The risks posed by cyber interception of emails is, without doubt, growing. With around 1 in 4 legal firms targeted and a success rate of 10%, significant sums of money are at risk, not to mention the inconvenience of a failed move and the reputational damage to firms who rely on trust to thrive.
The regulatory bodies advise against using email but have come up with no convenient, cost effective and safe alternative.
Tony Neate, chief executive of Government-backed anti-fraud agency Get Safe Online suggested to a well known national newspaper that payment instructions should be made by telephone: –
“You don’t hear of fraud occurring because someone has overheard a phone conversation.”
Steve Proffitt, Action Fraud’s deputy head supported the idea: –
“If you receive an email which tells you that a person or company’s bank details have changed, you must phone to verify it. Preferably talk to the solicitor whose voice you recognise.”
With great respect to both these gentlemen, their suggestions are hardly robust.
A busy conveyancing solicitor dedicates huge resources to answering client queries on a normal day. Expecting to ring, get through to someone who has access to confidential information (how many people should that be?) on “completion Friday” is somewhat fanciful Mr. Proffitt.
Expecting a telephone exchange of bank details and their subsequent transcription from paper to a practice management system to be 100% efficient is also hardly robust Mr. Neate, without thinking about the potential for a fraudster calling into a property buyer or seller, pretending to be a solicitor and scamming personal details or worse.
We would suggest a fundamental shift in thinking; John Marsden, one of Equifax’s identity and fraud expert pointed out that:
“Your high street solicitor will be far less protected than your bank. Not only are their systems more insecure but they are less likely to send encrypted communications. Your details are not safe.”
Fundamentally the information should be out of their offices all together. Storing the information behind military level security which is routinely tested by GCHQ would make it as safe as is possible.
Fundamentally transmitting that information outside of that secure environment (by email or telephone) is unsafe. Providing approved or invited users to view or edit that information using bank grade security protocols would make it as safe as is possible.
This simple to set up solution is available today and using it is as easy to use as email.
Take a look at our simple steps to avoiding Email Interception Fraud here>