01792 687 146
As many already know, a conveyancing cybersecurity incident reported on November 22, has disrupted operations for conveyancing firms that rely on CTS services, who have all been affected in various degrees with some losing access to emails and phones. CTS confirmed the incident, stating that a global cyber forensics firm is investigating. Home buyers expressed frustration on social media due to delayed exchanges and completions, leading to unfortunate transaction fall-throughs. This incident recalls past disruptions in the conveyancing sector, emphasising the unpredictable nature of cyber threats.
So, what can you do to minimise the risk of this happening to you?
We’ve put together a concise guide on cybersecurity actionable steps you can take today and carry on throughout your firm easily. We’ll also look at how case management systems can make a difference.
Establish Conveyancing Cybersecurity Policies:
Develop and enforce comprehensive cybersecurity policies outlining clear procedures for data handling, acceptable use, and overall security protocols. Regularly update these policies to stay ahead of emerging threats. Eight policy points you should consider are:
User Authentication: Users must maintain strong, regularly updated passwords and employ mandatory multi-factor authentication for sensitive system access.
Data Handling: Confidential client information must be appropriately labelled, and encryption is mandatory for all sensitive data in transit and at rest.
Network Security: Active firewalls and regularly updated antivirus software are required on all devices, along with routine security audits and vulnerability assessments.
Email Usage: Exercise caution with email attachments and links, promptly reporting any suspicious emails to the IT department.
Device Security: Company-provided devices must have up-to-date security software, and personal devices accessing company resources must adhere to the same security standards.
Incident Reporting: All employees are responsible for promptly reporting any cybersecurity incidents, with an incident response team tasked to assess and address reported incidents.
Remote Access: Secure, encrypted connections are obligatory for remote access to company resources, with sessions monitored and logged.
Employee Training: Annual attendance at cybersecurity training sessions is mandatory for all employees to stay informed about the latest threats and best practices.
By starting off by finalising your policies, they can then be used a checklist for implementing into your firm.
Employee Training and Awareness:
Conduct frequent cybersecurity training sessions to empower staff with the skills to identify potential threats. Emphasise the importance of strong password practices, educate on recognising phishing attempts, and instil awareness of social engineering tactics.
Secure Network Infrastructure:
Safeguard against unauthorised access by deploying network security tools, including firewalls and intrusion detection systems. Regularly update and patch software and systems to address vulnerabilities and enhance overall resilience.
Incident Response Planning:
Develop and regularly update an incident response plan, outlining step-by-step procedures to be followed in case of a cyber incident. Conduct periodic drills to ensure employees are familiar with the plan and can respond effectively.
Vendor Security Assessment and Compliance:
Assess the cybersecurity practices of third-party vendors, especially those providing case management systems. Ensure vendors adhere to high-security standards, regularly update their systems, and comply with legal and regulatory requirements.
Case Management Systems and Conveyancing Cybersecurity:
This last point leads us on nicely to looking at case management systems and their infrastructure which can make the difference between high and low risk.
When looking for a new case management system, or if you are concerned about your current supplier, you should enquire into the following:
Security Measures:
Enquire about the vendor’s cybersecurity protocols and encryption practices for data protection.
Compliance and Data Handling:
Ask about the vendor’s compliance with legal regulations and how they handle and secure confidential client information.
Incident Response and Access Controls:
Seek details on the vendor’s incident response plan, recovery speed, and user access controls to ensure data security.
System Maintenance and Backup:
Enquire about the frequency of system updates, patching, and measures in place for data backup and recovery.
Vendor Track Record and Contracts:
Enquire about the vendor’s experience with legal entities and review contractual terms, including data ownership and termination clauses.
At Hoowla, we are well versed in all aspects of conveyancing cybersecurity and employ decades of knowledge and skills into offering some of the best security practises in the industry.
Hoowla users have the authority to invite collaborators and control access permissions. User authentication includes standard login and password, with the option for two-step authentication for enhanced security. Physical security measures involve ISO 27001 certified data centres, with controlled access, video surveillance, and intrusion detection.
We use HTTPS with layers for secure data transmission. Our developers are well-versed in web application security, ensuring code undergoes rigorous reviews and testing.
Data redundancy is ensured through regular backups using specialist server storage. Our servers are backed up multiple times daily, and continuous 24/7 monitoring guarantees system integrity.
We always encourage our users to take backups of their data, not just for cyber security but for CQS compliancy. As a result, in the unlikely event of an outage, Hoowla users that have taken regular backups have access to their data via applications such as Microsoft office and Open Office. Meaning, that whilst we’re working hard to get systems back online, our clients can carry on with their cases with little interruption.
If you would like to know more about how we do things at Hoowla, or are considering moving from your current case management system, book a free, no-obligation case management system demo with our Managing Director, Adam Curtis.