Back to top
Article

How to protect your firm and your clients from email fraud

18 September 17

In association with Frama: a new secure email encryption service will help combat cybercrime without a cumbersome process

Investing in new technology can be a daunting task, especially where the capital expenditure may not have been budgeted. However, when we are speaking about the need to introduce technology for enhanced security or the protection of an organisation’s reputation, the costs can be placed into context.

What may not be so obvious is that enhanced email security can be introduced into an organisation and actually show a cost saving, by reducing the amount of physical mail being sent via the DX service.

Frama can demonstrate that we can introduce Frama RMail into an organisation, reducing the costs of sending important critical documents to a fraction of the DX costs.

The additional benefits of the Frama RMail system are:

  • Immediate encrypted email delivery, with no portal logins for recipient, and ability to reply encrypted
  • One click password protection option
  • Legal proof of delivery, receipt and content (unique to Frama RMail)
  • Reduced postage costs
  • No labour costs in preparation of sending documents to a cut-off time
  • No physical storage costs of printed matter
  • E-signature included
  • Large file transfer.

Cybersecurity breaches

Certain sectors of business are targeted more often by cybercriminals because the rewards are greater.

According to the Cyber Security Breaches 2017 Survey conducted by the UK Government, 72% of all cybercrimes involved “email modification” fraud, more commonly known as phishing or whaling attacks. Nineteen per cent of firms have reported being targeted by cybercrime, with one in 10 cases resulting in some sort of material loss. A key feature of the Law Society of Scotland’s practice rules and standards of conduct is the protection of confidential information. If satisfactory security measures are not in place it could be viewed as a breach of this obligation and lead to a finding of misconduct. 

The facts

  • £2.3 billion was lost by global businesses from email fraud (2013-2015)
  • 75% of cybercrime reports to us are “Friday afternoon fraud”
  • 43% of all cyberattacks are aimed at small businesses
  • Nine security breaches in 2015 featured more than 10 million personal records being exposed.

How des this affect clients?

Home buyers and sellers in the UK have lost more than £10 million to email security breaches in the last 12 months.

The National Fraud Intelligence Bureau has recorded 91 victims of conveyancing fraud in the UK. On average,
these criminals carry out two frauds per week, with each fraud worth in excess of £110,000.

Many solicitors are failing to warn clients about the risks of using email during property transactions, despite explicit guidelines from the Law Society of Scotland and anti-fraud authorities. 

A quarter of UK firms have been targeted by online fraudsters. In one in 10 of these cases money had been stolen from clients as a result. The victims of these conveyancing scams lose £101,000 on average. 

According to the Law Society of Scotland there are currently approximately 1,200 solicitor firms practising in Scotland. Based on these numbers, 300 firms have been targeted by fraudsters, with criminals having been successful in almost 30 cases. But under-reporting of cases and size of the loss means the actual numbers are likely to be far greater. The Law Society of Scotland stresses the importance of ensuring your firm has robust cybersecurity procedures, as cases of fraud are steadily increasing. Keeping client information confidential and ensuring their funds are secure are of paramount concern, as the potential financial and reputational damage to firms is extremely severe.

The General Data Protection Regulation

On top of the need to defend against email fraud, the new General Data Protection Regulation comes into force in May 2018 and will require companies to be compliant with provisions relating to the transmission of financial and sensitive data electronically.

Under this legislation, companies will not only need to transmit this data securely, but also prove how and when this was done.

If a business collects, stores or uses personal data, the GDPR applies, with serious penalties for those that don’t comply.

While most companies will already be looking at how they acquire, store and manage personal and sensitive data, we have found that many organisations are not aware of the risks concerning the transmission of this data between internal employees and external clients. 

Are you able to answer the following questions?

What measures do you have in place for sending sensitive personal/financial data via email?

How does your business prove it is compliant in this situation?

Frama UK Limited
t: 01992 45 11 25; e: info@frama.co.uk; w: www.frama.co.uk

Have your say