Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
The body representing solicitors in England and Wales is urging its members to strengthen safeguards against cyber attacks after an incident at a critical technology provider caused nearly a month of disruption to house purchases in November and December.
The Law Society gave the advice following an attack on CTS, an IT services provider to the legal sector in the UK and Ireland. The incident disrupted the ability of scores of solicitors’ firms to complete house sales, leaving large numbers of would-be purchasers unable to transfer the money to complete their house moves.
The UK’s National Cyber Security Centre (NCSC) also warned of the importance for law firms of protecting against attack.
The CTS incident affected the operations of around 80 solicitors’ firms, according to Beth Rudolf, director of delivery at the Conveyancing Society, an industry body. But Rudolf added that, because housebuying transactions typically worked in chains, the disruption had spread far beyond those firms’ customers. The CTS incident followed a similar attack two years ago at a large conveyancing firm, she said.
CTS did not respond to a request to comment. In a press release issued on December 29 it said that all the systems had been restored by December 22. The issue was first reported on November 24.
“Our clients have been kept updated throughout and we would like to thank them for their patience as we worked, with a team of experts, to resolve this matter as safely and efficiently as possible,” the brief statement added.
Nick Emmerson, the Law Society’s president, said the organisation was “aware” of the challenges posed by cyber criminals.
“We are actively encouraging our members to strengthen their systems with cyber security measures and the purchase of cyber insurance policies that will help protect them if they are the victims of a cyber attack,” Emmerson said.
The NCSC said the UK’s “large and diverse” legal sector and firms were often entrusted to safeguard “highly confidential, commercially sensitive, or personal information”.
“This data can make legal firms attractive targets for cyber criminals and other attackers, so it is vital organisations take action to protect themselves,” it added.
The NCSC urged firms to act on recommendations in a report it published in June last year about threats to the sector.
People involved in house sales and purchases suffered severe inconvenience in many cases from CTS’s problems. Rudolf said her uncle had initially been unable to complete a house move because the cyber attack prevented a solicitor further down the transaction chain from moving money.
“The removal company had to move all his stuff into storage,” she said.
Rudolf said that, in the previous cyber security incident at a conveyancing firm, the company had alternative systems to cope with such an incident and had been able to continue processing client transactions. Law firms are encouraged to have such contingency plans.
Rudolf said her association advised members to follow protocols to help protect them against cyber attacks. Among the steps were advising staff not to click on unnecessary links on incoming emails. Attackers had also introduced new attack methods that allowed them to impersonate professionals to dupe victims into handing over money, she added.
Rudolf said the new methods meant it was vital for firms’ clients to be wary. In particular, she said customers should disregard any email claiming to be from a conveyancer asking them to transfer money using new, changed bank details.
“Conveyancers do not change their bank details mid-transaction,” she said. “Consumers should not be sending money to different bank details from the ones provided by the conveyancer originally.”