SRA Talks About Email Compromise At LegalEx

During a presentation about cyber crime yesterday at the LegalEx Conference two-day event, the SRA highlighted, again, that the vast majority of cyber attacks reported to them involve email compromise.

After highlighting that everybody is now 20 times more likely to be a victim of cyber crime than a victim of in-person crime, Debra Malpas, head of research and analysis at the SRA, stated ‘By far the most common cyber crime reports we receive are about email fraud. Either by accessing the firms account, or impersonating a client or other firm’. Debra also went on to point out that quite often, insurers won’t pay out in cases where a user has clicked on a link or where email services haven’t properly been protected. Email, however, still remains a vital communications tool. This puts firms under increasing pressure to mitigate the risks associated with sending emails.

So, what can a law firm do to protect its email infrastructure?

Guidance from the NCSC suggests that there is no single solution to email security and that firms should take a multi-layer approach to protecting emails. The theory being that if one layer of defence is breached, there are additional layers of security that still offer protection.

These layers include implementation of the DMARC protocol on your domain. This stops a cyber criminal from using your own domain to send a perfectly legitimate looking email to one of your staff pretending to be you. Email screening tools are available, which help to highlight to your users red flags and warning signals often found in Phishing emails.

Beneath all of the technological defence layers against phishing, should be a comprehensive staff training program. Its staff who will ultimately take the decision to click on the link or enter their password. Creating a cyber aware culture within your organisation through training and repeated messaging could influence that one key member of staff not to download the file that compromises the organisation.