The SRA Risk Outlook 2018/19
Today the SRA have released their Risk Outlook 2018/19.
They have included two new priority risks this year:
1. Managing claims
‘We are increasingly concerned about the practises of some firms that offer personal injury work, including holiday sickness claims. Similarly, some firms bringing payment protection insurance claims may not always be meeting the high standards we expect.’ SRA Risk Outlook 18/19 page 4
2. Cyber security
‘Cyber security has always featured in the Risk Outlook as a consideration when protecting people’s information and money. But we recognise that this is of increasing concern to the profession, so we have set it out as a separate risk. We have worked with the National Cyber Security Centre to provide you with top tips on keeping cyber-safe.’ SRA Risk Outlook 18/19 page 4
What stands out from the above that’s particularly relevant to wills & probate practitioners is the focus on risks associated with cyber security.
The Risk Outlook has again highlighted risks such as:
- Email modification fraud
- Phishing and vishing
- CEO fraud
- Identity theft
It’s worth noting that three out of the 5 points above are forms of email impersonation. This is now more important than ever, with the total amount of client monies reported to have been lost as a result of cybercrime in 2017 at £10.7m.
Within the wills and probate industry, there seems to always be a focus on financial loss as a result of these frauds however criminals can just as easily use these methods to gain confidential data, whether that of a client or a firm’s own employees. Email impersonation is also a key method of criminals encouraging recipients to click on links or download files that result in malware attacks. It’s worth asking ourselves if we’re putting in adequate mechanisms and procedures to combat these types of attacks as well as just those targeting your or client monies.
What are wills and probate practitioners doing to try and combat these attacks?
The SRA recommends the following in regards to preventing email modification fraud
‘…make sure everyone in the firm knows how to recognise the signs of email modification fraud and common phishing scams’
When the practice of email impersonation has now evolved the point where criminals are easily able to hijack firm’s exact emails addresses, which are not able to be identified as fraudulent by the recipient via checking the domain alone, it’s hard to see how this training alone is adequate enough protection.
There are ways of preventing criminals in hijacking a firm’s exact email address, with one solution being implementing the DMARC email protocol on your email domain, however a recent report https://www.lawyerchecker.co.uk/media/1117/lc-ondmarc-law-firms-industry-report.pdf indicated that only 1 law firm out of the top 100 firms in the UK had this implemented.
As a wills and probate practitioner, are you..
- worried about email modification fraud?
- considering it a key risk to your practice?
- only considering it a threat to loss of client monies?
- happy relying on just staff training alone to prevent this?
We’d be interested to know your thoughts on the above questions. Please comment below or email: [email protected]