Cyber threats are now a key risk for property practices 

Professional obligations have always evolved to meet clients’ changing needs. For property professionals including lawyers, conveyancers and real estate agents, a transformation in the way that business is conducted means that managing cyber risk is now a key business and professional risk. Here are eight reasons why.  
 

1. For many years protecting clients against fraud has been part of practitioners’ duty of care  
   Legal protections to ensure the integrity of property transactions exist through a range of measures including the witnessing of important legal documents, the use of powers of attorney to protect vulnerable owners, and rules requiring verification of identity procedures for persons in land dealings. Measures designed to prevent electronic funds transfer frauds and to protect the integrity of e-conveyancing continue this theme by adapting business practice to contemporary needs.  
    
2. A combination of three significant changes have led to an increase in funds transfer frauds  
   First, changed payment procedures from cheques to EFTs (electronic fund transfers) have seen the liability of banks for payments made into the wrong bank account replaced by an apparent onus on the person paying the money to confirm the accuracy of bank account details.   
   Second, widespread use of the internet has enabled scammers to collect information about others, including breached passwords and identity details, to access online accounts that do not have sufficient security protections and to spread malicious software indiscriminately.   
   Third, email is now the preferred means of business communication, despite its shortcomings in security and the ease with which people can be impersonated using spoofed email addresses. While these factors apply throughout the business world, property practitioners’ and their clients are particularly exposed because of the value of property transactions.  
    
3. If cybercrime was a country, it would be the third biggest economy in the world*  
   Cybercrime is not a niche risk that applies only to some sectors of the economy. According to Cyber Security Ventures*, cybercrime will lead to the biggest transfer of wealth in human history, is increasing at a rate of 15% per annum and by the end of this year will exceed the value of the illicit drugs trade for all major drugs combined. According to another study, the direct costs associated with cybersecurity incidents now cost Australian businesses $29 billion annually.  
    
4. The value of real property makes property transactions rich targets for cyber criminals  
   In the 2020 December quarter, Australia’s national average price for a house was $852,940. Many property transactions are managed by small businesses without significant technical support and customers, who may only be involved in one or two such transactions in their lifetime, can be unaware of the risks unless they have been proactively advised about them by their property practitioner.  
    
5. Professional bodies have issued repeated warnings about payment redirection fraud  
   For several years, lawyers’ and conveyancers’ professional associations and insurers have issued warnings about the risk of fraud making it difficult to argue this risk is not foreseeable.  
    
6. Actions for breach of trust can be difficult to defend, and are generally not covered by limited liability schemes  
   This means that if money has been paid out of trust in error, your financial exposure could be very significant on a large transaction.  
    
7. Lawyers, conveyancers and real estate agents are all subject to professional duties of confidentiality.   
    
8. Since April 2021 ARNECC (Australian Registrars’ National Electronic Conveyancing Council)  has required that that all users of an Electronic Lodgement Network complete cybersecurity awareness training. 

But the good news is that some simple steps will help protect businesses and their clients. Using business quality email, anti-virus and anti-phishing software, replacing unsupported software, and implementing multi-factor authentication and strong password policies will go a long way to protecting your business.   
 
Lastly, educating all your employees, particularly about social engineering techniques designed to manipulate their natural tendency to trust, is essential, as many email scams do not involve any computer intrusion and more than 90% of cyberattacks start with an email.  
 
About the author:
Simone is the legal practitioner director of Law & Cyber. Before founding Law & Cyber, Simone was the Senior Claims Solicitor at Lawcover. L&C’s online education course Cyber Risk for Law Firms is available here.