Protecting your firm if you fall victim to a scam

What is the issue?

  • the regulatory and legal requirements that apply when a firm's client account has fallen victim to scammers
  • overcoming problems which might otherwise lead to a firm’s failure and forced closure

Law firms are a significant target for fraudsters. They routinely handle large volumes of personal data, including financial data, in a very demanding, fast-moving environment.

Many firms continue to adapt to remote working and the opportunities this presents. The risk of falling victim to a hack is ever present and firms need to be sure they understand the risk and can combat it effectively.

In its most recent survey of cyber security breaches published in July 2022, DCMS reported that 39% of UK businesses identified a cyber attack during the previous 12 months.

The most common scams identified were phishing (attempts to extract information from staff such as passwords).

More sophisticated attacks such as denial of service, malware (malicious software), or ransomware scams were also identified.

This practice note has been updated to reflect the risks to firms as the UK in the post-pandemic economy. It also includes links to additional advice and guidance that may help.

This practice note is the Law Society’s view of good practice in this area, and is not legal advice. For more information see the legal status.