The large number of lawyers working from home has become a magnet for cybercriminals, the Solicitors Regulation Authority has said, revealing a 300% increase in phishing scams in the first two months of lockdown alone.
In the first half of 2020, firms reported that nearly £2.5m held by them had been stolen by cybercriminals, more than three times the amount reported in the same period in 2019.
The SRA is concerned at law firm staff working remotely on less secure devices than the office network and those without dedicated office space finding it hard to keep information confidential. Those using video meetings also need to make sure that unauthorised parties cannot overhear or see a confidential meeting.
One firm reported that its senior partner received an email that appeared to be from a client but was a phishing attack. When they clicked on an attachment, it automatically sent emails to the partner’s contacts asking them to click on a link and give information. The firm was forced to ask the bank to freeze its client account, apologise to affected clients and report itself to the SRA. The regulator said it took no further action because the firm had taken quick and proactive action.
Paul Philip, SRA chief executive, said: ‘The Covid-19 pandemic has presented real challenges for all of us and how we work. While it will take some time for the implications to be fully understood, it is already clear that the pandemic has also exacerbated many of the wider, day-to-day risks faced by law firms and their clients.’
Firms are advised to have procedures for dealing with cyber risks and know when to report incidents to the Information Commissioner’s Office and SRA. Reports of successful attacks should be made even if the firm or its insurers has already repaid any financial losses.