Leading Law Firms Exposed To Fraud And Cybercrime
The majority of 200 leading law firms are completely unprepared and susceptible to cyber attacks, according to a 2019 report on fraud and cyber crime vulnerabilities in the legal sector.
Crowe, KYND and University of Portsmouth’s Centre for Counter Fraud Studies commenced research in spring this year to reveal how vulnerable the legal sector is to cyber crime.
Over the last few years, law firms are increasingly losing money through cybercrime at a fast pace. In 2016 the SRA reported that £9.4m of client money was lost, which increased to £10.7 in 2017.
The National Cyber Security Centre’s Legal Threat Report found that 60% of law firms in the UK reported experiencing an attack in 2017, up from 42% in 2013.
The Solicitors Regulation Authority deemed cyber crime to be one of the greatest threats a law firm will face in 2019/20 after highlighting it as one of its nine challenging key risks in their Risk Outlook 2019/20.
In the opening six months of 2019, law firms reported that £731,250 worth of client money was lost to cyber crime. The threat is real, and firms need to continually address their cyber resilience.
The key findings of the research highlighted the following:
- 91% of firms had been exposed to email spoofing which can result in exposure to malware and ransomware and phishing of employees and clients.
- 80.5% of firms’ services had vulnerabilities, such as their email server or webserver which could be exploited by hackers – and will put them at a high risk of being attacked by cybercriminals because of their well-known vulnerabilities
- 21% of firms were using at least one service that had out of date software – putting their business operations at risk and possible service failure
- 23% of firms possessed at least one security certificate which had expired, been withdrawn or could not be trusted – which represents a significant risk to business continuity and reputation
- 79% of firms held at least one domain registered to an individual email address which could threaten the stability of the business and domain rights
Whether a firm is large or small is irrelevant to a fraudster, as generally, firms attract cybercriminals because they hold large amounts of client money and sensitive data which is highly valuable. These often include personal, business and commercial information which can be obtained through conveyancing transactions, Wills, probate, and divorce.
With fraud and cyber crime ever-present and ferociously sweeping across the country preying on businesses’ vulnerabilities, UK legal firms need to continually keep pace with the evolution of cyber threats and maintain an effective cyber security.
As the cyber landscape is changing all the time it makes it extremely difficult for law firms to know what types of cyber attacks they should remain vigilant too. That is why it’s important to create a cyber culture from the top-down and encourage everyone to be cyber security aware as you never know when cyber criminals will strike next – to ensure your cyber defences are always ready.