The Conveyancing Association (CA) has published a revised fourth version of its Cyberfraud and Fraud Protocol.
The Protocol seeks to provide CA member firms with practical information on how criminals operate and the measures they, and their staff, can take to avoid being victims of fraud and cyber-crime.
The original Protocol was launched at the start of 2016, with further revisions taking place since then, with the CA committing to regularly review and update the document. Those firms who have adopted and adhered to the Protocol, along with other secret safeguards, have been certified as ‘Cyber Safe’ and also commit to ensuring they are up to date with each new iteration.
This latest version of the Protocol includes feedback from a number of stakeholders and organisations specifically the National Cyber Security Centre, which has used this iteration to further emphasise specific existing threats and prevention measures conveyancing firms can take.
The Protocol continues to provide a list of up-to-date ‘official’ definitions of each activity outlined in the Protocol. These activities are: Vishing; Malware; Phishing; Smishing; Outbound/Inbound Cheque Fraud; Card Payment Fraud; Spear Phishing and CEO/Whaling Fraud.
The Protocol also covers a number of key areas providing advice and information on how firms can operate and the measures they can take in order to protect themselves, their clients and all other stakeholders. These areas cover: Client Identity; Change of Bank Details; Funds Recipient Identity; Caller Identity; Cyber Security; Cyber Insurance; Prevention; Actions when funds have been fraudulently redirected.
Fraud experts say the new guidance contained in the Protocol can protect all firms, especially those dealing with client money. These include: advice to ‘patch’ firewall and virus protection as soon as new updates are available; a consideration to take out a bespoke Cyber Insurance policy if the firm is not covered through existing insurance; and a request to provide staff with Wi-Fi dongles rather than use public Wi-Fi if they are going to be working in a public space.
Since the Protocol’s launch a large number of CA member firms have achieved the standards required and been certified under the Cyber Essentials Scheme for IT security – a pre-requisite of meeting the Cyber Safe Standard.
The CA urges all its member firms to follow the Protocol and achieve accreditation as soon as possible. By achieving this, and adopting the Cyber Safe Standard, it believes members can mitigate much of the risk that criminals using unsophisticated techniques present.
Beth Rudolf, director of delivery at the Conveyancing Association, said: “We are very pleased to present this fourth version of our Cyberfraud & Fraud Protocol which provides all conveyancers with up-to-date information on the ways in which fraudsters are targeting them, plus it updates the prevention measures they can put in place to counter these many and varied threats.
“Given the larger sums of money involved in property transactions, we’re all acutely aware that conveyancing practitioners are a constant target for fraudsters and it’s therefore imperative we have a very strong line of defence in place to ensure that neither the firm nor the client becomes the victim.
“This should not simply be viewed as an outside threat; there is just as much potential for fraudulent activity within conveyancing firms as a recent case where a solicitor was sentenced to seven years in prison for money laundering via conveyancing services shows.
“Putting in place a high level of anti-fraud measures, being certified under Cyber Essentials and achieving the Cyber Safe standards shows that conveyancing firms not only take the issue incredibly seriously, but demonstrate to customers they have plans in place to protect them, their data and their money.
“While the scheme is only open to members of the CA, we recognise that this is a group effort and, to persuade the cyber criminals that our industry is a no-go area, we need every conveyancer to be operating in a cyber-safe way which is why we publish our protocol on our website for all to use.
“This is a threat that is not going to go away, every time we make it harder the criminals have to find other ways to perpetuate their criminal activities. By reviewing the Cyber Fraud Protocol annually we can ensure our members are kept up to date on emerging threats.
“To that end, we will have fraud experts from across the industry speaking at our Cyber Fraud Committee, very appropriately, being held in the Tower of London on the 14th February and bringing our members up to speed on how they should be warning staff and clients about the risks both during a transaction but also in their day-to-day lives.”