Conveyancers and property lawyers are among the vulnerable sector of small to medium enterprises (SMEs) targeted by hackers. Small business lacks the technology budgets and IT expertise of large corporations. They also offer a potential way into the lucrative network of larger clients and suppliers. According to the ASBFEO Small Business Cyber Security Best Practice Guide, small business is the target of 43% of all cybercrimes. A reliance on conducting business and communications online leaves property transaction professionals particularly susceptible to attack.
Practical Strategies for Cyber Protection
These cybersecurity measures can help safeguard your firm and clients against cyber fraudsters.
1. Stop using email for payment instructions
Email communication is inherently insecure. As an example, phishing scams can intercept property funds. Phishing is when hackers try and trick you into divulging personal information like bank details by impersonating as companies or individuals.
Implement a strict policy to verify all payment instructions and changes to account details through a communication channel other than email. Its best practice to establish this protocol in your engagement letters and client email notices.
2. Enforce strong passwords
Exploiting a weak password is a common starting point for cyber-attacks because criminals use automated ‘brute force’ hacking techniques to crack simple passwords. A secure password contains at least eight characters, a combination of letters, numbers and special symbols. Resist using personal information such as names or birthdays – while easy to remember; it’s also easy to guess.
Password variety is crucial to avoid a single point of failure that may leave you vulnerable to attack. Individual passwords should be adopted by each team user, with the help of a password manager to ensure complex passwords are remembered.
3. Verify clients and third parties
Treat unsolicited phone calls and emails with scepticism. Staff should be aware that there are multiple ways scammers will attempt to manipulate them into divulging personal or matter-specific information. As an example, when an external party raises an urgent request for information, your team will probably try to be helpful, but in doing so, may inadvertently give away too much. The first step should always be to verify the party you’re dealing with.
4. Apply an Acceptable Use policy
Security is a shared responsibility. Clear and consistent rules for your team’s use of the internet should be documented, understood and enforced. A written policy forming part of your firm’s security culture should include:
- A process for granting or revoking access when there is a change of staff
- Clearly defined access controls and system monitoring
- A whitelist of internet sites accessible inside the firm’s firewall
- Restrictions on social media use on work computers and devices
- The procedure for connecting from outside the office using a VPN, not public Wi-Fi.
5. Operate inside the VOI safe harbour
It’s hoped that the Verification of Identity (VOI) Standard of a face-to-face meeting for property transactions will help guard against imposter fraud. By following the standard, practitioners and Identity Agents can receive ‘safe harbour’ protection in the event of an identity fraud claim. In other words, it enables you to comply with your obligations to verify the identity of your client.
ZipID verification reports provide the quickest and most reliable expert VOI service and assurance of safe harbour. Whether you do VOI in-house or offer your clients the use of a mobile representative, it’s safe, convenient and consistent every time.
6. Backup data and update software
How long since you’ve backed up your critical data on a separate device? If you suffer a data breach or data loss, it’s imperative to resume business without interruption. Enforced downtime is one of the most destructive impacts of a cyber-attack, with many SMEs not able to continue operating without access to critical information. Nearly a quarter (22%) of the SMEs that suffered a ransomware attack in 2017 ended up going out of business, according to the ASBFEO Small Business Cyber Security Best Practice Guide.
Data backups should occur systematically, regularly and across different physical locations. Run periodic tests to be sure you can rely on your backup data. The hosted offsite archiving and rapid data retrieval benefits of ZipID can strengthen your data management processes.
Maintaining software updates and patches to your servers, firewalls and operating systems will also help protect against known malware and viruses.
7. Consider cyber insurance
Cyber insurance offers specialist cover against cybercrime. Whereas Professional Indemnity insurance only covers losses to persons outside the firm, cyber insurance extends coverage to business losses. Examples include loss of profits and costs of incident investigation and remediation. Cyber insurance responds to a range of events that may impact your firm as an innocent victim of crime.
Over 1,000 conveyancing and law firms around Australia rely on the ZipID VOI App and ‘come to you’ Agency service for safe, convenient and consistent VOI. Full transparency through geolocation data is just one of the many ways ZipID is committed to safeguarding your firm from fraud risk. Phone ZipID on 1300 073 744 or email.