Ask oneself whether there is a greater risk of one’s office being destroyed by fire or flood or one’s data being seized or corrupted by criminals demanding a ransom fee to restore it. Similarly it is instructive to consider whether most professional firms would find it easier to recover from the loss of its physical premises than to recover from the loss of its computerised data.
It is perhaps no coincidence that professional indemnity underwriters are starting to enquire about the procedures their insured clients have in place to guard against cyber fraud. This increased scrutiny has to be seen in the context of an increasing number of cyber-related claims against professional firms. Despite record numbers of such claims, some predict that we are currently seeing only the tip of a very large ice-berg.
Several conveyancing firms have reportedly received fake emails that appear to come from their clients, often late on a Friday afternoon, providing bank account details into which they instruct that the proceeds from property sales are to be paid. Only after funds have been transferred has it become apparent that the clients’ email accounts had been hacked and the email instructions had, in fact, not been sent by the clients themselves but by criminals masquerading as them.
It is not only lawyers and conveyancers that have been subject to this type of fraud. In these days of outsourcing, firms of accountants too can find themselves targeted as instructions to pay suppliers are sent to them that purport to come from clients but which actually originate from hacked email accounts.
Typically the hacked emails look very convincing and are far-removed from the amateurish missives in poor English that purport to come from African royalty. Falling victim to a scam may just be a matter of bad luck but there are certainly steps that can be put in place to minimise the risk. Not only is it important to take preventative measures but, equally, if a firm faces a claim from a client arising from cyber-fraud, it will be of critical importance in the defence of the claim to be able to demonstrate that the firm had taken all reasonable steps to minimise the risk. Merely putting a disclaimer on the bottom of an email may no longer suffice.