Tuesday, October 8, 2013

Guarding Your Clients and Firm Against Cyber Crime

As technology continues to evolve at alarming speed, the ability of attorneys and law firms to manage transactions and business information has improved dramatically. More and more functions have become streamlined - with greater ability to monitor and analyze heavy loads of corporate data. However, even as we appreciate each new advance, it is important to recognize the sobering reality that the cyber-criminal community also continues to grow in size, sophistication and channels to ply their trade. Today, more than ever, critical and sensitive information of our clients and firms are exposed – and firm management must plan ahead to limit that exposure. 

Here are a few steps to take to proactively reduce your clients’ and firms’ exposure to the growing cyber-criminal threat. 


Safeguard Your Systems.



  • Have technology professionals run the most current versions of antivirus software on all firm computers and install firewalls and encryption software as necessary.
  • Take the time to sit with your banking team and learn about all the processes your bank already has in place to protect your firm and your clients. Make sure your firm is currently benefitting from each security measure available. For instance, some banks offer ‘reverse positive pay’ which shields against bank fraud by sending email notifications for approval each time a check is presented for payment.
  • Get a network key fob, a small device that provides two-factor account authentication. It automatically refreshes your online security passcode every 30-60 seconds which greatly reduces (but does not eliminate) your chances of being victimized.
  • Protect your myriad passwords for personal, business, and other accounts. Change them periodically, differentiate them across accounts, store them securely, and provide very limited access to them, only as needed.

Track Firm Accounts Daily.


Transactions (and fraud) happen so quickly today that it’s imperative for real estate attorneys to take on the responsibility to monitor all firm accounts daily (both trust and operating) to review for any questionable account activity. It is not enough to delegate this responsibility to a firm controller or CFO who is not directly involved in the daily transaction flow. Although the firm’s controller or CFO must reconcile and close all firm accounts on a monthly basis, only the attorneys at a firm have a real-time understanding of all the various closings, bulk sale escrows, contract signings and their associated large deposits, and retainers. Checking your accounts every day will reveal any discrepancies sooner and give you time to call your bank or firm’s controller to understand any reasons for such discrepancies and to take immediate action if necessary.

Continually Educate Yourself and Your Team.


Being aware of how cyber thieves operate and common ways they gain access to secure data can prevent many inadvertent security lapses. For example, every employee at your firm should understand common fraud practices, such as “phishing.” By now we have all been “phished”-- receiving an email that appears to come from a known or legitimate entity but that is fraudulent. This bait lures an unsuspecting user into clicking on a link to the hook, a web page that looks like a trusted source page. If the phishing expedition is successful, the victim will believe they are on a familiar trusted site and enter sensitive data that will be stolen by cyber thieves. Learn to recognize the sure signs of fraudulent emails. Poorly written sentences or odd spelling, strange email addresses for the sender and unusual requests are sure signs of phishing. It’s worthwhile to visit the FBI’s website to learn more about cyber security and fraud at http://www.fbi.gov/scams-safety/be_crime_smart/.

Implement a Plan.



Developing an incident response plan is crucial. Team members must know in advance what specific steps to take and who to contact when they suspect fraud has occurred. Since fraud can occur so quickly, time is of the essence to limit your firm’s and clients’ exposure and advance planning reduces response time. To ensure successful implementation of such a plan, practice with your staff and hold a “fire drill” to make sure the steps are easy for everyone to follow.  Key steps to include are: notifying your bank’s fraud department, your firm management, and the client - working with your bank to shut down an online session, quickly attempting to reverse a payment order, and invalidating your online credentials that have become compromised.


Aaron Y. Strauss is the founder and a partner at A.Y. Strauss (www.aystrauss.com), a leading commercial real estate law firm, with offices in Roseland, NJ, and New York City. David DePietto is CEO of NexFirm (www.nexfirm.com), a provider of back office outsourcing solutions to smalaw firms, based in New York City.


No comments:

Post a Comment