risk-management.php

Cyber Security

Cyber-crime is a growing risk to law firms of all sizes as lawyers and the legal profession increasingly become targets of cyber-criminals.

We have seen an increase in fraudulent emails purporting to be from the client sent to law firms directing funds be paid to the fraudster’s bank accounts.  The fraudster has either hacked the client or the law firm’s email accounts to find out about the transaction and send the email.  The other common attack we have seen is from infected emails, that when a staff member clicks on a link in the email it releases ransomware which locks down the firm’s computer system and a ransom is required to have it released.

While many law firms may not appreciate it, they hold information about clients that may be valuable to cyber-criminals who can on-sell client personal or transactional information once they have access to the firm’s computer system.

Having strategies and practice management processes to raise awareness of and boost a firm’s cyber-security is important in protecting the firm’s clients and reputation as well as sound claims prevention. See our Key Risk Checklist: Cyber Security and read the articles listed below. There are also links to useful websites below. 


Useful websites

Law Council of Australia – Cyber Precedent – strengthening the legal profession’s defence against online threats

Australian Cyber Security Centre

Australian Competition and Consumer Commission

Australia’s Cyber Security Strategy

Australian Attorney General’s Department | Cyber Security


28 June 2017

In Check Issue 75 | June 2017

Cyber security – focus your attention We have just emailed a cyber security bulletin to practitioners letting them know about a recent claim where a firm received a fake client email directing the firm to send client money to fraudster’s bank accounts. Every staff member needs to read the bulletin, Cyber security checklist and other […]

More
26 April 2017

How to defend against cyber crime

Practitioners need to do more to keep the door locked. Virtually all law practices today are vulnerable to cyber attacks which have the potential to disrupt delivery of legal services and compromise the security of clients’ confidential information. All staff need to understand how cyber attacks commonly occur and firms need to implement appropriate risk […]

More
27 March 2017

In Check Issue 74 | March 2017

What is new on LPLC’s website? Cyber security page We have a new risk management page dedicated to cyber security issues and a rolling banner on our website home page that will take you straight to the cyber security page. Building and construction practice area page We also have a new risk management practice area […]

More
7 December 2016

In Check Issue 73 | December 2016

Cyber risk awareness for lawyers and clients We regularly hear stories from law firms about cyber risk issues they are experiencing and to assist in managing this ever increasing, more sophisticated and ongoing threat we recently published a bulletin and checklist on the subject. The bulletin explains how easy it is to be caught out […]

More
31 March 2016

In Check Issue 70 | March 2016

Cyber-crime – how alert are you? Lawyers and the legal profession are increasingly becoming targets of cyber-crime and while many law firms may not appreciate it, they hold information about clients that may be valuable to cyber-criminals. The cyber-criminals can on-sell client personal or transactional information. They can also lock down a firm’s information and […]

More
19 October 2016

Cyber security cautionary tale

Introduction Cyber security needs to be at the forefront of everyone’s mind, whether you are in a small firm or a large firm. The recent experience of a Victorian law firm is a good example of how easy it is to be caught out. The realistic email A principal of one of our insured firms […]

More
28 April 2017

Time to prepare for mandatory notification of data breaches

The Privacy Amendment (Notifiable Data Breaches) Bill 2016 (Cwlth) was passed on 13 February 2017 and will come into effect within 12 months. It amends the Privacy Act 1988 (Cwlth) (Act) by introducing a scheme for mandatory notification of data breaches. The provisions apply to public and private organisations regulated by the Act, which include […]

More
10 February 2017

New cyber security resource for practitioners

Cyber-crime is a growing risk to law firms of all sizes as lawyers and the legal profession increasingly become targets of cyber-criminals. In response to this threat, the Law Council of Australia recently launched its Cyber Precedent information campaign. The website contains a number of resources to help practitioners combat cyber-risk, including: a summary of […]

More
12 February 2016

Practitioners need to take fraud risk seriously

Scams against lawyers are becoming more and more varied and sophisticated as a recent ‘vishing’ scam in the UK shows. The term ‘vishing’ has been coined to refer to the use of voice technology, often telephones, to trick someone into revealing information.  It is a close cousin to ‘phishing’ which is the use of false […]

More
23 October 2015

Client identification policy protects you and your client

Since the introduction of the ARNECC identity requirements for electronic conveyancing and s.87A of the Transfer of Land Act 1958 (Vic) (TLA) for mortgagees to identify mortgagors LPLC has received a number of enquiries from practitioners asking whether they need to identify every client. The answer is yes. There has always been an obligation imposed […]

More
22 May 2015

Verify that email really is from your client

Verifying the email law firms receive are really from their clients is an important cyber fraud risk managing strategy, especially as cyber-crime in its various guises is becoming more prevalent and sophisticated. In a recent New Zealand incident a lawyer received instructions from a client’s email account that had been hacked. The practitioner, who was […]

More
27 June 2016

Key Risk Checklist: Cyber Security

It is essential that firms take steps to prevent cyber-crime as practitioners are increasingly at risk of cyber-attacks. This is a list of the things firms need to do to at least lock the door on cyber-crime. Cyber Security ☐  Always authenticate email instructions that involve sending money by speaking to the client in person […]

More