The Conveyancing Association (CA) has published a revised fifth version of its Cyberfraud and Fraud Protocol.
The Protocol provides conveyancing firms with practical information on how criminals operate and the measures they, and their staff, can take to avoid being victims of fraud and cyber-crime.
Since the original Protocol was launched in 2016, the CA has committed to regularly reviewing and updating the document to keep pace with the growing number of threats to conveyancing firms and their clients.
Those firms who adopt and adhere to the Protocol, along with other safeguards, have been certified as ‘Cyber Safe’ and also commit to ensuring they are up to date with each new iteration.
This latest version of the Protocol includes feedback from a number of stakeholders and organisations, specifically the National Cyber Security Centre (NCSC) – which has used this iteration to further emphasise specific existing threats and prevention measures conveyancing firms can take.
This iteration provides an updated list of ‘official’ definitions of each activity outlined in the Protocol. These activities are: Vishing; Malware; Phishing; Smishing; Outbound/Inbound Cheque Fraud; Card Payment Fraud; Spear Phishing and CEO/Whaling Fraud.
The Protocol also covers a number of updates in key areas providing advice and information on how firms can operate and the measures they can take in order to protect themselves, their clients and all other stakeholders, particularly in light of increased home/remote working.
Updates to this version of the Protocol cover: use of cheques; payments made without knowledge; checking callers’ identity; cyber security at the office and at home; and the use of public wi-fi.
The NCSC has also provided the CA with guides to keeping safe while home working, which the CA said are particularly pertinent given the ongoing COVID-19 and lockdown disruption to ‘normal’ office working and the increase in the numbers working from home or remotely.
Since the Protocol’s launch a large number of CA member firms have achieved the standards required and been certified under the Cyber Essentials Scheme for IT security – a pre-requisite of meeting the Cyber Safe Standard. The CA urges all its member firms to follow the Protocol and achieve accreditation as soon as possible.
Beth Rudolf, director of delivery at the Conveyancing Association, said: “The threat of fraud never goes away, certainly not for conveyancing firms and their clients who will continue to be targeted because of the considerable sums of money that flow through the housing market.
“This is why we continue to update and amend our Cyberfraud & Fraud Protocol, and its why we must always keep up with the potential threats and the growing number of methods fraudsters are using.
“What has been self-evident in this iteration of the Protocol is the need for firms to protect themselves not just in a ‘normal’ office environment, but when they have large numbers of staff working from or remotely.
“Covid-19 and lockdown has necessitated this and firms clearly need to ensure their employees are following the same robust anti-fraud measures when not working in the office. This updated Protocol points out a number of areas to cover here, and measures which should be put in place to ensure fraudsters do not have another route into firms’ systems.
“As always we are urging all CA member firms to review this version of the Protocol, and perhaps to use it as a starting point for a review of current best practice and to ensure they are doing everything they can to keep both themselves and their clients safe from fraudsters.”
