The Practical Lawyer


Cybercrime – risks

Each month we consider conduct and practice issues relevant to busy practitioners. This month we will consider the ever-present risk of cybercrime. While a threat to all practice areas, it represents a significant risk to those carrying out conveyancing work due to the pressure of work and the sums of money going through client accounts.

Email has become the most common type of cybercrime against law firms, according to the SRA. Conveyancing firms were recently warned of another scam email. The email invited firms to apply to represent a property development company in conveyancing matters. It featured a real organisation, Argee Building Services, and used the company’s logo – all of which added to the feeling of authenticity. The purpose of the scam was to acquire information about a law firm that could be used against it.

Firms were warned not to click on any links, reply to it – or to forward it to another law firm.

There were some tell-tale signs that the email was not genuine, including:


  • a new client would rarely provide as much detail in an initial enquiry communication;

  • there was no contact information on the footer of the email; and

  • the domain did not lead to a legitimate website.


These are quite subtle signs which a busy conveyancer could understandably not notice. The key to combatting cybercrime must be training staff regularly. It is important that firms share information about immediate threats. But in addition, each firm has a responsibility for ensuring that its staff can recognise a scam email and take appropriate steps if one is received. All staff should also be properly supported if a mistake is made – it is essential for firms to foster a culture of openness and this will not be achieved if a member of staff will be blamed for making a mistake.

Firms can sign up to receive alerts from the SRA about scams:

The National Cyber Security Centre has set out ten steps to cyber security:


  1. Network security: protect your networks from attack.

  2. User education and awareness: produce user security policies covering acceptable and secure use of your systems.

  3. Malware prevention: produce relevant policies and establish anti-malware defences across an organisation.

  4. Removable media controls: produce a policy to control all access to removable media.

  5. Manage user privileges: establish effective management processes and limit the number of privileged accounts.

  6. Incident management: establish an incident response and disaster recovery capability.

  7. Monitoring: establish a monitoring strategy and produce supporting policies.

  8. Home and mobile working: develop a mobile working policy and train staff to adhere to it.

  9. Secure configuration: apply security patches and ensure the secure configuration of all systems is maintained.

  10. Set up a risk management regime: assess the risks to your organisation’s information and systems with the same vigour you would for legal, regulatory, financial or operational risks.


These controls are a mixture of ensuring the firm has proper IT support and systems and that staff are regularly trained to recognise the risks. It is essential for people at the top of an organisation to engage with this threat and to conduct a systematic review of the risk to the firm of cybercrime.

This is no doubt a topic that we will return to.


Most-read articles

Power of attorney – validity
Wednesday, 12 June 2019
The powers of attorney in a recent case were granted in the context of a share sale, but private client practitioners will benefit from the clarity given by the court on the validity and execution of... Read more...
LeO – VAT and costs information
Wednesday, 12 June 2019
We have reported above that LeO has issued updated costs guidance. Costs complaints often involve disputes above whether VAT was included in the price. The updated guidance states that VAT is often... Read more...
Firm reprimanded – poor language
Wednesday, 12 June 2019
Solicitors are reminded that they are officers of the court at all times and are expected to maintain an appropriate level of courtesy throughout their professional dealings. Read more...
Group action – stays in Liverpool
Wednesday, 12 June 2019
It is interesting to note that the High Court has refused to transfer a multibillion-pound class action from Liverpool to London. The action involves some 200,000 claimants who are suing a mining... Read more...
Fixed recoverable costs – payable if £25k limit exceeded
Wednesday, 12 June 2019
Fixed recoverable costs (FRC) prescribe the amount of damages that can be claimed back from a losing party in civil litigation; they are a way of controlling the legal costs by giving certainty in... Read more...
Section 21 notice – amended form introduced
Wednesday, 12 June 2019
Under Housing Act 1988 an s21 notice gives L an automatic right of possession without having to give any grounds once the fixed term has expired. The notice cannot be used to gain possession during... Read more...
RV – can demand be assumed?
Wednesday, 12 June 2019
To calculate the rateable value (RV) of a property, a valuation officer (VO) must work out what the open market rent would be for the property by applying the rating hypothesis. The purpose is to... Read more...
Proprietary estoppel – successful claim
Wednesday, 12 June 2019
Proprietary estoppel is a remedy which prevents the legal owner of a property from asserting their strict legal right in relation to that property when it would be unconscionable to allow him to do... Read more...
Children – care plans
Wednesday, 12 June 2019
What is the court’s approach where there is an impasse with the LA regarding an important element in a care plan? In this case, the CA found that the trial judge’s invitation to the LA to... Read more...
ET fees – £16m still owing
Wednesday, 12 June 2019
In 2017 the SC ruled that ET fees, introduced by the government in 2013, were unlawful. This was on the basis that they were a barrier to access to the ET, particularly for employees on low incomes. Read more...


IAG International
Join the IBA now!
In House Lawyer
MSI Global Alliance