Conveyancing Association updates cybercrime protocol
Trade body chair wants more firms to meet required standard
The Conveyancing Association has updated its cyberfraud and fraud protocol to help its members combat the latest online threats.
Launched in May, firms who have adopted and adhered to the protocol have been certified as ‘cyber safe’. However, the latest version of the protocol provides new information on how firms can protect themselves against ‘spear phishing’, which targets potentially high-net-worth individuals by email to misdirect funds.
Those firms already signed up to the ‘cyber safe’ standard have a three-month transition period to review the changes which include further recommendations on the prevention of cloning of firms and how to comply with their obligation to clients while taking a robust anti-fraud approach.
The CA has urged its member firms to follow the protocol and achieve accreditation as soon as possible to mitigate the risk of cybercriminals using ‘unsophisticated techniques’.
Beth Rudolf, director of delivery at the Conveyancing Association, commented: ‘It’s our aim to ensure we offer our “cyber safe” members tangible support and advice on how they can counter such activities – this latest version of the protocol does just that in a number of areas.’
Rudolf said the protocol will be reviewed regularly throughout 2017 to decide on new iterations based on feedback from cyber experts and developments in fraud protection. She is also hoping for more firms to meet the protocol requirements.
‘We have been encouraged by the feedback received from CA firms and the growing number that are committing to the implementation of the Protocol,’ she said. ‘It’s our hope that throughout next year we will be able to announce many more CA firms as being “cyber safe” as the more firms who meet these standards, the more protection for all involved in the conveyancing transaction.’
A pre-requisite for firms to meet the standard is to be certified under the cyber essentials scheme for IT security. The scheme focuses on internet-originated attacks against an organisation’s IT system and concentrates on five key controls: boundary firewalls and internet gateways; secure configuration; access control; malware protection; and patch management.
This month the Solicitors Regulation Authority’s latest report on IT security revealed that cyberattacks against conveyancing transactions by so-called ‘Friday afternoon fraudsters’ was the most common cybercrime.
The regulator is also considering altering minimum professional indemnity insurance cover requirements after it found that between 2004 and 2014 conveyancing accounted for the largest amount of claims under solicitors’ PII policies.
Matthew Rogers is a reporter at Solicitors Journal