That’s right. AML is not only frustrating to many of us, but it has also created cyber-risks.
The irony isn’t lost on us.
We’re honoured to support a large number of NZ law firms as clients, and it is a responsibility we take very seriously.
Law firms handle such a mix of highly confidential data that they are a particular target for ransomware attacks.
In this case, one of the firms needed a photo of a driver’s license from one of their clients. Understandably, the client simply took a photo and emailed it back. Imagine their surprise when, just two days later, they discover a new ‘AfterPay’ account set up in their name, created using their driver’s license information. A careful review of the law firm’s logs and security settings determined that the information wasn’t leaked from there, and it is pretty clear it was their client that was compromised.
That could have been their email, but more likely it was simply that their phone was automatically synchronising their photos to somewhere online – for example, it might be a third party photo library app service. For example, most of us sync our photos to Google, Apple or Microsoft and these are fairly secure, but then we grant third-party access to these for some reason, and that creates a weakness.
Alternative risk vectors include malware on the phone, or a family sharing account that has been compromised somehow..
I think many of us have used photos of identity documents for all sorts of things, from Travel Declarations to banking. What we need to do is find a way to ensure our personal devices aren’t letting us down.
Risks like this exist in every organisation. They won’t be exactly the same, but every organisation still needs to stop and think about how people interact and where the vulnerabilities rest. This particular risk is easily resolved with specialised apps, or even creating a solution within Microsoft 365 and we’ll be reaching out to help every law firm mitigate it. The challenge is there are always risks and we have to work together to eliminate them.