‘Information and cyber security’ is a repeating feature of the SRA’s Risk Outlook.
And for good reason.
Over the past few weeks, many law firms have reported incidences of phishing emails landing in their inboxes, posing as the SRA.
Some of these ask you to click a link to verify information, stressing the importance of it being done immediately.
And now we understand that some firms are getting calls claiming to be from the SRA.
On closer examination of the email footers, they do not match the address and details of the SRA. The email address does not quite ring true – albeit they have cleverly spoofed the ‘@sra.org.uk’ domain.
And the SRA always give a time frame within which to respond to an email they have sent – they do not say ‘it must be done today’.
The SRA produced a helpful (21 minute) podcast back in September about firms who have been the victims of cyber-attacks. It is worth a listen. There is also a helpful PowerPoint presentation on the page that could be used ot raise staff awareness (and it all counts towards your Continuing Competence!)
In September, the SRA produced their findings from their Thematic Review of Cybercrime where it looked more closely at forty incidents of such crime reported by law firms over three years (2016-2019). The review highlighted that law firms and legal transactions were still a popular target for cyber criminals.