Brave New World and Cybercrime in Conveyancing Practice

We live in a brave new world where technology drives the way we do business which has brought greater efficiency, convenience, and productivity and with it: cybercrime and resourceful cybercriminals.  Conveyancing, alike all other forms of business has also been touched by this brave new cybercrime and its criminals. It is therefore extremely essential for Conveyancers to establish strict measures to protect their clients from this brave new cybercrime and its clever little criminals.

Cybercrime encompasses various forms of attacks that target both Conveyancers and their clients.  
Some of the most common threats are:

- Malware, short for malicious software, refers to any intrusive software developed by cybercriminals (often called hackers) to steal data and damage or destroy computers and computer systems.  It is designed to disrupt, damage, or gain unauthorised access to a business’s computer systems.

- Phishing is a digital form of social engineering that uses authentic-looking (fake) e-mails to request information from users or direct them to a fake Web site that requests with the end goal of inducing the recipients to reveal personal or sensitive information, such as passwords, personal- and banking information and such.

- Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid; attempts to encrypt a business’s files, with the view of demanding a ransom before the files are released.  It is argued that although ransomware is usually aimed at individuals, it is only a matter of time before businesses are targeted as well.

Notably, cybercrime and its cybercriminals are real, it is innovative, ever evolving and very damaging to the Conveyancing practice and businesses alike and if Conveyancing Firms and its Conveyancers and supporting staff do not take extra measures to guard against and protect the Firm and its clients, they will face the consequences thereof and our Courts have already displayed this sentiment in judgment.

Cases such as Fourie v Van der Spuy and De Jongh Inc and Others highlights the risk of cybercrime to Conveyancing practice and the duty Conveyancers must employ to safeguard when transacting online.  It was held that by transacting via email without employing any measures to ensure that both Respondent and Applicant would not fall victim to fraud, knowing full well that it was prevalent in the legal profession, they acted negligently and failed to exercise the requisite skill, knowledge and diligence of an average practising attorneys, and thus failed to discharge their fiduciary duty to their client and were liable to their client for the financial loss suffered.

Alike in the case of Judith Hawarden v Edward Nathan Sonnenbergs Inc, the attorney’s trust account information was set out in an attachment and e-mailed to the client and the client’s e-mail account was hacked and the attorney’s trust account information was altered. The result was that the client paid the money into a fraudulent bank account.  At trial it was evident that the Conveyancers were aware of the risks of Business E-mail Compromise (BEC) and had failed to warn the client thereof.  The Court found that the Conveyancer’s actions were negligent, wrongful and the cause of the client’s loss. It was ordered that the Conveyancers pay for the loss and penalised them with a punitive cost order.

To mitigate the risks associated with cybercrime Conveyancing Firms must employ training to and awareness of cybercrime to their employees, adopt robust authentication mechanisms, and implement encryption protocols to protect data both in transit and at rest, ensuring that confidential information remains safeguarded from interception or tampering.  For payments establish a protocol of calling the clients and obtaining the banking information personally from the accountholder (counter confirm as the client must confirm the banking information already in possession of the Conveyancer) and encourage test payments of small amounts from clients before large sums of money is paid into their attorney’s trust accounts.

The additional care and measurements that Conveyancers must take to protect their Firms and clients from potential harm executed by cybercriminals may be inconvenient for clients, but it is imperative and in the best interest of the client.

In conclusion, failing to plan is most definitely planning to fail with potential severe consequences.  A failure to exercise the requisite standard of diligence, skill, knowledge, care and diligence will result in Conveyancers failing to discharge their fiduciary duty to their client and will result in a Conveyancer and/or its Firm being sued for negligence.

Written by: Anna Hattingh
Moderated and approved by: Clive Smith