On the back of the Talk Talk cyber attack, it’s a timely reminder for law firms and other businesses to revisit their IT strategy, disaster recovery and of course fraud prevention processes.
Law firm partners and IT departments may believe that their firm is at minimal risk of such an attack; you may consider your firm to be relatively small compared to the giants of Talk Talk, but consider the client money held in bank accounts that you control. These levels of funds tend not to be insignificant.
Phone calls, letters, emails and texts from scammers can seem legitimate and convincing so it’s important to be vigilant and keep an eye out for anything suspicious. Be aware of the various and increasing ways in which scams can occur – phishing, vishing or via your firm’s software to name a few. Training and on-going education of your finance teams and cashiers should be high on agendas – the social aspect of these scams can be so effective that it often results in someone in the business who actually makes the transactions to the suspect’s account. In these cases, it is less likely that your bank will refund the money.
Consider a loss of funds from your firm’s client account – repercussions from breaches of SRA Accounts Rules, regulatory impacts, brand damage, not to mention having to fund the shortfall from the firm’s own money and management’s time swallowed up in rectifying the position.
Actions to undertake:
- Ensure your systems are robust.
- Ensure your teams are alert and aware of the increasing ways in which scams can occur.
- Ensure you continually review and test compliance with your own processes.