From employees who cross the line to cyber criminals, read about these risks in practice.

Lawyers will also want to consider commercial insurance to protect themselves from these frauds as they are not covered under the Policy.

Employee fraud

Forgery risks in mortgage transactions
Notice to the Profession, March 23, 2011

Do your systems protect you from employee fraud?
Practice Watch (p. 17), Benchers’ Bulletin, 2010 No. 3 Fall


Cybercrimes and more


Preface:  Cybercrime risk management

Risk management tips for social engineering frauds are available here

You will find a recurring message in the materials in this next section: Lawyers and law firms are particularly vulnerable to hackers. From lost laptops and thumb drives (two of the leading causes of data breaches) to malware attacks, you are at risk. 

Protect your systems and your data. Take the ten simple steps set out here (see below) and read the resources that follow for details and more tips. Speak with your bank about steps that you can take to enhance security, including the advantages of receiving trust funds electronically.


Law Society resources

Dealing with Cryptowall ransomware – an in-depth review of the virus and how to avoid getting caught
Practice Tips, Benchers’ Bulletin, 2015: No. 1 Spring

Cryptolocker ransomware alert – 10 steps to avoid getting caught by ransomware
Practice Resource, December 2013

Making your e-communications secure – tips to make your email communications more secure (scroll to second page)
Practice Tips, Benchers' Bulletin, 2014 No. 3 Fall

Security practice tips – tips to improve the security of law firm IT systems
Practice Tips, Benchers’ Bulletin, 2014: No. 2 Summer

Tech security for lawyers – deals with a variety of security issues relating to technology, including malware
Practice Tips (p. 9), Benchers’ Bulletin, 2012: No. 1 Spring

Cloud computing due diligence guidelines and cloud computing checklist – due diligence and risk management information about the use of technology and third party data storage and processing

Law Office Administration – includes resources relating to technology and safety and security

Other resources

Cybercrime and Law Firms: The risks and dangers are real
LawPro Magazine, December 2013

The Government of Canada’s Canadian Anti-Fraud Centre’s (CAFC) website - includes resources such as the Get Cyber Safe Guide for Small and Medium Businesses

And remember section 3.3 of the Code of Professional Conduct regarding a lawyer’s obligations to keep a client’s information confidential and Law Society rules 10-4 to 10-5 regarding records and security of records. If you have questions about your professional obligations, please contact Practice Advice.


Ten simple steps you can take

Talk to your IT professional about these and other preventative measures you can take to protect your systems and your data:

  1. Create secure passwords for each account, change them regularly and never share passwords with anyone. Use two-factor authentication. A reputable password management system which includes a random password generator may assist.
  2. Properly configure a firewall between the firm’s system and the internet. Talk to your IT professional about conducting security audits.
  3. Use up-to-date antivirus and malware endpoint protection on computers, laptops and handheld devices.
  4. Backup your data – talk to your IT professional about frequency (including staggering).
  5. Use encryption to protect hard drives, laptops, removable media, and back up media. Enable remote wipe capabilities for mobile devices and laptops.
  6. Make sure all critical patches and security updates are applied as soon as possible.
  7. Actively monitor systems for suspicious activity and log and archive system events as an audit trail.
  8. Use VPN or other encrypted connection to access public wireless networks.
  9. Keep servers and equipment physically secure.
  10. Cancel access to the network when employees are terminated. Maintain abandoned domain names after law firm mergers or acquisitions.

Recent scam attempts and fraud prevention
Practice Advice (p. 11) , Benchers' Bulletin, 2019 No. 1 Spring

Phony DocuSign scam
E-Brief, September 2018

Phony email payment instructions targeting clients in the US
E-Brief, February 2017

What to do if your laptop or briefcase is stolen
Practice Resource, December 2016

Fake Law Society complaints a cyber risk to lawyers
E-Brief, December 2016

Email containing Trojan virus eludes standard security software
Notice to the Profession, August 6, 2015

BC law firm's computer system hacked by extortionist
Notice to the Profession, December 31, 2014

Incorporating a company for a new client outside of BC? Beware of a new scam
Practice Watch, Benchers' Bulletin, 2014 No. 4 Winter

Request to replace a trust cheque - eDeposit scam
E-Brief, July 2014

Beware of fraudster wanting to upgrade your point of sale terminal
E-Brief, May 2014

Fraudsters may impersonate you – search your name on-line
Practice Watch (p. 17), Benchers' Bulletin, 2013 No. 4 Winter

Ontario law firm victim of large fraud due to infection by Trojan banker virus
Notice to the Profession, December 21, 2012

Protect your money: Avoiding frauds and scam
The Canadian Securities Administrators (CSA) have put together this guide to help you recognize and avoid frauds and scams.

The Little Black Book of Scams, fake websites and lawyers (Note: link to The Little Black Book of Scams)
Practice Watch (p. 11), Benchers’ Bulletin, 2012 No. 2 Summer

Fraudster pretending he’s been hired to create a law firm’s website
Practice Watch (p. 11), Benchers’ Bulletin, 2012 No. 2 Summer

Have you received an electronic trust deposit "by mistake"?
Practice Watch (p.10), Benchers’ Bulletin, 2010 No. 3 Fall

Getting rid of your photocopier? A potential gold mine for fraudsters
Practice Watch (p. 10), Benchers’ Bulletin, 2010 No. 2 Summer

New lottery scam
Practice Watch (p. 22), Benchers’ Bulletin, 2009 No. 1 Spring

Scams to look out for
Practice Tips (p. 20), Benchers’ Bulletin, 2007 No. 2 May


Last updated: March 2019