Can I see your Fraud Prevention Policy asks PI Insurer
Professional indemnity insurers are starting to ask: “what are your firm’s fraud prevention policies and procedures?” before offering a quote. When the annual cost of fraud to the UK economy moves from £Millions to £Billions, and the SRA lists cybercrime and social engineering as one of its ‘priority risks’, then your ability to avoid becoming a victim of fraud, as well as claims in negligence, becomes important to your insurer.
Today, human interactions are increasingly remote and rapid, rather than considered and face-to-face. So too, the working practices of solicitors. Clients expect emails rather than posted letters. Payments are made and received using credit cards over the telephone, and inter-bank transfers using the internet. The need for speed and the anonymity of distance, are both gifts to those intent on criminal deception.
At this point in time, fraudsters are more adept at exploiting the criminal opportunities presented by the new ways of working forced onto solicitors by technology, than law firms are at adopting the policies and procedures needed to avoid themselves, and their clients, falling victims to fraud.
Fraudsters are currently targeting legal practices. When solicitors get better at protecting themselves, the criminals will move their attention onto other, easier, targets.
But for now, your website openly provides a host of valuable information about the types of work you do, and the names and roles of your staff members. All essential context if the trust of your staff is to be first gained, and then manipulated, in a successful social engineering con. They know you do residential conveyancing, so you will have large sums of money passing through your client account. They understand Fridays are fraught and stressful with staff trying to satisfy customer expectations, handle the pressures of time deadlines, whilst using a banking system that generates long time delays between action and outcome. What better time than early Friday afternoon, to manipulate a member of your accounts team into believing the caller has legitimate authority to ask for sensitive information, not usually divulged to third parties, but essential if an imminent catastrophe is to be avoided?
When under pressure, do your online banking and payment procedures get circumvented? Are your bank reconciliation, cheque banking, invoice review and approval procedures, sufficiently robust to avoid an external or an internal, fraud attack; and how quickly would this be identified? How safe is the transmission, storage and destruction of confidential, personal and financial data? Or, are emails between the firm and the client, and the careless disposal of Post-It notes, leaving you vulnerable to a fraud attack?
If you need assistance with your fraud prevention policies and procedures, either to meet the requirements of your professional indemnity insurer, or just for peace of mind, contact CPM21 today.