The Conveyancing Association (CA) has revised its Cyberfraud and Fraud Protocol which seeks to provide CA member firms with practical information on how criminals operate and the measures they, and their staff, can take to avoid being victims of fraud and cyber-crime.
The original Protocol was launched at the start of 2016, and further revisions have taken place since then, with the CA committing to regularly reviewing and updating the document. Those firms who have adopted and adhered to the Protocol, and have been certified as ‘Cyber Safe’, also commit to ensuring they are up to date with each new iteration.
This latest version of the Protocol includes feedback from a number of stakeholders and organisations including the National Cyber Security Centre, which has contributed a list of up-to-date ‘official’ definitions of each activity outlined in the Protocol. These activities are: Vishing; Malware; Phishing; Smishing; Outbound/Inbound Cheque Fraud; Card Payment Fraud; and Spear Phishing. Plus CEO/Whaling Fraud has been added to the Protocol which is where the email of a senior manager or partner has been hacked or spoofed.
The Protocol also covers a number of key areas providing advice and information on how firms can operate and the measures they can take in order to protect themselves, their clients and all other stakeholders. These areas cover: Client Identity; Change of Bank Details; Funds Recipient Identity; Caller Identity; Cyber Security; Cyber Insurance; Prevention; Actions when funds have been fraudulently redirected.
Specific new guidance for those following the Protocol include: keeping cheque books and cards locked away; shredding all documents and cards before disposal; asking for further information to clarify a client’s identity; using secure means of communication when detailing bank account changes; following NCSC guidance on cyber security; ensuring insurance cover is up to date; having a documented recovery plan in the case of a malware attack; and advising the firm’s regulator(s) when funds have been redirected fraudulently.
Since the Protocol’s launch a large number of CA member firms have already achieved the standards required and have been certified under the Cyber Essentials Scheme for IT security – a pre-requisite of meeting the Cyber Safe Standard. Cyber Essentials focuses on internet-originated attacks against an organisation’s IT system. Firms must be independently verified as having completed their Cyber Essentials standards before applying for a ‘Cyber Safe’ logo which they can use on their website and literature.
The recently launched third edition of the CA’s Technical Protocol references that member firms should implement the CA’S Cyberfraud and Fraud Protocol. It urges all its member firms to follow the Protocol and achieve accreditation as soon as possible. By achieving this, and adopting the Cyber Safe Standard, it believes members can mitigate much of the risk that criminals using unsophisticated techniques present.
Beth Rudolf, director of delivery at the Conveyancing Association, said: “The issue of fraudulent activity around property sales has been much in the headlines again recently, with the news that one individual lost close to £600k after being duped by a fraudster purporting to be a solicitor via email communications with him. The level of loss in this case, and many others, is shocking and our sympathies go out to those who have lost money to fraudsters.
“While in many cases the vulnerability is outside of the conveyancer’s control the update to the Cyberfraud and Fraud Protocol is designed to highlight those important areas where fraudulent activity could take place and the methods that are being used. It enables firms to clarify whether their defences are fortified or if there is a potential for breaches, whether that be via the firm themselves or another party in the transaction.
“Putting in place a high level of anti-fraud measures, being certified under Cyber Essentials and achieving the Cyber Safe standards shows that the conveyancing firm not only takes the issue incredibly seriously, but demonstrates to customers they have plans in place to protect them, their data and their money.
“We know that the threat from fraudsters will not stop, and they are constantly coming up with new methods, therefore firms have to be continually on their guard. By following our Protocol we believe they are covering off as many bases as possible and ensuring they are doing all they can in the fight against fraud.”