Lawcovernotes December 2017

When people think of cyber risk their minds don’t usually drift to the legal profession. However solicitors deal with sensitive data and often large sums of money and with advances in technology, this can make them particularly vulnerable to cyber attacks. In a recent Lawcover claim, an insured solicitor was acting on behalf of a deceased estate. The solicitor sent an email to the executor to request the bank details of each of the beneficiaries in order to make a final distribution under the will. The following day the solicitor received an email purporting to be from one of the beneficiaries. The email contained a clear direction to pay the distribution into a specific account. The solicitor’s accounts department prepared the paperwork and the solicitor authorised the electronic payment in accordance with the “beneficiary’s” directions. The next morning the bank contacted the solicitor to inform him that there had been suspicious activity with the account. To the insured’s knowledge he had paid the funds in accordance with the beneficiary’s direction. The insured then phoned the beneficiary to confirm that the email received by the insured was in fact the email that the beneficiary had sent. When the insured spoke to the beneficiary he asked the beneficiary to read aloud to him the email that he had sent. It was at this point that the insured realised that the email which had been sent by the beneficiary had been intercepted, the account details altered and that he had a fraudster on his hands. The insured immediately notified the bank and requested that it block the payment. The insured also reported the matter to the NSW Police. Miraculously, in this claim the amount was recovered in full because of the prompt actions by the bank and the insured solicitor after realising the email had been altered. The risk that new advances in technology pose to a legal practice can be minimised by implementing some simple steps: ^ ^ Avoid the use of email accounts like Gmail and Hotmail for business transactions. ^ ^ Choose your passwords carefully ^ ^ Keep your mobile devices and computers secure ^ ^ Always delete unsolicited emails from unknown parties ^ ^ Never open spam or unknown attachments ^ ^ Keep your firewall, operating systems and security software up to date ^ ^ Establish an electronic funds transfer policy that requires additional identification before the transfer of the funds – it is prudent to check account details prior to making payments and a phone call is a simple yet effective risk management measure ^ ^ If something doesn’t look right it probably isn’t. Do not be afraid to ask questions and or contact your bank. Jennifer Baker Claims Solicitor Advances in technology and cyber attacks pose a significant risk to solicitors. 11.