In new guidance, the Legal Ombudsman (LeO) has urged firms to consider investing in a corporate email solution that can be properly protected and controlled rather than a web-based solution such as Yahoo, AOL or Hotmail.

Cybercrime is now one of the most prevalent types of crime in the UK and because of the amount of money and sensitive information they handle, lawyers are an obvious target.

LeO has released new guidance laying out what it expects from service providers who have been the victim of a cybercrime attack.

In order to protect clients’ data, the steps your firm takes will vary according to your size, needs and the potential risks you have identified. LeO’s document provides some basic advice on what to consider, including the following:

  • steps to deal with an incident, including who to inform
  • how to handle complaints
  • case studies of common errors.

One case study explains how a client was lured via email into transferring funds for a house deposit to a fraudulent account. LeO’s investigation revealed that the client’s solicitor was using an unsecure web-based email provider, which had recently suffered a data breach. The firm had not taken any steps to protect against this risk, or followed best practice in terms of client care. LeO ordered the firm to reimburse the deposit, as well as additional costs incurred.