We recently had the pleasure of hosting a fraud and cybercrime webinar with expert barrister Adam Richardson of 1 Essex Court.
The session was very interesting, enlightening and practical. And to be honest, quite scary in parts – although Adam was at pains to stress he wasn’t trying to scare-monger.
Context – fraud and cybercrime at an industrial scale
Law Firms are constantly under attack. Two weeks ago Premier Property Lawyers, and other conveyancing firms in the Simplify Group, had their systems compromised.
This hack alone has caused chaos to thousands of property transactions, putting many completions in jeopardy.
And it’s just the latest in a string of cyber attacks of law firms.
These incidents give rise to technical and regulatory issues with the SRA, ICO and law enforcement. Not to mention the huge issue of dealing with all of the clients. Quite a horrific situation for all involved.
What follows is an overview of the rest of Adam’s talk. COLP Insider newsletter subscribers get access to the recording.
Background to Adam’s talk
Cybercrime is up and the number of instances detected is just the tip of the iceberg.
The biggest vulnerability is smaller devices, like tablets and mobile phones. People forget to put security in place or use VPNs. Default passwords on routers and printers are often left in place, which allows easy access to hackers.
It is estimated that by 2025 cyber crime will cost the global economy $34trillion.
There are an estimated 6.4 billion fake emails in the world per day.
For law firms, hacks are not just about targeting client money, the attackers also want the confidential data. This may lead to a financial attack later down the line, but may not. Around 80% of attacks on law firm are after data.
The law
Adam says the current legislation is simply not up to the job. It is out of date and has not kept pace with technology and modern methods of attack.
The Computer Misuse Act 1990 was brought in when Prince Phillip was hacked as there was no current legislation to prosecute under. It is still in use today and is very broadly drafted.
Ironically, police officers are mostly prosecuted under the Act e.g. when an officer accesses the police database for personal reasons.
Wider enforcement under the Act is difficult for several reasons, including:
- detection (where in the world is the criminal?)
- age of the …….
Source: https://www.lexology.com/library/detail.aspx?g=fc0695dd-0709-4d18-84b8-036a3b312dbf