Cyber security

The LPLC continues to see an increase in the sophistication of cybercriminals' tactics to infiltrate computer systems and steal money from lawyers and their clients. As these threats evolve, it is important that law firms continually reassess their cybersecurity measures and adopt a proactive, multi-layered defence strategy.

One of the best defences against social engineering and email compromise is training and awareness for all employees at your firm. Regular training helps staff stay informed about the latest cyber fraud tactics, particularly as cybercriminals grow more sophisticated, especially with the use of Artificial Intelligence tools.

Firms that implement and practice a Cybersecurity Incident Response Plan are better positioned to mitigate the effects of a cyber-attack.

In recent months there has been a steady rise in cyber fraud incidents notified to LPLC by law firms, including by many small firms and sole practitioners.

Text messages and instant messaging applications such as WhatsApp and WeChat are used by some practitioners to communicate with their clients. While messaging can be a convenient and efficient communication tool, its use gives rise to a number of challenges and risks for law firms including record retention, data security and confidentiality.

Law firms using text messages and messaging apps need to be alert to and manage these risks by implementing clear processes and procedures governing how, when and in what circumstances they are to be used and how messages are to be preserved and retained.

Scam emails get harder and harder to spot as cyber criminals get more sophisticated in their approach. The Australian Cyber Security Centre has information and guidance on identifying socially engineered messages that are delivered by email, SMS or other direct messaging services.

Not using MFA on your online business systems is like leaving the front door to your home unlocked, open and unattended.

Many practitioners who’ve experienced cyber fraud tell us that they never thought their firm would be a target. However, the reality is that all firms and practitioners are the potential focus of cyber criminals and increasingly larger sums of money are being stolen and the recovery of those funds more and more unlikely.

This article presents a case study of a real-life cyber incident in which $110,000 was stolen from a Victorian law firm’s trust account, despite multi-factor authentication being implemented to access online banking and to transact from the account.

This article, produced for Australian Cyber Week 2020, covers the basics of multi-factor authentication and why it should be implemented in every Australian law firm.

From midnight Wednesday 5 August 2020, most law firms in the Melbourne metropolitan area will be required to close their office and work remotely in accordance with Stage 4 COVID-19 restrictions. This article outlines the key actions you should take now to ensure commitments are met and any employees effectively supervised during this period.

Lawyers retained in transactional matters involving the electronic movement of client funds are continuing to be targeted by cybercriminals through compromised email accounts and fraudulently sent or altered emails.

The COVID-19 pandemic has caused major disruptions to our usual approach to both work and life. The stress of juggling commitments and adapting to new working arrangements means added risk as we find ourselves more distracted than usual. Although these distractions may be unavoidable during a pandemic, there are a few critical issues to keep in mind that will help you to work safely.

LPLC has developed a Cyber Security Guide covering five key areas to help time-poor and information-overloaded lawyers understand the risks and act to make their practice safer.

This cyber claim case study looks at a deceased estate matter that fell prey to cyberfraud due to a compromised client email. This case illustrates that law firms are susceptible to the risk of receiving bogus email instructions from apparently legitimate email accounts which have been infiltrated and monitored by cybercriminals.

How would you respond if your firm came under attack from cyber criminals? A cyber action plan can save you trouble if the worst should happen. This article covers the story of a recent cyber-attack on a small firm and how the experience changed their approach to cyber security.

Cyber-attacks are on the rise in the legal profession and all sized firms are at risk. We have been notified of several instances of spam attacks, phishing emails and ransom attacks on law firms in the past six months.

Cyber-crime is a growing threat to legal practitioners and their clients. Although no-one is ever immune, there are tools you can use to help protect your data. Multi-factor authentication is readily available, easy to set up and gives you an extra layer of security.

Just as you need to protect your firm against scam emails directing payment of trust money to cyber criminals, you need to be proactive in warning clients they might be targeted with fake emails from your firm.

Does your firm have effective policies for maintaining the security of digital certificates? Are digital certificates being shared within your firm? Below are some of the risks and consequences and what you should do about it.

This article looks at common types of social engineering used by cyber fraudsters.

The following article discusses security concerns in relation to receiving payment instructions via email.

Did you know that LPLC has published a checklist of policies for law firms? Policy number 20 is about providing client documents to the client or another firm.