Legal Regulator Emphasises The Increasing Risk Of Email Fraud
The SRA recently highlighted the inherent threat email fraud poses to a law firm, commenting that the vast majority of Cyber Attacks reported to them involve email compromise.
After highlighting that everybody is now 20 times more likely to be a victim of Cyber Crime than a victim of a physical crime, Debra Malpas, Head of Research and Analysis at the SRA, stated: “By far the most common cyber crime reports we receive are about email fraud. Either by accessing the firms account, or impersonating a client or other firm.”
During the SRA led presentation, Debra further commented that in many cases insurers are reluctant to pay out in where a user has clicked on a link or where email services haven’t properly been protected. Failing to ensure your employees are made aware of the risks, could mean your law firm is exposed financially and reputationally.
Emails however, remain a vital communication tool within a law firm. This puts firms under increasing pressure to mitigate the risks associated with sending emails.
So what can a law firm do to protect its email infrastructure?
Guidance from the NCSC suggests that there is no single solution to email security and that firms should take a multi-layer approach to protecting emails. If one layer of defence is breached, there are additional layers of security that still offer protection.
These layers include implementation of the DMARC protocol on your domain. This stops a cyber criminal from using your own domain to send a perfectly legitimate looking email to one of your staff pretending to be a senior member of the firm.
Additionally, email screening tools are available, which help to highlight to your users red flags and warning signals often found in Phishing emails.
Beneath all of the technological defence layers against phishing should be a comprehensive staff training program. According to a recent government report – Cyber Security Breaches Report 2019 – only 27% of UK businesses are actively training their staff to avoid data breaches by spotting the warning signs and obvious red flags.
Whilst this represented a 7% increase on the previous year, it highlights an area of development that could leave many law firms and businesses vulnerable to human error.
It’s staff who will ultimately take the decision to click on the link or enter their password. Creating a cyber aware culture within your organisation, through training and repeated messaging, could influence that one key member of staff not to download the fine that compromises the organisation.
Has your firm implemented DMARC protocols on your domain? Have you ensured that a robust training process is in place to mitigate the risk employees pose to cyber security?