According to a report last year on fraud and cybercrime vulnerabilities in the legal sector, the majority of 200 top law firms are unprepared and so susceptible to cyber-attacks. Crowe, KYND and University of Portsmouth’s Centre for Counter Fraud Studies carried out the research in the first half of 2019 to reveal how exposed the legal sector is to cybercrime. The key findings of the research highlighted the following:
- 91% of firms had been exposed to email spoofing which can result in exposure to malware and ransomware and phishing of employees and clients.
- 80.5% of firms’ services had vulnerabilities, such as their email server or webserver which could be exploited by hackers.
- 21% of firms were using at least one service that had out of date software – putting their business operations at risk and possible service failure.
- 23% of firms possessed at least one security certificate which had expired, been withdrawn or could not be trusted – which represents a significant risk to business continuity and reputation.
- 79% of firms held at least one domain registered to an individual email address which could threaten the stability of the business and domain rights.
Over the last few years, law firms have been losing money at an increasing rate due to cybercrime. In 2016 the SRA reported that £9.4m of client money was lost through cybercrime a figure which increased to £10.7m in 2017. The SRA has highlighted cybercrime as one of the nine challenging key risk areas in its’ Risk Outlook 2019/20.
The size of the firm is mostly irrelevant to cyber criminals since all firms hold highly valuable sensitive data and client money. The data includes personal, business and commercial information obtained through conveyancing transactions, Wills, probate, and divorce matters. With fraud and cybercrime ever increasing, UK legal firms need to continually keep pace with the evolution of cyber threats and maintain effective cyber security. Due to the changing nature of cyber-attacks, law firms need to remain vigilant. It is important to develop and maintain a culture focusing on cyber security.
It is not only law firms who are vulnerable to cyber-attacks, Local Councils across the UK are also facing increasing numbers of cyber-attacks, with nearly half (49%) of local councils being targeted since the start of 2017, according to Gallagher Insurance. Councils report being hit by more than 263 million cyber-attacks in the first half of 2019. The average successful cyber-attack on a council results in costs of £430,000. Freedom of information (FOI) requests by Gallagher found that out of the 203 councils that responded, 101 had experienced an attempted cyber-attack on their IT systems since 2017. More than a third of these local authorities had experienced cyber-attacks in the first half of this year. Since the beginning of 2017, 17 attacks were reported to have resulted in a loss of data or money, with one council reporting a loss of over £2 million.
Tim Devine, Managing Director of Public Sector & Education at Gallagher, said: “Our research illustrates the scale of the challenge facing local authorities in the UK. Councils are facing an unprecedented number of cyber-attacks on daily basis. While the majority of these are fended off, it only takes one to get through to cause a significant financial deficit, a cost which the tax-payer will ultimately foot. Costs and reputational damage at this scale can be devastating for public authorities, many of which are already facing stretched budgets.”
The Government backed Cyber Essentials scheme is one-way firms can help to guard against the most common cyber threats and demonstrate commitment to cyber security. Firms should have Cyber Essentials accreditation as a minimum to ensure up-to-date cyber defences. Redbrick Solutions is working towards Cyber Essentials Plus accreditation and Redbrick Solutions use the very latest technology to make the conveyancing process as efficient and secure as possible. We take a serious stance on fraud in order to offer as much protection to our clients as possible. Our document sharing portal has the highest level of security available using two-part authentication. This enables you to share sensitive data, such as bank details, with your client whilst removing the risk of email interception and fraud. Redbrick Solutions also provide full identity checks. All of our AML/ID checks are fully compliant with the FCA, HMRC and SRA. You can also choose to accept proof of ID electronically via our secure portal and make use of electronic signatures should you wish.