Holiday season is an appealing time for fraudsters to try their scams by taking advantage of when law offices have fewer staff working and there are added distractions. If you plan to be away from the office, arrange for a competent lawyer to supervise your practice and provide the lawyer and your staff with your contact information. Staff may not deal with trust funds, except in accordance with the Law Society Rules Part 3, Division 7 – Trust Accounts and Other Client Property. We strongly recommend that you review the tips found here with all staff.
Ensure you and your staff maintain an awareness of the different cyber risks including social engineering fraud, ransomware and data breach, and especially heed the following:
- Think before you click! If you unexpectedly receive a link or attachment – even if it is from someone you know – or sense anything unusual, call the sender using the telephone number you have on file (not the number listed in the message) to confirm the message is legitimate – do not verify an email with an email. If you open a link or attachment that you should have avoided, or a box opens that asks for your any information, stop. Close out. Immediately call your IT professional, inform your law firm staff, and report the incident to LIF’s cyber insurer for law firms, Coalition, Inc.
- Before paying out any funds to your client, verify that new or changed instructions by email are legitimate through direct phone (using the number on your client file) or in-person contact with your client. This is a condition of your new cyber coverage.
If you suspect that you have been the victim of a cybercrime, report the incident immediately. Report, even if you have escaped a loss, as the fraudster is often still lurking in your system waiting for the next opportunity to defraud you.