Phishing (using deception to trick people into revealing sensitive information) remains the most common type of attack, and conveyancing firms the most common target due to the large sums of money involved. However, the SRA warns criminals are branching out to target a wider range of practice areas and via a wider variety of ways, for example, it has received reports of criminals intercepting and falsifying physical mail between a firm and client.
The SRA’s Risk Outlook report, published last week, also warns about the changing risks of ransomware (software that blocks access or threatens to publish personal data unless a ransom is paid).
Although the SRA received only 18 reports of ransomware attacks in 2021, it says it is now receiving reports from law firms about ransomware which steals data as well as encrypting it, with criminals threatening to release sensitive information. While most ransomware attacks are random, some are targeted. Consequently, firms acting for clients operating nationally significant infrastructure could be at higher risk, as could firms acting for Ukrainian, Russian or Belarussian clients.
Solicitors should also guard against voice-modification phishing, such as software used to impersonate a solicitor, the SRA warned.
The Risk Outlook report offers advice on steps firms can take to protect themselves, including training staff on information security issues in the office and at home, having multiple back-ups, and having a no-blame culture to encourage early reporting.
Paul Philip, SRA chief executive, said: ‘Protection isn’t just about software. Having the right systems in place, such as anti-virus software or multi-factor identification, really matters. But good training and a culture in relation to managing risks is just as important.’
