Email will be replaced within five years by a more secure means of communication for law firms, an expert predicted this week.
Meanwhile, it emerged that the Solicitors Regulation Authority (SRA) has been applying behavioural science to get its messages about cybercrime through to the profession.
Speaking at a session on cybercrime at this week’s compliance officer conference organised by the SRA in Birmingham, Dee Pang, chief information security officer at magic circle firm Slaughter and May, said that his firm’s emails were encrypted.
Acknowledging that this was beyond the reach of smaller firms, he said email was otherwise “very easy” to intercept.
Asked about the effectiveness of not using key terms, such as ‘bank details’ in emails to avoid drawing the attention of fraudsters, Mr Pang said it would only have limited impact: “If criminals are clever enough to intercept your emails, they’re clever enough to search [them].”
“I think we will see the death of email,” he added, pointing to the widespread adoption by Chinese law firms of WeChat, an encrypted messaging service like WhatsApp.
“It may take another five years to reach Western law firms,” he said.
At the same session, Dr Debra Malpass – the SRA’s head of research and analysis – explained how the regulator has been using behavioural science to illustrate how it can be used to help firms fight cybercrime.
She revealed that two trials conducted earlier this year showed that solicitors were far more likely to open an email from the regulator on a Friday, and that included a subject line which fed into their “illusory superiority bias”.
She explained that the first trial ran over six weeks and involved 7,295 law firms.
Those compliance officers who received an email from the SRA warning about “email modification fraud” – messages from fraudsters that look legitimate – were twice as likely to engage with it on a Friday than a Wednesday, and four times as likely in the first week.
This possibly reflected the well-known risk of ‘Friday afternoon fraud’, when conveyancers and their clients are targeted on the popular day of home exchange.
All 10,000 law firms were involved in the trial of the subject line for the warning email. The first group received a positive message, such as ‘Help the SRA combat fraud’. The second employed “fear tactics”, Ms Maplass said, such as ‘Could you be next?’
The third message – using behavioural science – played on people’s “illusory superiority bias”, meaning they rated themselves more highly than others and considered themselves less likely to be caught out by a scam.
These emails had subject lines like ‘You wouldn’t fall for this, but your financial director might’.
Ms Malpass said COLPs were twice as likely to open the third email as the first, and one and a half times as likely to open the third as the second.
Another panellist, Dr John Blythe, a behavioural scientist and research associate at University College London, warned that businesses often relied too much on awareness campaigns.
“There is a knowing and doing gap,” he said. “People know what they should be doing but aren’t [doing it].”
He urged solicitors to make sure they have “useable” cybersecurity policies, noting that staff wanted to be productive and they would circumvent security to achieve this.
In related news, the Council for Licensed Conveyancers has reported that 11 of the 212 firms it regulates were the victims of fraud in the past year. A further 37 said they had repelled attempted frauds.
The results of its annual regulatory return showed the number and variety of attacks on conveyancers increasing, but nearly all regulated firms provided all their staff with training on anti-fraud measures in the past year, while the rest targeted key staff.
5 years? We have solicitor clients who we’ve been communicating with via more contemporaneous means such as APIs for the last couple of years now. Hope the rest will follow over the next year, not 5! (although there are two who still use faxes!)