Cyber-crime is a growing risk to law firms of all sizes as lawyers and the legal profession are increasingly becoming targets of cyber-criminals.

We have seen an increase in fraudulent emails purporting to be from the client sent to law firms directing funds be paid to the fraudster’s bank accounts.  The fraudster has hacked the client or the law firm’s email accounts to find out about the transaction and send the email.  The other common attack we have seen is from infected emails, that when a staff member clicks on a link in the email it releases ransomware which locks down the firm’s computer system and a ransom is required to have it released.

While many law firms may not appreciate it, they hold information about clients that may be valuable to cyber-criminals who can on-sell client personal or transactional information once they have access to the firm’s computer system.

Having strategies and practice management processes to raise awareness of and boost a firm’s cyber-security is important in protecting the firm’s clients and reputation as well as sound claims prevention. 

Cyber Security Guide for Lawyers

A practical guide to help lawyers be cybersafe. Includes 5 key checklists and useful links.

Cyber security poster

Download other popular resources:

Transferring money? Use our ‘Call before you pay’ banner in your email signature block and help us increase awareness of cyber-safety.

Latest Cyber Issues 2019 RMI – D.Smith

Useful websites

Law Council of Australia – Cyber Precedent – strengthening the legal profession’s defence against online threats

Australian Cyber Security Centre

Australian Competition and Consumer Commission

Australia’s Cyber Security Strategy

Australian Attorney General’s Department | Cyber Security

Australian Government Stay Smart Online

Australian Cybercrime Online Reporting Network

IDCARE – National Identity and Cyber Support

The Law Institute of Victoria has published two fact sheets – Cyber security for law firms and Cyber security for the individual.

1 October 2018

In Check Issue 80 | September 2018

Table of contentsConveyancing claims in 2017-18New conveyancing initiativesElectronic conveyancing deadline – 1 October 2018Sunset provisions in residential off the plan contractsGST Withholding provisionsSmall business definition now $450,000Risk management seminarsWhat’s new on LPLC’s websiteChanging your email address? Conveyancing claims in 2017-18 Conveyancing claims accounted for over 30 per cent of the cost of claims in the […]

28 June 2018

In Check Issue 79 | June 2018

New requirements for some purchasers to withhold GST – 1 July 2018 From 1 July 2018 purchasers of certain new residential premises and potential residential land will be required to withhold the goods and services tax (GST) and pay it to the Australian Tax Office (ATO). Vendors of residential premises or potential residential land must […]

27 March 2018

In Check Issue 78 | March 2018

Cyber fraud – it can happen to you No firm is immune from cyber-criminals and their fake emails. We are seeing an increase in attempts to steal money by hackers masquerading as either the client or the lawyer in fake emails. Below is a summary of two of our recent notifications. The law firm duped […]

12 December 2017

In Check Issue 77 | December 2017

Thorne v Kennedy on financial agreements The recent High Court case of Thorne v Kennedy [2017] HCA 49 further illustrates why family law financial agreements are fraught with risk. In that case, Kiefel CJ, Bell, Gageler, Keane and Edelman JJ held two substantially identical financial agreements voidable due to undue influence and unconscionable conduct. Nettle […]

27 September 2017

In Check Issue 76 | September 2017

Table of contentsJustin Toohey – new LPLC CEOPEXA newsChanges to the Administration and Probate Act 1958 (Vic)Powers of attorney amendmentsEnergy efficiency disclosure threshold changesLPLC goes socialRisk Management SeminarsWhat’s new on LPLC websiteChanging your email address? Justin Toohey – new LPLC CEO LPLC is pleased to announce that Justin Toohey has been appointed as Chief Executive […]

25 September 2018

PEXA, email, electronic funds transfers and cyber-crime

Table of contentsPEXA, email, electronic funds transfers and cyber-crimeThe risk of EFT-fraud for lawyers is human error, not ITVerify all email instructions for the transfer of fundsAlways double-check bank account details before sign-offPEXA residential seller’s guaranteeWhat the PEXA residential seller guarantee coversThree-day time limit for seller to apply for guaranteeWhat to do if EFT fraud […]

