Cybersecurity

Protecting your firm if you fall victim to a scam May 2020

Archived

Practice note

04 May 2020

5 minutes read

Read later

This version has been archived

GO TO LATEST VERSION

Preventing scams and coronavirus

Law firms are a significant target for fraudsters during the coronavirus pandemic. They are handling large volumes of personal data including sensitive financial data and are stretched due to the need to provide ongoing legal services to clients while most staff are working from home with systems being used in a manner and volume that they were never intended for.

During the coronavirus pandemic, specific scams have included phishing emails sent seeking:

to impersonate organisations like the World Health Organisation (WHO), National Health Service (NHS) or the UK government
to encourage the recipient to follow malicious links, download malicious software (malware) or software that seeks to lock access to the system in return for payment of a fee (ransomware)

There has been a 400% increase in coronavirus-themed phishing emails in March 2020 alone according to UK Action Fraud. Google estimates that one in five of the 100 million phishing emails it blocks every day are coronavirus related, preying on the lack of knowledge, and in many instances, fear, of the recipient.

This practice note has been updated to reflect the risks created by the coronavirus pandemic and the reality of operating a law firm in conditions of lock down. It also includes links to additional advice and guidance that may help.

This practice note is the Law Society’s view of good practice in this area, and is not legal advice. For more information see the legal status.

Introduction

Who should read this practice note?

Sign up to continue reading

My LS gives you exclusive access to the latest news, events, books and resources to help you excel within your practice.

Already have an account?Log in

Practice notes represent the Law Society’s view of good practice in a particular area. They are not intended to be the only standard of good practice that solicitors can follow. You are not required to follow them but doing so will make it easier to account to oversight bodies for your actions.

Practice notes are not legal advice, and do not necessarily provide a defence to complaints of misconduct or poor service. While we have taken care to ensure that they are accurate, up to date and useful, we will not accept any legal liability in relation to them.

For queries or comments on this practice note contact our Practice Advice Service.

SRA Principles

There are seven mandatory principles in the SRA Standards and Regulations which apply to all aspects of practice. The principles apply to all authorised individuals (solicitors, registered European lawyers and registered foreign lawyers), authorised firms and their managers and employees, and to the delivery of regulated services within licensed bodies.

Must – a requirement in legislation or a requirement of a principle, rule, regulation or other mandatory provision in the SRA Standards and Regulations. You must comply, unless there are specific exemptions or defences provided for in relevant legislation or regulations.

Should – outside of a regulatory context, good practice, in our view, for most situations. In the case of the SRA Standards and Regulations, a non-mandatory provision, such as may be set out in notes or guidance.

These may not be the only means of complying with legislative or regulatory requirements and there may be situations where the suggested route is not the best route to meet the needs of a particular client. However, if you do not follow the suggested route, you should be able to justify to oversight bodies why your alternative approach is appropriate, either for your practice, or in the particular retainer.

May – an option for meeting your obligations or running your practice. Other options may be available and which option you choose is determined by the nature of the individual practice, client or retainer. You may be required to justify why this was an appropriate option to oversight bodies.

This version has been archived

GO TO LATEST VERSION

Cybersecurity

Protecting your firm if you fall victim to a scam May 2020

Preventing scams and coronavirus

Introduction

Who should read this practice note?

Regulatory and legal requirements

What you must do immediately if you discover your firm's client account has been scammed and who you must inform

What you must do next – putting into effect an action plan

The practicalities of dealing with client monies after measures have been initiated to replace the stolen funds

Recovering your business - reviewing your incident response policy and lessons learnt

Sources of help and support in the event of being scammed

Help with awareness and preventative measures

Sign up to continue reading

Protecting your firm if you fall victim to a scam May 2020

Preventing scams and coronavirus

Introduction

Who should read this practice note?

Regulatory and legal requirements

What you must do immediately if you discover your firm's client account has been scammed and who you must inform

What you must do next – putting into effect an action plan

The practicalities of dealing with client monies after measures have been initiated to replace the stolen funds

Recovering your business - reviewing your incident response policy and lessons learnt

Sources of help and support in the event of being scammed

Help with awareness and preventative measures

Sign up to continue reading

Legal status

Terminology