Email fraud is once again making headlines in the conveyancing news outlets. It is a persistent problem for the conveyancing industry and one fraudsters are very keen to exploit due to the large sums of money being transferred.
The risk of not having good data security practices at your conveyancing firm is therefore of utmost importance.
One of the most serious risks is the possibility of your firm's email account being compromised, which would provide the fraudster with plenty of opportunities to exploit.
These days emails are often tied to a number of other accounts, which if you have access to the email account you can utilise ‘reset password’ functionality to further cause havoc.
To help avoid and manage that risk here are five tips to avoid your email account being compromised;
1. Use complex passwords
Poor strength passwords leave you vulnerable to people being able to access your account and committing fraud.
According to this article by the BBC, pet names seem to be popular when choosing passwords, easy to remember but unfortunately, they leave a lot to be desired when it comes to security.
A strong password should make it as hard as possible for a fraudster to guess your password. It should not be something personally tied to you, such as your pet’s name as it might be easy to find that information out for example via social media.
Secure passwords should;
- Contain a combination of text, numbers, and special characters
- Not be too short
- Use both capital and lowercase characters, and not in the expected places
Doing all this while keeping it memorable might be a challenge especially as you should not reuse your passwords on other sites, as if one site gets hacked they can access all your other ones. Luckily there is help for this, see recommendation 2.
2. Use a password manager
A password manager allows you to have a unique password for every service you use, without having to remember each one yourself. Instead, you have one master key password which allows you to access the others. You might already have experience of password managers as many mobile phones these days function as one, for example using Apple’s FaceId to auto-fill in your login details.
Most password managers make it easy to stay safe, they can suggest strong and complex passwords for you when you update or sign up for a new service making sure you apply recommendation 1.
Good solutions also allow you to autocomplete login forms for you, making them simpler to use than not using them.
By utilising a password manager you can rest easy that even if one site is compromised all your other accounts remain safe.
3. Use two-step authentication
At InTouch, we have had two-step authentication, also known as two-factor authentication, in place for years, but it is quickly becoming more and more widespread due to its security benefits.
Two-step authentication asks you to enter a one-time passcode when logging in, with the code being sent to your mobile or another separate device.
This increases security substantially as it is less likely that two devices will have been compromised. It also has the added benefit of alerting the account holder if anyone tries to log in to their account, meaning they can take preventative action.
Tip - Some services require you to activate two-step authentication manually, check if this is an option to secure your account.
4. Activate new device notifications
You have surely come across the emails you get when you log in to a service from a new device. They generally state that a login has happened and that if this wasn’t you prompt you to take action to avoid any harm to be made.
These just like the one-time passwords are useful in detecting when people access or attempt to access your account.
5. Change passwords regularly
Changing passwords frequently can be annoying, and if you are like me often leads to you having to reset your passwords again as you just can’t remember what your new password is for less frequently used services.
It might be a big ask to change your password on all your services frequently. But to make the task more palpable you can take a risk-based approach, changing passwords more frequently for services where the risk is higher. E.g. email accounts, banking, etc.
Luckily with tip number two getting a password manager, makes it a lot simpler as you don’t have to remember or come up with strong passwords yourself.
The above tips are focused on keeping your staff's accounts safe, but this is only one element of the risk. A lot of fraud happens on the customer's side and it is therefore important that we as an industry educate clients about the risks involved.
Remember to stay vigilant, double-check details, and proactively communicate with your stakeholders.