This guest blog is by Norman Denton, Senior Associate and Compliance Consultant at Legal Eye.
The Legal Sector and Cybercrime
Latest figures suggest that 69% of UK companies were hit by cybercrime in 2014. So what can the legal sector do to protect itself?
Increasing attractiveness of the sector….
The legal sector, like many others, places ever greater reliance on processing power for efficiencies and differentiation.
As the conveyancing market recovers, the volume of money pumped around the electronic banking system becomes more attractive to the unscrupulous. Picking off just a few transactions will easily amass a 6 or 7 figure sum!
Ranged against businesses are a variety of threats, but cyber-attack is rising. As a sector, we are facing unprecedented levels of attack from individuals and others, intent on a range of damaging raids – be it intercepting client funds, gaining access to confidential information, or simply to highlight shortcomings in the sector’s defences.
Regulators turning up the heat..….
To counter these threats, Regulators are increasing the pressure on the regulated:
- The SRA recently issued a guidance note, warning of your very real accountability if clients suffer financial loss, alongside numerous scam alerts and extensive coverage in informative publications like the Risk Outlook, Spiders in the Web and In the Shadows;
- The ICO threatens to make examples in the sector in a sad, and often not unfounded, belief that many firms are unable to cope with the protection of paper files, let alone the complexities of cybercrime and espionage – you are seen as the weakest link; and
- Lexcel Version 6, arriving this month, introduces new procedural requirements including managing user accounts, detecting and removing malicious software and training for staff on data security.
This won’t go away anytime soon and you could be, or have already been, the next unsuspecting victim, since sometimes you won’t even be aware of an attack.
Cybercrime brings reputational damage, significant distractions and potentially heavy fines to destabilise your business, especially if your security procedures don’t measure up.
Clients on the street make damaging headlines. Whether a lender’s mortgage is involved or not, your position on lender panels will evaporate within hours!
Strengthen your defences, before it’s too late!
For starters, download the SRA publications and information on the Governments Cyber Essentials scheme launched in June 2014. Have a good read. Revisit your risk assessments and make sure you have a manageable plan to include:
- Ensuring you install the latest Virus, Firewall and Malware protection with regular updates. Replace obsolete software such as Windows XP and Windows Server 2003.
- Revisit procedures for strong passwords, remote access, laptops, tablets, memory sticks and their security in use and off premises. Do you still need these devices?
- Consider encryption for those devices and particularly the most confidential of emails – there are some effective low cost solutions around.
- Enforce external download policies – malware comes in a variety of attachments, including job applicant CVs, so ensure staff only download material from a reputable source and after checking for viruses and malware.
- Be alert to the other side and the potential they might not be who they say they are. What precautions will you enforce amongst your team to satisfactorily identify the Vendor firm?
- Ensure that staff recognise the dangers and remain alert to dealing with emerging risks such as the current crop of requests for bank details and banking passwords, particularly at busy periods.
- Protect your own organisational ID, so quickly close user accounts for those that leave the firm. Manage your outsourced IT resource and their access into your systems. Monitor your appearance online – has it been tampered with such as phone numbers altered, names added?