Cyber Security Month Highlights the Modern Challenges Facing Law Firms

As you are all probably aware, October has marked National Cyber Security Awareness Month, an annual campaign to raise awareness about cyber security.

With the month now coming to a close, here are some of the initiatives different organisations have had in place, and some things we think you should all be aware of.

BLG Bulletin includes scam emails “doing the rounds”

Notifications about fraudulent emails circulating in the legal sector have been featured in the BLG Bulletin; ranging from specific details of scam emails “doing the rounds”, to SRA Alerts about emails misusing the names of individual law firms.

Today’s Conveyancer have also exposed the risk of email fraud in a recent article, referencing an October episode of BBC’s Rip Off Britain which covered two cases of large sums of money relating to property transactions being lost through email scams.

You can read the full article and link through the BBC recording here

More solicitors are adding cyber security messages to their email signatures

Solicitors are taking steps to protect themselves however, and we’re seeing an increasing number adding cyber security messages to their email signatures.

For example:

CYBERCRIME WARNING: We do not notify changes to our bank account details by email. If you receive any communication purporting to be from us, suggesting that the firm’s bank account details have changed, you should contact us via the number on our website or headed notepaper.

While surprisingly simple, such a warning on all employees’ signatures can alert clients that they need to be on their guard. It can also act as a visual cue if it is missing from any correspondence your clients receive, prompting them to alert you of suspicious activity.

For example, we recently heard about a large commercial law firm which successfully intercepted an attempt at digital fraud, because the typical signature wasn’t there. This was triggered by a client query and prevented fraud on a large industry transaction.

5.8 million incidents of fraud and computer misuse experienced by adults

The issue of cyber security extends far beyond the legal sector.

Crime Survey for England and Wales (CSEW) has estimated that 5.8 million incidents of fraud and computer misuse were experienced by adults aged 16 and over in England and Wales for the year ending March 2016.

Cyber Europe 2016 marked the most comprehensive cyber-security exercise to date

While some individual organisations are already putting precautions in place, far bigger steps are also being taken to find a solution.

The 13th and 14th October saw the conclusion of Cyber Europe 2016 (CE2016), the largest and most comprehensive EU cyber-security exercise to date.

This large-scale distributed technical and operational exercise started in April 2016, and offered the opportunity for cybersecurity professionals across Europe to analyse complex, innovative and realistic cybersecurity incidents.

Google marked Cyber Security Month with a 2-minute Security Check-Up

In the same week (on 13th October), Google marked Cyber Security Month with a 2-minute Security Check-Up.

This appeared on their homepage:

The Check-Up asked users to review the following 4 security settings:
• Check your recovery information – This information is vital, it helps Google to be in touch with for your password recovery or if there’s unusual activity.
• Check your connected devices – Review the devices connected to your Google Account.
• Check your account permissions – Review the apps, websites, and devices connected to your Google Account.
• Check your app passwords – Review apps password (passwords for apps that don’t use 2-Step Verification).

Organisations of all sizes are rising to the challenge

National Cyber Security Awareness Month has brought many real threats to the forefront of people’s minds, and while it remains an ongoing battle, what is clear is that organisations of all sizes are beginning to rise to the challenge.

Is it time you did more to protect your firm?

Blog
Cyber Security : Key Terms and Jargon

Blog
‘Trust me, I’m a lawyer’ – the risks of bogus law firms