For many years now law firms have been targeted by cyber criminals mainly due to the large sums of money that are regularly transferred between accounts. Did you know that on average it takes a business 120 days to know that its data has been compromised?

An increasing threat

Cybercrime is an ever-increasing threat, with over 60% of law firms reporting an information security incident according to the National Cyber Security Centre. The NCSC now produces annual reports specifically addressing the cyber threat to the UK legal sector. This data shows that the trend of cybercriminals targeting law firms is not yet subsiding and this is mainly due to the amount of money that law firms handle and the sensitive information that is stored. Smaller law firms are also just as at risk as large ones.

The cyber security threats to law firms

Phishing

Unfortunately, cybercriminals tend to target law firms due to the fact that lawyers rely heavily on emails to manage cases and interact with clients. Hackers exploit the often vulnerabilities associated with emails by carrying out phishing scams. In fact, these are some of the most common types of attacks carried out on law firms. The Government estimates that there are 1,400 criminal organisations actively targeting the legal sector at any one time.

Those carrying out phishing attacks are aiming to extract confidential information such as usernames, passwords, and anything else that can be used to access sensitive data. Most of the time phishing emails will look like they come from a legitimate source, and they will ask for information to be inputted into a fake website or returned via email. As with most crimes, phishing scams are evolving and they often try to look like they have come from senior firm members, this is known as whaling.

Ransomware

Similar to phishing, ransomware scams usually involve emails. However, what sets them apart is that they often have an encrypted attachment added to the email, this blocks access to the victim’s data and locks the computer network until a ransom has been paid.

This can cause significant disruptions to the law firm, as they are unable to analyse documents or communicate with clients through the computer. It is important to make sure that firm members never click on any unknown links, websites, or attachments unless they know that they are safe.

Authorised push payment fraud

Scammers will dupe the victim into sending the money on their own. Often or not this type of cybercrime will be carried out via email, phone, or social media by tricking the individual into believing they are their bank, solicitor, or another professional requesting money.

Authorised push payment fraud is the fastest-growing cybercrime in the UK, with over £209 million being scammed in the last 6 months alone. Conveyancers are often a target due to the substantial amounts of sums being transferred daily and the fact that home movers are often under a lot of pressure to act quickly.

As a reputable law firm, we recommend advising clients to carefully check emails, including the sender address, header, footer, and for any obvious signs of spelling errors, and only ever send money if they are certain it’s genuine. It is important to make sure that they provide their bank details in writing at the beginning of the transaction and state that you will never ask for client bank details via emails. If a suspicious request for funds is made by telephone, the recipient should put the phone down, wait ten minutes, then call their solicitor to check, or preferably use a different phone.

How can your law firm protect itself from cybercriminals?

Staff are usually the weakest link when it comes to cybersecurity, this is because hackers create scams that play on our weaknesses. Continual training and vigilance can help to minimise such risks. Another way in which you can reduce the risk is through the use of a conveyancing case management software.

Here at Redbrick Solutions, our specialist conveyancing software helps law firms just like you stay protected and provide clients with outstanding customer service. Our software automates much of the process, removing the risk of error in duplicating data. Correct contact details for all parties are stored within the system, so you can quickly and easily check they are valid. A full audit trail and different levels of access for staff based on experience or seniority helps protect both the law firm and your clients. We also provide customers with free regular updates to ensure you have the latest and safest technology. There have been some major ransomware attacks that would have failed had the target companies kept their software updated.

Our secure document sharing portal uses the latest two-factor authentication so that you and your clients can have peace of mind knowing that their sensitive information cannot be intercepted by cybercriminals. You can quickly and easily choose which documents you wish to share via the portal and clients can access the portal to view via a notification. They are then able to simply download any completed document at a time that is convenient for them.

Find out more about our specialist conveyancing software here.