This is a revised version of an article which was first published in May 2021 in Property Now.

Professional obligations have always evolved to meet contemporary needs. For property professionals including lawyers, conveyancers and real estate agents, a transformation in the way that business is conducted means that managing cyber risk is now a key business and professional risk. Here are eight reasons why.

1. For many years protecting clients against fraud has been part of practitioners’ duty of care

Legal protections to ensure the integrity of property transactions exist through a range of measures including the witnessing of important legal documents, the use of powers of attorney to protect vulnerable owners, and rules requiring verification of identity procedures for persons in land dealings. Measures designed to prevent electronic funds transfer frauds and to protect the integrity of e-conveyancing continue this theme by adapting business practice to contemporary needs.

2. A combination of three significant changes have led to an increase in funds transfer frauds

First, changed payment procedures from cheques to electronic fund transfers have seen the liability of banks for payments made into the wrong bank account replaced by an apparent onus on the person paying the money to confirm the accuracy of bank account details.

Second, widespread use of the internet has enabled scammers to collect information about others, including breached passwords and identity details, to access online accounts that do not have sufficient security protections and to spread malicious software indiscriminately.

Third, email is now the preferred means of business communication, despite its shortcomings in security and the ease with which people can be impersonated using spoofed email addresses. While these factors apply throughout the business world, property practitioners’ and their clients are particularly exposed because of the value of property transactions.

3.  If cybercrime were measured as a country, it would be the third biggest economy in the world*

Cybercrime is not a niche risk that applies only to some sectors of the economy. According to Cyber Security Ventures*, cybercrime will lead to the biggest transfer of wealth in human history, is increasing at a rate of 15% per annum and by the end of this year will exceed the value of the illicit drugs trade for all major drugs combined. According to another study, the direct costs associated with cybersecurity incidents now cost Australian businesses $29 billion annually.

4. The value of real property makes property transactions rich targets for cyber criminals

In the 2020 December quarter, Australia's national average price for a house was $852,940. Many property transactions are managed by small businesses without significant technical support and clients, who may only be involved in one or two such transactions in their lifetime, can be unaware of the risks unless they have been proactively advised about them by their property practitioner.

5. Professional bodies have issued repeated warnings about payment redirection fraud

For several years, lawyers’ and conveyancers’ professional associations and insurers have issued warnings about the risk of email-enabled funds transfer fraud making it difficult to argue this risk is not foreseeable.

6. Actions for breach of trust can be difficult to defend where payments have been made in error, and are generally not covered by limited liability schemes

This means that if money has been paid out of trust in error, your financial exposure could be very significant on a large transaction.

7. Legal and professional duties result in additional obligations

Unlike other many other business owners, lawyers, conveyancers and real estate agents are all subject to duties of confidentiality and fiduciary obligations which makes the implications of any breaches more onerous.

8. Since April 2021, the Model Participation Rules issued by ARNECC, the Australian Registrars' National Electronic Conveyancing Council, have required that that all users of an Electronic Lodgement Network complete cybersecurity awareness training.

The good news is that some simple steps will help protect businesses and their clients. Using business quality email, anti-virus and anti-phishing software, replacing unsupported software, and implementing multi-factor authentication and strong password policies will go a long way to protecting your business.

Lastly, educating all your staff, particularly about social engineering techniques designed to manipulate their natural tendency to trust is essential, as many email scams do not involve any computer intrusion and more than 90% of cyberattacks start with an email.