Skip to main content

The Solicitors Regulation Authority (SRA) has urged law firms and employees to be extra vigilant of cyber attacks and phishing scams during the Covid-19 lockdown.

The advice comes amid increased reports of cyber attacks against businesses whose staff are working remotely – with no discrimination between large and small law firms.

The SRA has received specific reports about law firms being targeted. In one such example criminals attempted to create a standing order for £4,000 a month from a firm’s client account.

With huge numbers of law firm employees working from home, possibly for the first time, the regulator has published information advising firms on key cybersecurity issues. Law firms and solicitors handle sensitive information and large amounts of money, so are an attractive target for criminals.

Paul Philip, SRA Chief Executive, said:

“Cybercrime is a priority risk for the legal sector and it’s not going away during the Covid-19 pandemic.

“Criminals are always looking to take advantage and they know that security arrangements are likely to have changed as people move to home-working. Several agencies have reported a spike in cyberattacks and we are beginning to get reports from firms that have been targeted.”


The SRA’s coronavirus cyber security information includes targeted advice from the NCSC and has a useful checklist for firms to reassure themselves about eliminating risks.

The advice is part of wider support for the profession during the coronavirus lockdown that includes answers to common questions around Accounts Rules, completing proper due diligence and renewing indemnity insurance.

The NCSC has this week launched a Cyber Aware campaign to help keep workers and the public safe.

NCSC’s takedown services have already removed more than 2,000 online scams related to coronavirus in the last month, including:

  • 471 fake online shops selling fraudulent coronavirus-related items
  • 555 malware distribution sites set up to cause significant damage to any visitors
  • 200 phishing sites seeking personal information such as passwords or credit card details
  • 832 advance-fee frauds where a large sum of money is promised in return for a set-up payment

Phillip added:

“We have published information for law firms on the risks during lockdown, and I urge everyone to be particularly vigilant at this time.”


You can also read Action Fraud’s warning for small businesses based on coronavirus confusion.