Cybercrime – are you safe?

We regularly remind you all of the risk posed by cybercrime. It’s the biggest recorded crime in the UK over the last couple of years and does not show any signs of going away.

It remains a priority risk for us, as outlined in our Risk Outlook.

All firms should assess the way they work and take steps to mitigate against the possibility of being victim to a cybercrime attack. Protecting client money and assets is one of the Principles we ask solicitors to adhere to, so guarding against cybercrime should be a priority.

The consequences of a successful attack for a firm can be substantial; the impact on clients can be devastating.

More than just client bank details

Cybercrime does not just involve intercepting emails in conveyancing work to redirect purchase or sale funds. Hackers are always trying to access firms’ IT systems for other nefarious means, for example you could be locked out of your own systems and asked to pay a “ransom” for access.

This is just one of the ways that you could become a victim of cybercrime, and we have outlined this and others in two Risk Outlook papers from 2016 and 2014:


There were conflicting reports last week about email and password details of solicitors alleged up for sale on the “dark web”, sections of the internet that cannot be accessed through normal browsers. We have been told by a number of Compliance Officers that they recognise there is a risk and already regularly monitor the dark web to see if they have been affected in some way.

This is in line with our advice around identity theft – which recommends you often search for your own information to make sure it is not associated with anyone else.

It is worth reiterating that it is best practice to regularly change the emails you use for logging in to IT systems. This is not just at work, but for all applications, such as social media.

Law Society’s Find a Solicitor site

We also get regular reports of law firms being contacted through the Law Society’s Find a Solicitor section of its website. Firms receive emails from cybercriminals claiming to be potential clients, with details contained in an attachment.

The attachment invariably contains malware that will contaminate your IT system in some way, as outlined in our papers above. 

The latest incident reported to us involves the would-be hacker claiming to be retired army officer, Colonel Richard Kemp. This incident saw the cybercriminals contact a solicitor who knew Col Kemp personally, so was aware it was not genuine.

The Government’s cyber essentials scheme has advice on keeping your firm and your clients safe.