Cyber-attacks are an ever-present threat for conveyancing firms. Especially in recent years, with the pandemic driving an increased use of technology throughout the conveyancing workflow.
Now, more than ever, it’s important to be educated on how to keep your practice safe from cyber-attacks.
Cyber-attacks aim to steal sensitive data from your client or business through a digital forum, with the purpose of either financial gain, disruption, or espionage.
In the conveyancing industry, we are affected by the corruption of transactions between clients and the loss of confidential client information.
All of which cost Australian businesses and clients, about $29 billion per year in cyber security incidents.
The conveyancing industry is particularly vulnerable to cyber threats due to the volume of data, sensitive information, financial responsibility and authority it holds.
Discussed are the three most common cyber-attacks you should be aware of as a conveyancing firm.
1. Identity fraud
Identity fraud is certainly not new, with criminals becoming increasingly skillful at combining leaked personal information with available data on the Internet and social media profiles.
The advancement in AI technology allows cybercriminals to effectively impersonate consumers’ voices and faces to bypass verification controls.
They can then use available information and AI to generate new synthetic profiles with documents, facial images, and voice cloning to apply for loans and claim social benefits.
Not only does this create additional challenges for businesses to authenticate their customers, but it can also pose serious financial and personal risks for individuals.
To prevent identity fraud, Australian Cyber Security Centre (ACSC) has prepared a list of measures you and your clients can follow to minimise the risk.
Fraud-as-a-service is commonly seen when criminals impersonate supply services to carry out fraudulent activity.
Cybercriminals are turning to automated voice bots for impersonating businesses and socially engineering customers either over the phone, or commonly, via email.
It is commonly seen when cyber criminals will copy your email signatures and bank details, changing only one or two numbers in the accounts to have your clients transfer funds to their own account, instead of yours.
A common prevention method is to never exchange details through unsecure communication tools, have all your settlement and payment options secured with billing and accounting software.
Another important method is to educate each client that you will never ask for fund transfers details to be sent in emails, and to double check and verbally confirm any fund transfers with other businesses throughout their property purchase or sale.
3. Ransomware attacks
Ransomware boomed during the pandemic, with large institutions and critical infrastructures facing disruptions and being forced to pay millions in ransom.
Experian suggests that the use of AI will further power ransomware attacks, leaving both customer data and critical business information exposed.
The ACSC observed cybercriminals continue to successfully use ransomware to disrupt operations and cause reputational damage to Australian organisations, and have sited no slowing down of this threat.
It added that “most ransomware incidents occur after other malicious activity has been conducted against an organisation (e.g. phishing campaigns)”.
ACSC advises Australian organisations to adopt multiple layers of defence against ransomware, explaining that no single mitigation will protect against all threats.
Other common cyber-attacks on conveyancing firms include, Malicious Software (ne Malware) and Scam Emails, as noted by ACSC.
Managing your software, data, and online accounts is drastically becoming the best-practice for increasing your business’ protection from the most common types of cyber-attacks. With data rapidly becoming the most important commodity in this technological era.
It is important all data is untampered and secured from any external threat, especially when involved throughout the conveyancing workflow.
How to protect against cyber-attacks
Jane Forsythe, Assistant Director with the Cyber Security Outreach team at the Department of Home Affairs, in a recent webinar with AIC Victoria Division outlined nine strategies to protect your conveyancing business from cyber-attacks.
1. Complete your due diligence & think critically.
2. Train your employees to think critically like you and be able to identify suspicious emails.
3. Use MFA or Multi Factor Authentication.
4. Replace passwords with passphrases.
5. Turn on automatic software updates.
6. Back up devices to an external, disconnected hard drive.
7. Avoid sharing ‘personally identifiable information’ online.
8. Prepare your response to a cyberattack and have a ‘Incident Response Plan’.
The biggest safeguard against cyberthreats, for both you and your clients, is education. Knowing what to look for and flagging anything suspicious is the first step in making your firm cyber-safe.
You should also be cautious of the technology you employ in your business, ensuring you have software in place that can minimise the threat to you and your clients.