Cyber Security

Cyber-crime is a growing risk to law firms of all sizes as lawyers and the legal profession increasingly become targets of cyber-criminals.

We have seen an increase in fraudulent emails purporting to be from the client sent to law firms directing funds be paid to the fraudster’s bank accounts.  The fraudster has either hacked the client or the law firm’s email accounts to find out about the transaction and send the email.  The other common attack we have seen is from infected emails, that when a staff member clicks on a link in the email it releases ransomware which locks down the firm’s computer system and a ransom is required to have it released.

While many law firms may not appreciate it, they hold information about clients that may be valuable to cyber-criminals who can on-sell client personal or transactional information once they have access to the firm’s computer system.

Having strategies and practice management processes to raise awareness of and boost a firm’s cyber-security is important in protecting the firm’s clients and reputation as well as sound claims prevention. See our Key Risk Checklist: Cyber Security and read the articles listed below. There are also links to useful websites below. 

Useful websites

Law Council of Australia – Cyber Precedent – strengthening the legal profession’s defence against online threats

Australian Cyber Security Centre

Australian Competition and Consumer Commission

Australia’s Cyber Security Strategy

Australian Attorney General’s Department | Cyber Security

Australian Government Stay Smart Online

Australian Cybercrime Online Reporting Network

IDCARE – National Identity and Cyber Support

The Law Institute of Victoria has published two fact sheets – Cyber security for law firms and Cyber security for the individual.

28 June 2018

In Check Issue 79 | June 2018

Download PDF New requirements for some purchasers to withhold GST – 1 July 2018 From 1 July 2018 purchasers of certain new residential premises and potential residential land will be required to withhold the goods and services tax (GST) and pay it to the Australian Tax Office (ATO). Vendors of residential premises or potential residential […]

27 March 2018

In Check Issue 78 | March 2018

Cyber fraud – it can happen to you No firm is immune from cyber-criminals and their fake emails. We are seeing an increase in attempts to steal money by hackers masquerading as either the client or the lawyer in fake emails. Below is a summary of two of our recent notifications. The law firm duped […]

12 December 2017

In Check Issue 77 | December 2017

Thorne v Kennedy on financial agreements The recent High Court case of Thorne v Kennedy [2017] HCA 49 further illustrates why family law financial agreements are fraught with risk. In that case, Kiefel CJ, Bell, Gageler, Keane and Edelman JJ held two substantially identical financial agreements voidable due to undue influence and unconscionable conduct. Nettle […]

27 September 2017

In Check Issue 76 | September 2017

Justin Toohey – new LPLC CEO LPLC is pleased to announce that Justin Toohey has been appointed as Chief Executive Officer of LPLC, effective from January 2018, following the retirement of the current CEO, Miranda Milne. Justin’s appointment follows a comprehensive recruitment process with the assistance of executive search consultants. Justin is a professional indemnity […]

28 June 2017

In Check Issue 75 | June 2017

CGT withholding regime important changes from 1 July From 1 July 2017 some CGT withholding regime requirements will change.  They are: lowering the price threshold for real property to $750,000 (currently $2M) increasing the withholding amount to 12.5 per cent (currently 10 per cent). These changes were brought in by the Treasury Laws Amendment (Foreign […]

25 June 2018

Security warning for PEXA users

Recent news reports and emails from PEXA have described a fraud involving the PEXA workspace. Any users of the PEXA workspace need to read this bulletin for tips on how to avoid this happening to them. The fraudster appears to have gained access to a subscriber’s email account and intercepted a change of password email […]

29 June 2017

Cyber security breach – claims caused by fake client email

It is no longer safe practice to transfer money to a client’s account based only on email instructions from your client. Always verify email instructions from a client, especially if it involves handling money, by confirming the details orally with the client. LPLC has received four notifications in the last two years, one only last […]

19 October 2016

Cyber security cautionary tale

Introduction Cyber security needs to be at the forefront of everyone’s mind, whether you are in a small firm or a large firm. The recent experience of a Victorian law firm is a good example of how easy it is to be caught out. The realistic email A principal of one of our insured firms […]

9 March 2018

Warn clients to verify emails containing payment details

Could your clients be receiving fake emails from you? Much has been written recently about the need to speak to clients to authenticate email instructions about transferring money to client accounts. But if the client receives a fake email from your firm directing them to pay money into a bank account of the fraudster, will […]

28 April 2017

Time to prepare for mandatory notification of data breaches

The Privacy Amendment (Notifiable Data Breaches) Bill 2016 (Cwlth) was passed on 13 February 2017 and will come into effect within 12 months. It amends the Privacy Act 1988 (Cwlth) (Act) by introducing a scheme for mandatory notification of data breaches. The provisions apply to public and private organisations regulated by the Act, which include […]

10 February 2017

New cyber security resource for practitioners

Cyber-crime is a growing risk to law firms of all sizes as lawyers and the legal profession increasingly become targets of cyber-criminals. In response to this threat, the Law Council of Australia recently launched its Cyber Precedent information campaign. The website contains a number of resources to help practitioners combat cyber-risk, including: a summary of […]

12 February 2016

Practitioners need to take fraud risk seriously

Scams against lawyers are becoming more and more varied and sophisticated as a recent ‘vishing’ scam in the UK shows. The term ‘vishing’ has been coined to refer to the use of voice technology, often telephones, to trick someone into revealing information.  It is a close cousin to ‘phishing’ which is the use of false […]

23 October 2015

Client identification policy protects you and your client

Since the introduction of the ARNECC identity requirements for electronic conveyancing and s.87A of the Transfer of Land Act 1958 (Vic) (TLA) for mortgagees to identify mortgagors LPLC has received a number of enquiries from practitioners asking whether they need to identify every client. The answer is yes. There has always been an obligation imposed […]

27 June 2016

Key Risk Checklist: Cyber Security

It is essential that firms take steps to prevent cyber-crime as practitioners are increasingly at risk of cyber-attacks. This is a list of the things firms need to do to at least lock the door on cyber-crime. Cyber security ☐  Always authenticate email instructions that involve sending money by speaking to the client in person […]

6 October 2017

Risk video bite – Cyber security

Presenter: Matthew Rose, Risk Manager, LPLC

10 April 2018

Cyber fraud – five steps to protect yourself

Cyber thieves are clever. They target lawyers because we direct transfers of money and they want to steal it. DON’T FALL FOR IT! Be suspicious of email instructions. Cyber fraudsters will get in any way they can. Make sure it’s not through you. Five steps to protect yourself. Identify – Don’t accept email requests on […]

5 February 2018

Cyber security – how to protect yourself | Client brochure

Our firm has proactive steps in place to protect you and your information from cyber-attack. We also need you to take some precautionary steps to ensure the security of your information. What we will do Tell you at the start of a matter what our payment details are and not change those details unless we […]