25 June 2018

Security warning for PEXA users

Recent news reports and emails from PEXA have described a fraud involving the PEXA workspace. Any users of the PEXA workspace need to read this bulletin for tips on how to avoid this happening to them. The fraudster appears to have gained access to a subscriber’s email account and intercepted a change of password email […]

29 June 2017

Cyber security breach – claims caused by fake client email

It is no longer safe practice to transfer money to a client’s account based only on email instructions from your client. Always verify email instructions from a client, especially if it involves handling money, by confirming the details orally with the client. LPLC has received four notifications in the last two years, one only last […]

19 October 2016

Cyber security cautionary tale

Table of contentsIntroductionThe realistic emailHijacking his emailLessons Introduction Cyber security needs to be at the forefront of everyone’s mind, whether you are in a small firm or a large firm. The recent experience of a Victorian law firm is a good example of how easy it is to be caught out. The realistic email A […]

30 November 2018

Retainer going nowhere? Don’t let it drift!

What steps should you take to ensure your potential new client provides complete instructions? What if the proposed work is complicated by the involvement of an intermediary purporting to have the client’s authority, such as a spouse, child, relative, friend or another advisor? It is risky to just let the matter drift without proactively managing […]

16 November 2018

When seven years isn’t long enough

How long should you keep your file after a matter has concluded? Some practitioners routinely destroy files seven years after closure with client authorisation. In some instances experience tells us you should keep files for longer, especially where a cause of action can accrue more than six years after the retainer has ended. Retaining files […]

26 October 2018

Fraudsters: don’t let them in!

If a complete stranger appeared at your door and invited themselves into your home, would you let them in? Probably not. Then why do so many people open the door to cyber-criminals on their computers? A common misconception is that most cyber-crimes involve hacking: the use of computer technologies to gain access to computers and […]

19 October 2018

Be sure before disbursing trust money

When acting as stakeholder, you need to check that any conditions for disbursing the money have been strictly met and keep appropriate documentary evidence. In one claim, a practitioner acted for a company that was to be nominated by an affiliate as the purchaser of a property for development. The client needed to raise capital […]

14 September 2018

Email instructions in relation to payment of a bank cheque – what would you do?

You are handling a property settlement for a vendor and receive a bank cheque at settlement made payable to the client for the net proceeds of sale. You send an email to the client confirming settlement and advising that you are holding a bank cheque for the client. You receive an email reply asking you […]

23 August 2018

Key Risk Checklist: Cyber Security

It is essential that firms take steps to prevent cyber-crime as practitioners are increasingly at risk of cyber-attacks. This is a list of the things firms need to do to at least lock the door on cyber-crime. Cyber security ☐  Always authenticate email instructions that involve sending money by speaking to the client in person […]

7 June 2019

Risk video bite – Adequate security or loans

Presenter: Matthew Rose, LPLC Risk Manager

2 May 2019

Risk video bite – Attention to detail in wills and estates

Presenter: Heather Hibberd, LPLC Chief Risk Manager

5 April 2019

Risk video bite – Systems save claims

Presenter: Stephen Bubb, LPLC Risk Manager

1 March 2019

Risk video bite – Buying or selling a small business

Presenter: Matthew Rose, LPLC Risk Manager

7 December 2018

Risk video bite – Define what you do

Presenter: Stephen Bubb, LPLC Risk Manager

10 April 2018

Cyber fraud – five steps to protect yourself

Table of contentsCyber thieves are clever. They target lawyers because we direct transfers of money and they want to steal it.DON’T FALL FOR IT!Five steps to protect yourself.Download the poster below. Please put it up in your office kitchen to make sure everyone in the team knows what to do.It can happen to youFor more information about […]

5 February 2018

Cyber security – how to protect yourself | Client brochure

Table of contentsOur firm has proactive steps in place to protect you and your information from cyber-attack. We also need you to take some precautionary steps to ensure the security of your information.What we will doWhat we recommend you do Our firm has proactive steps in place to protect you and your information from cyber-attack. […]