Attorney's Protection Against Cybercrime

Published on March 20, 2023

A prominent firm of attorneys was recently held responsible by the High Court of South Africa for failing to protect a depositor of funds against cybercrime. The decision highlights the importance to attorneys to adopt and employ suitable measures against cybercrime.

In order to formulate and adopt measures and policies for the protection of data, terms such as “hacking” “phishing”, “spoofing”, etc. are to be understood. Domains such as DKIM and DMARC need to be established, whilst a SPF is also of importance.

In using the decision in the matter of HAWARDEN vs. EDWARD NATHAN SONNENBERG INC. as a guideline, it is suggested that the following should be of assistance.

Hacking is the act of identifying and then exploiting weaknesses in a computer system or network, usually to gain unauthorized access to personal or organizational data. Spam is the sending of irrelevant or unsolicited messages over the internet, typically to a large number of users, for the purpose of advertising, phishing, spreading of malware, etc. Both hacking and spamming poses threats to the protection of information held by attorneys. The protection of information or data held by attorneys' forms part of attorneys' duty of care towards clients and users of its technology.

Hacking presents itself in different forms such as “spoofing”, “phishing” (also referred to as “fishing” or “vishing”) and “smishing”.

Spoofing is a type of e-mail attract that forges the FROM address of an email message. A Spoofed message appears to be from the impersonated organization.

Phishing is the fraudulent practice of sending e-mails or other messages purporting to be from messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. In short is phishing when attackers send malicious emails designed to trick people into falling for a scam.

Smishing is the same as phishing but when cybercriminals “phish” they send fraudulent emails that seek to trick the recipient into on a malicious link. Smishing simply uses text messages (sms) instead of e-mail.

The above practices are collectively referred to as Business Email Compromise (BEC). In order to prevent or minimize BEC, attorneys are required to adopt policies aimed at Data Protection (DPP) and/or Information Security (ISP).

During the process of formulating a Data Protection or Information Security policy the following aspects are to be considered:

• the establishment of a domain for key identified mails referred to as DKIM. This is a protocol that allows a business to take responsibility for transmitting a message by signing it in a way that mailbox providers can verify. It is made possible through cryptographic authentication. It is an e-mail authentication method designed to detect forged sender addresses in e-mail. DKIM detects when a message has been modified and when authorized changes are made to the messages. DKIM allows the receiver to check that an e-mail claimed to have come from a specific domain was indeed authorized by the owner of that domain. DKIM therefore prevents outgoing e-mails from being marked as spam.
• the formulation of a sender policy framework (SPF), which is an e-mail authentication protocol and part of e-mail cybersecurity used to stop phishing attacks. It allows a business to specify who is allowed to send e-mail on behalf of the domain. In a typical phishing attack the threat actor spoofs the sender address to look like an official business account or someone the victim may know. An SPF record is a DNS entry of the business containing the IP addresses of the business’s official e-mail servers and domains that can send e-mails on behalf of the business. SPF discourages cybercriminals from spoofing the domain, spam filters will be less likely to blacklist it. This improved reputation improves the deliverability of legitimate e-mails.
• the establishment of a domain-based message authentication reporting and conformance protocol (DMARC). DMARC is an open e-mail authentication protocol that provides domain-level protection of the e-mail channel. DMARC authentication detects and prevents e-mail spoofing techniques used in BEC and other e-mail-based attacks.
• Written warnings about BEC and precautions to be taken against BEC should be provided to everyone making payments into the business banking accounts of the Attorneys.

DMARC, in conjunction with DKIM and SPF, provides the following benefits:

• enables e-mail senders and receivers to identify, authenticate and report potentially malicious e-mails;
• reduces flow of malicious e-mails that spammers and other attackers use to distribute spam, malware and phishing messages;
• altogether prevents hacking in the form of spoofing, phishing and smishing.

A part from formulating a Data Protection Policy (DPP) and/or Information Security Policy (ISP), attorneys should install the most recent technology available for data protection and/or information security. Technology which blocks fraudulent messages or sends it to spam is available. This combination of SPF and DMARC is offered by Lexis Nexis in the form of a secure portal with two factor authentication (Lexis Tracker Secure Chat).

In addition to the said technology, business should also use a multi-verification system when making or requesting payments. Either a in-person consultation with the client or a telephonic confirmation with the client to confirm bank details should be required. Written details of the consultation or telephone communication must be recorded.

The purpose of the Data Protection Policy (DPP) or Information Security Policy (ISP) should be to provide rules and guidelines to employees and users for the protection of the attorney and its clients against BEC as a result of cybercrime.

C.M. Weiss
Practicing Consultant