Cyber Security

Cyber-crime is a growing risk to law firms of all sizes as lawyers and the legal profession increasingly become targets of cyber-criminals.

We have seen an increase in fraudulent emails purporting to be from the client sent to law firms directing funds be paid to the fraudster’s bank accounts.  The fraudster has either hacked the client or the law firm’s email accounts to find out about the transaction and send the email.  The other common attack we have seen is from infected emails, that when a staff member clicks on a link in the email it releases ransomware which locks down the firm’s computer system and a ransom is required to have it released.

While many law firms may not appreciate it, they hold information about clients that may be valuable to cyber-criminals who can on-sell client personal or transactional information once they have access to the firm’s computer system.

Having strategies and practice management processes to raise awareness of and boost a firm’s cyber-security is important in protecting the firm’s clients and reputation as well as sound claims prevention. See our Key Risk Checklist: Cyber Security and read the articles listed below. There are also links to useful websites below. 

Useful websites

Law Council of Australia – Cyber Precedent – strengthening the legal profession’s defence against online threats

Australian Cyber Security Centre

Australian Competition and Consumer Commission

Australia’s Cyber Security Strategy

Australian Attorney General’s Department | Cyber Security

Australian Government Stay Smart Online

Australian Cybercrime Online Reporting Network

12 December 2017

In Check Issue 77 | December 2017

Thorne v Kennedy on financial agreements The recent High Court case of Thorne v Kennedy [2017] HCA 49 further illustrates why family law financial agreements are fraught with risk. In that case, Kiefel CJ, Bell, Gageler, Keane and Edelman JJ held two substantially identical financial agreements voidable due to undue influence and unconscionable conduct. Nettle […]

27 September 2017

In Check Issue 76 | September 2017

Justin Toohey – new LPLC CEO LPLC is pleased to announce that Justin Toohey has been appointed as Chief Executive Officer of LPLC, effective from January 2018, following the retirement of the current CEO, Miranda Milne. Justin’s appointment follows a comprehensive recruitment process with the assistance of executive search consultants. Justin is a professional indemnity […]

28 June 2017

In Check Issue 75 | June 2017

CGT withholding regime important changes from 1 July From 1 July 2017 some CGT withholding regime requirements will change.  They are: lowering the price threshold for real property to $750,000 (currently $2M) increasing the withholding amount to 12.5 per cent (currently 10 per cent). These changes were brought in by the Treasury Laws Amendment (Foreign […]

26 April 2017

How to defend against cyber crime

Practitioners need to do more to keep the door locked. Virtually all law practices today are vulnerable to cyber attacks which have the potential to disrupt delivery of legal services and compromise the security of clients’ confidential information. All staff need to understand how cyber attacks commonly occur and firms need to implement appropriate risk […]

27 March 2017

In Check Issue 74 | March 2017

What is new on LPLC’s website? Cyber security page We have a new risk management page dedicated to cyber security issues and a rolling banner on our website home page that will take you straight to the cyber security page. Building and construction practice area page We also have a new risk management practice area […]

29 June 2017

Cyber security breach – claims caused by fake client email

It is no longer safe practice to transfer money to a client’s account based only on email instructions from your client. Always verify email instructions from a client, especially if it involves handling money, by confirming the details orally with the client. LPLC has received four notifications in the last two years, one only last […]

19 October 2016

Cyber security cautionary tale

Introduction Cyber security needs to be at the forefront of everyone’s mind, whether you are in a small firm or a large firm. The recent experience of a Victorian law firm is a good example of how easy it is to be caught out. The realistic email A principal of one of our insured firms […]

28 April 2017

Time to prepare for mandatory notification of data breaches

The Privacy Amendment (Notifiable Data Breaches) Bill 2016 (Cwlth) was passed on 13 February 2017 and will come into effect within 12 months. It amends the Privacy Act 1988 (Cwlth) (Act) by introducing a scheme for mandatory notification of data breaches. The provisions apply to public and private organisations regulated by the Act, which include […]

10 February 2017

New cyber security resource for practitioners

Cyber-crime is a growing risk to law firms of all sizes as lawyers and the legal profession increasingly become targets of cyber-criminals. In response to this threat, the Law Council of Australia recently launched its Cyber Precedent information campaign. The website contains a number of resources to help practitioners combat cyber-risk, including: a summary of […]

12 February 2016

Practitioners need to take fraud risk seriously

Scams against lawyers are becoming more and more varied and sophisticated as a recent ‘vishing’ scam in the UK shows. The term ‘vishing’ has been coined to refer to the use of voice technology, often telephones, to trick someone into revealing information.  It is a close cousin to ‘phishing’ which is the use of false […]

23 October 2015

Client identification policy protects you and your client

Since the introduction of the ARNECC identity requirements for electronic conveyancing and s.87A of the Transfer of Land Act 1958 (Vic) (TLA) for mortgagees to identify mortgagors LPLC has received a number of enquiries from practitioners asking whether they need to identify every client. The answer is yes. There has always been an obligation imposed […]

22 May 2015

Verify that email really is from your client

Verifying the email law firms receive are really from their clients is an important cyber fraud risk managing strategy, especially as cyber-crime in its various guises is becoming more prevalent and sophisticated. In a recent New Zealand incident a lawyer received instructions from a client’s email account that had been hacked. The practitioner, who was […]

27 June 2016

Key Risk Checklist: Cyber Security

It is essential that firms take steps to prevent cyber-crime as practitioners are increasingly at risk of cyber-attacks. This is a list of the things firms need to do to at least lock the door on cyber-crime. Cyber Security ☐  Always authenticate email instructions that involve sending money by speaking to the client in person […]

6 October 2017

Risk video bite – Cyber security

Presenter: Matthew Rose, Risk Manager, LPLC