more important to ensure that protective measures are in place. A practised and well communicated Incident Response Action Plan (IRAP) can help everyone to understand their role in a crisis and minimise the inevitable impact. This plan should include:

  • Initial steps to secure the situation
  • A PR/communication plan to stakeholders, clients and third parties
  • Maintaining a contemporaneous document tracking the situation, essential facts as discovered, key decisions and resulting actions
  • Lessons learned and future protection plans

There are accrediations that can also help, like Cyber Essentials Plus,a Government backed scheme., which will demonstrate to your stakeholders that you take cyber-security seriously.

With some planning, training and the right technology in place, law firms can reduce risk and be confident that if a breach happens, they know how to respond to it and have everything they need in place.

Here are some questions that can help provide a snapshot of where your business is now:

  • What are the current cyber-crime risks for property professionals and law firms?
  • How up-to-date are your current cyber security policies?
  • Are there any new or emerging cyber risks to be aware of and consider addresing?
  • Do your IT systems have suitable backup, network and systems protection in place to support diagnostics and remedy in the event of any concern
  • Do you have the expertise in–house to deal with cyber-security, or do you need to outsource to experts and have them pre-prepared should you ever need them?

You could choose to put together a strategy based on these suggestions:

  • It doesn’t matter how big or small your company is, plan as if you expect to be attacked. It could happen to anyone.
  • Enforce a strong password protocol. For example, insist that passwords are a good length (minimum 12 characters, more is better), follow the latest advice on making up passwords – for instance by adding together 3 words to make them easier to use, mixing in capitals or numbers.
  • Back up your data frequently and in different locations (on and offline) in response to a ransomware attack.  Remember to validate the backups from time to time.
  • Be aware of the latest phishing scams, which can happen via email, phone and text.  Remember that some 80% of attacks are via phishing.
  • Put a mobile working policy in place: Make sure staff who are not office-based understand company policies and procedures to stop sensitive information being lost, stolen or compromised.  Seriously consider making a VPN your standard remote access method.
  • Make sure the personal information of all staff and customers is securely protected and you are certain your Data Protection Impact Analysis (DPIA) is up to date.
  • Invest in staff training: Ensure staff know about different types of cyber-attacks and know the procedure to report a suspected attack.
  • Finally, get expert advice. If you don’t have your own cyber-security staff, it’s essential to use experts and find a suitable technology partner.

You can find out more from the National Cyber Security Centre. They have put together a collection of resources to help companies protect themselves from cyber-crime.

SearchFlow regards cyber-security as a vital part of any business. We’ve put together a handy list of key questions to help you examine the current state of your cyber-security – download it below.

SF Cyber Security Checklist_SEP21


This article was submitted to be published by Searchflow as part of their advertising agreement with Today’s Conveyancer. The views expressed in this article are those of the submitter and not those of Today’s Conveyancer.



SearchFlow is the UK’s largest provider of legal due diligence data for residential and commercial property transactions. Since its formation, it has supported over 5,000,000 instructions and delivered 26,000,000 searches; this equates to around 1 in every 4 property transactions in the UK.

SearchFlow recognises that proactively supporting each client’s journey is vital to delivering the right due diligence insights, searches, data, surveys and insurance for every transaction – whether a single residential property or a complex commercial portfolio. Via its advanced online ordering platform and backed-up by an award-winning customer service team, SearchFlow supports clients in delivering the conveyancing solutions needed to manage due diligence risk and achieve compliance.

By partnering with SearchFlow, property law professionals in the UK can deliver smarter, safer, and faster property transactions to their customers.

Based in Kent, SearchFlow is a Landmark Information Group business, which is part of DMGT plc.

Visit for more information or follow via social media for regular updates:



Key Services


42 Kings Hill Avenue
Kings Hill
West Malling
ME19 4AJ

Key Contact 

Name: Tracy Burtwell
Tel: 0800 977 8818
Email: [email protected]
LinkedIn: Tracy Burtwell

Leave a Reply

Your email address will not be published.