Cybersecurity

Protecting your firm if you fall victim to a scam

Practice note

18 Aug 2022

5 minutes read

Read later

What is the issue?

the regulatory and legal requirements that apply when a firm's client account has fallen victim to scammers
overcoming problems which might otherwise lead to a firm’s failure and forced closure

Law firms are a significant target for fraudsters. They routinely handle large volumes of personal data, including financial data, in a very demanding, fast-moving environment.

Many firms continue to adapt to remote working and the opportunities this presents. The risk of falling victim to a hack is ever present and firms need to be sure they understand the risk and can combat it effectively.

In its most recent survey of cyber security breaches published in July 2022, DCMS reported that 39% of UK businesses identified a cyber attack during the previous 12 months.

The most common scams identified were phishing (attempts to extract information from staff such as passwords).

More sophisticated attacks such as denial of service, malware (malicious software), or ransomware scams were also identified.

This practice note has been updated to reflect the risks to firms as the UK in the post-pandemic economy. It also includes links to additional advice and guidance that may help.

This practice note is the Law Society’s view of good practice in this area, and is not legal advice. For more information see the legal status.

Introduction

Who should read this practice note?

Sign up to continue reading

My LS gives you exclusive access to the latest news, events, books and resources to help you excel within your practice.

Already have an account?Log in

Practice notes represent the Law Society’s view of good practice in a particular area. They are not intended to be the only standard of good practice that solicitors can follow. You are not required to follow them but doing so will make it easier to account to oversight bodies for your actions.

Practice notes are not legal advice, and do not necessarily provide a defence to complaints of misconduct or poor service. While we have taken care to ensure that they are accurate, up to date and useful, we will not accept any legal liability in relation to them.

For queries or comments on this practice note contact our Practice Advice Service.

SRA Principles

There are seven mandatory principles in the SRA Standards and Regulations which apply to all aspects of practice. The principles apply to all authorised individuals (solicitors, registered European lawyers and registered foreign lawyers), authorised firms and their managers and employees, and to the delivery of regulated services within licensed bodies.

Must – a requirement in legislation or a requirement of a principle, rule, regulation or other mandatory provision in the SRA Standards and Regulations. You must comply, unless there are specific exemptions or defences provided for in relevant legislation or regulations.

Should – outside of a regulatory context, good practice, in our view, for most situations. In the case of the SRA Standards and Regulations, a non-mandatory provision, such as may be set out in notes or guidance.

These may not be the only means of complying with legislative or regulatory requirements and there may be situations where the suggested route is not the best route to meet the needs of a particular client. However, if you do not follow the suggested route, you should be able to justify to oversight bodies why your alternative approach is appropriate, either for your practice, or in the particular retainer.

May – an option for meeting your obligations or running your practice. Other options may be available and which option you choose is determined by the nature of the individual practice, client or retainer. You may be required to justify why this was an appropriate option to oversight bodies.

Archived versions

Protecting your firm if you fall victim to a scam

Introduction

Who should read this practice note?

Regulatory and legal requirements

What you must do immediately if you discover your firm's client account has been scammed and who you must inform

What you must do next – putting into effect an action plan

The practicalities of dealing with client monies after measures have been initiated to replace the stolen funds

Recovering your business – reviewing your incident response policy and lessons learnt

Sources of help and support in the event of being scammed

Help with awareness and preventative measures

Sign up to continue reading

Archived versions

Protecting your firm if you fall victim to a scam

Introduction

Who should read this practice note?

Regulatory and legal requirements

What you must do immediately if you discover your firm's client account has been scammed and who you must inform

What you must do next – putting into effect an action plan

The practicalities of dealing with client monies after measures have been initiated to replace the stolen funds

Recovering your business – reviewing your incident response policy and lessons learnt

Sources of help and support in the event of being scammed

Help with awareness and preventative measures

Sign up to continue reading

Legal status

Terminology

Archived versions