Cyber Security Policy

London Property Lawyers Limited, is committed to working to minimise the risks posed by Cybercrime and Cyber-terrorism to our clients, third parties and the business. We are at risk because CYBER-CRIME IS NOW A COMMON OCCURANCE  and on a daily basis we:

• Hold large sums of monies
• Have multiple access points (email, phone etc.)
• Are involved in Third party interactions, and
• Clients expect speedy transactions

Further, fraudsters can hack your email and pretend to be you. For this reason, we recommend that our clients take every precaution to protect themselves including making sure that any device or system used is secure. We also recommend that passwords are changed on a regular basis and before entering into email correspondence with London Property Lawyers Limited. Please carefully check all email correspondence purporting to be from us and check that that is indeed the case. NOTE THAT OUR BANK DETAILS WILL NOT CHANGE DURING THE COURSE OF A TRANSACTION AND WE WILL NEVER CHANGE OUR BANK DETAILS VIA PHONE, EMAIL OR LETTER. FURTHER, WE WILL NEVER SEND OUR BANK DETAILS OTHER THAN THROUGH OUR SECURE CLIENT PORTAL WHERE OUR DETAILS ARE AVAILABLE.

Banking & Cyber Crime

London Property Lawyers Limited, DOES NOT ACCEPT CASH FORM CLIENTS. Where we pay money to you, it will be done by either a bank transfer or by cheque. IT WILL NOT BE PAID IN CASH OR TO A 3^RD PARTY IN ANY CIRCUMSTANCES.

If you are paying London Property Lawyers Limited, ONLY USE THE BANK DETAILS SHOWN ON OUR ONLINE PORTAL. ENSURE YOU KEEP A RECORD OF THESE BANK DETAILS AND NEVER TRANSFER FUNDS TO ANY OTHER ACCOUNT AS SUCH REQUEST COULD BE FRUADULENT.

If you want to pay over the phone using a debit or credit card then please call us on 020 7731 9855 and ask for a member of our legal or accountancy team. Please ensure your quote your transaction number and provide us with the full details on the relevant property.

Minimising the Risks of Cyber-Crime

At London Property Lawyers Limited, we will manage the risk posed by our IT system by:

• Install firewalls on our IT systems
• Keep anti-virus and anti-spyware software up-to-date
• Create a protocol for Strong passwords
• Use encryption to protect information contained in e-mails or stored on laptops or other portable devices
• Destroy old computers, backup drives, memory sticks, etc. using specialist ‘shredding’ applications or the services of a reliable contractor
• Clear out temporary internet files, cache and history files (also monitor third party cookies)
• Back-up multiple copies of our essential data

As a Business, we will prepare a ‘Response Plan’ covering the internal procedures the business (or an accountable person) must put in place following a potential cyberattack. The Response Plan will focus on protecting the interest of our clients and third parties, and to provide a contingency process to manage the business.

We must at all times take steps to ensure that our business is not unintentionally open to a cyber-attack and will develop practical safeguards to protect our clients, third parties and the business in the below areas:

• Email interception
• Ransom Ware
• Creating fake offices
• Cashier and SDLT payments
• Phone calls from banks
• Emails from practices
• Hacking of accounting systems

We must explain to clients the need to protect ourselves and them from cybercrime and make them aware of the practical steps they can take to protect themselves as per this policy document.

We will ensure that staff are given appropriate and regular training to create a culture of ‘prevention’ on two levels.

‘User’ Level Prevention Steps

Front line staff, including receptionist and administrator, case handlers, will be trained to ensure that they:

• Are certain that a phone call is from our, clients bank, or a parties bank;
• Receive a call from a ‘bank’ they should use a different phone to call the bank back and ask to speak to the firms relationship/business manager, or designated named individual;
• Never disclose passwords on phone/by email;
• Never allow a 3rd party access to systems remotely;
• Know that we will never inform clients or third parties about any change of bank details; unless in an exceptional circumstance when this will be done in writing by post.

‘Senior Personnel/Business’ Level Prevention Steps

HoLP/HoFA, directors, partners, members and owners, will ensure that the Business operates the following types of mitigation to help the business manage the technological risks associated to Cybercrime and Cyber-terrorism.

• Put in place a IT protocol to include a hierarchy of user privileges – restricted data access;
• Maintain effective and current Software support;
• Ensure the business is running with up to-date antivirus and antimalware
• Put in place strict guidance for remote working , for example not using unsecure WI-FI access available in public areas, such as train stations and coffee shops etc
• Monitoring use of inappropriate websites, social media and when necessary blocking access;
• Put in place staff guidance to manage the consequences of any breach of information security violations – including, where necessary disciplinary policy;
• Swiftly, removing access rights of staff who have left and closing redundant accounts.

As a Business, we will ensure ALL senior personnel know who to notify in the event of a Cybercrime or incident, including but not limited to:

• Action Fraud – National Fraud and Cybercrime Reporting Unit
• Our staff
• Our Clients
• ICO
• Our Professional indemnity insurer
• The relevant Banks, mortgage lenders, accountants, or parties that may have been affected.
• The CLC

As a Business, if we suspect that we have a problem with our cybersecurity, or could be the victim of cybercrime, or are simply concerned that we may have been; we will recognise that we MAY NOT be the ONLY victim and will take immediate steps to help protect our regulated community by informing the CLC.