Ask the Underwriter: What can I do to protect my firm from wire fraud?

Wiring instructions should always cause you to slow down and focus. This month Ben points out how you can protect yourself from wire fraud.

Wire fraud continues to be an ever-present and growing threat to law firms, and not just real estate practices.  It is a threat across all practice areas, from settlements and trust disbursements to business transactions and estate distributions.  And this is not only a concern for Big Law.  Cybercriminals are targeting firms of every size, and the consequences can be catastrophic.

But firms are not powerless against the threat of wire fraud.  One of the simplest and most effective defenses is also one of the most overlooked: out-of-band communication.  

What is Out-of-Band Communication and Why Does It Matter?

Out-of-band communication means verifying sensitive information - like wiring instructions - outside of the email thread where that information was originally received.  It could be a phone call to a known number, a face-to-face conversation, or communication through a secure client portal.  Whatever method you choose, the extra step will help you determine if the instructions are legitimate, will help prevent fraudulent transactions, and loss of firm or client funds.  

We strongly encourage our insureds to independently verify the authenticity of every wiring instruction, in the first instance, and verify any changes to existing instructions.  Keep in mind that cyber liability policies often require proof that you independently verified the authenticity of the wiring instructions before you transferred the money in order to cover your cyber fraud claim.

What are Some Best Practices for My Firm?

• Adopt a Firm-Wide Policy.  Require out-of-band verification for any financial transaction involving wire transfers, client and third-party funds held in trust, or disbursement of settlements proceeds. 

• Train Staff and Clients.  Make sure your team and your clients understand that email is not secure for wiring instructions.  Impress upon them that wire details will never be changed by email alone.  

• Use Verified Channels.  Confirm any financial instructions using a verified phone number or secure platform, not the number in the email signature or message thread.

• Keep a Verification Record.  Document when and how wire instructions were confirmed.  This is not only good risk management, but it can also help you in the event a claim or bar complaint is filed against the firm. 

Incorporating out-of-band verification into your firm’s processes and procedures may take some adjustment for your staff; however, this small step can generate significant protections for your firm.  Making it part of your firm’s standard practice may help ensure that you never have to tell a client or lender, “The money is gone.”