This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Sign Up for our Free Newsletter
Solictors Journal logoSolictors Journal logo
Jean-Yves Gilg

Editor, Solicitors Journal

Protect against email fraud

News
Share:
Protect against email fraud

By

Firms should encrypt client communication to cut the risk of fraudsters intercepting emails, advises Alison Jackson

‘Solicitors and their clients are the targets of a new wave of fraud’ according to the Sunday Times of 15 February 2015. The article ‘Who really sent that email?’ highlights the increasingly sophisticated tactics used by con artists to delete, intercept and impersonate law firms’ emails to steal money. Banks are increasingly taking a hard line, saying that they cannot be held responsible for the lack of security on client email accounts, and this is a problem that is on the rise. The number of scam alerts issued by the SRA relating to emails is already almost double that of last year, so what should firms be doing to protect themselves and their clients from fraudsters?

The Information Commissioner’s Office (ICO) has already said that sensitive personal data should not be transmitted by email unless it is encrypted to current standards, but many professional firms, including solicitors and independent financial advisers, are still not encrypting email communication. Best practice advice from the ICO recommends: “Protection cannot be left to chance and it is no longer enough to do only the bare minimum necessary to comply with the law: proper safeguards have to be built in from the first principles, not bolted on inadequately as an afterthought.”

New EU data protection regulations are to be introduced this year, and the prognosis is for tougher sanctions with fines of up to 2 per cent of turnover. This could have a significant impact on firms that make mistakes.

Secure client communication One option is to not use email at all and instead use a secure portal for document exchange, which encrypts every item of data going back and forth to the highest levels, as used by the FBI, governments and banks. Not only is the data encrypted during transmission, but all files and data are encrypted in storage in the cloud, making it impossible for hackers to penetrate.

Like solicitors, accountants are bound by a duty of client confidentiality, and they are increasingly turning to portals to ensure all electronic communication is secure. The accountancy firm Connollys Accountants installed an electronic document management and portal solution in response to growing security issues. Declan Connolly, the managing partner, said: “We used to send returns by email but with the tightening of the data protection laws, we considered it vital for the practice to implement portals to ensure all information is encrypted to the highest levels and there is no possibility that our client’s confidential financial information can fall into the wrong hands.”

Use of a portal guarantees that both the firm’s and clients’ documents are completely secure, with full traceability, audit trail and compliance. Documents are securely uploaded to the cloud, and an email notification is sent to the client advising them that there is a document for their attention. They can then access and view the documents via the portal website.

With fraudsters constantly on the lookout for ways of intercepting and impersonating firms’ emails, the securing of client communication cannot be left to chance. SJ

Alison Jackson is director of document management software developer Lindenhouse Software

@LindenhouseDMS