Protecting clients from insider attacks on trust accounts

Law firms are no exception to the trend towards computerized information infrastructures, particularly because the very nature of their business is collecting and storing highly confidential client data. One area of activity which has come under intense security is the integrity of trust accounts. There have been many incidents of trust account fraud reported internationally, including a case in Australia, where a employee of a law firm stole $4,500,000 from the trust funds of forty-two clients. Trust account fraud is also widely associated with money laundering, a growing major crime involving financial transactions that enable unlawful activity to be disguised.Our study involved interviewing principles of ten law companies to find out solicitors’ attitudes to computer security and the possibility of breaches of their trust accounts. We simultaneously carried out a survey to see if the trends identified in our case studies could be backed up with broader quantitative data. An overall finding highlights the fact that law firms were not current with technology to combat computer crime. However, from a human perspective, more urgent issues were discovered such as lack of monitoring of computer systems and inadequate access control. Our conclusions revealed the urgent need for law firms to adopt security controls, implement information security policies and procedures and obtain cooperation from management to communicate these policies to staff.