risk-management.php

Cyber Security

Cyber-crime is a growing risk to law firms of all sizes as lawyers and the legal profession increasingly become targets of cyber-criminals.

We have seen an increase in fraudulent emails purporting to be from the client sent to law firms directing funds be paid to the fraudster’s bank accounts.  The fraudster has either hacked the client or the law firm’s email accounts to find out about the transaction and send the email.  The other common attack we have seen is from infected emails, that when a staff member clicks on a link in the email it releases ransomware which locks down the firm’s computer system and a ransom is required to have it released.

While many law firms may not appreciate it, they hold information about clients that may be valuable to cyber-criminals who can on-sell client personal or transactional information once they have access to the firm’s computer system.

Having strategies and practice management processes to raise awareness of and boost a firm’s cyber-security is important in protecting the firm’s clients and reputation as well as sound claims prevention. See our Key Risk Checklist: Cyber Security and read the articles listed below. There are also links to useful websites below. 


Useful websites

Law Council of Australia – Cyber Precedent – strengthening the legal profession’s defence against online threats

Australian Cyber Security Centre

Australian Competition and Consumer Commission

Australia’s Cyber Security Strategy

Australian Attorney General’s Department | Cyber Security

Australian Government Stay Smart Online

Australian Cybercrime Online Reporting Network

IDCARE – National Identity and Cyber Support


The Law Institute of Victoria has published two fact sheets – Cyber security for law firms and Cyber security for the individual.


1 October 2018

In Check Issue 80 | September 2018

Conveyancing claims in 2017-18 Conveyancing claims accounted for over 30 per cent of the cost of claims in the last policy year costing an estimated $11.9m. They have consistently been in the top two areas of claims by both number and cost for many years. The mistakes often stem from practitioners not knowing or keeping […]

More
28 June 2018

In Check Issue 79 | June 2018

New requirements for some purchasers to withhold GST – 1 July 2018 From 1 July 2018 purchasers of certain new residential premises and potential residential land will be required to withhold the goods and services tax (GST) and pay it to the Australian Tax Office (ATO). Vendors of residential premises or potential residential land must […]

More
27 March 2018

In Check Issue 78 | March 2018

Cyber fraud – it can happen to you No firm is immune from cyber-criminals and their fake emails. We are seeing an increase in attempts to steal money by hackers masquerading as either the client or the lawyer in fake emails. Below is a summary of two of our recent notifications. The law firm duped […]

More
12 December 2017

In Check Issue 77 | December 2017

Thorne v Kennedy on financial agreements The recent High Court case of Thorne v Kennedy [2017] HCA 49 further illustrates why family law financial agreements are fraught with risk. In that case, Kiefel CJ, Bell, Gageler, Keane and Edelman JJ held two substantially identical financial agreements voidable due to undue influence and unconscionable conduct. Nettle […]

More
27 September 2017

In Check Issue 76 | September 2017

Justin Toohey – new LPLC CEO LPLC is pleased to announce that Justin Toohey has been appointed as Chief Executive Officer of LPLC, effective from January 2018, following the retirement of the current CEO, Miranda Milne. Justin’s appointment follows a comprehensive recruitment process with the assistance of executive search consultants. Justin is a professional indemnity […]

More
25 September 2018

PEXA, email, electronic funds transfers and cyber-crime

PEXA, email, electronic funds transfers and cyber-crime On 25 June 2018 LPLC published a security warning for PEXA users arising from some recent instances of fraudulent activity impacting PEXA transactions. One of these (‘the MasterChef case’) involved a fraudster entering the PEXA workspace and changing payment account details to divert $250,000 of the proceeds of […]

More
25 June 2018

Security warning for PEXA users

Recent news reports and emails from PEXA have described a fraud involving the PEXA workspace. Any users of the PEXA workspace need to read this bulletin for tips on how to avoid this happening to them. The fraudster appears to have gained access to a subscriber’s email account and intercepted a change of password email […]

More
29 June 2017

Cyber security breach – claims caused by fake client email

It is no longer safe practice to transfer money to a client’s account based only on email instructions from your client. Always verify email instructions from a client, especially if it involves handling money, by confirming the details orally with the client. LPLC has received four notifications in the last two years, one only last […]

More
19 October 2016

Cyber security cautionary tale

Introduction Cyber security needs to be at the forefront of everyone’s mind, whether you are in a small firm or a large firm. The recent experience of a Victorian law firm is a good example of how easy it is to be caught out. The realistic email A principal of one of our insured firms […]

More
16 November 2018

When seven years isn’t long enough

How long should you keep your file after a matter has concluded? Some practitioners routinely destroy files seven years after closure with client authorisation. In some instances experience tells us you should keep files for longer, especially where a cause of action can accrue more than six years after the retainer has ended. Retaining files […]

More
26 October 2018

Fraudsters: don’t let them in!

If a complete stranger appeared at your door and invited themselves into your home, would you let them in? Probably not. Then why do so many people open the door to cyber-criminals on their computers? A common misconception is that most cyber-crimes involve hacking: the use of computer technologies to gain access to computers and […]

More
19 October 2018

Be sure before disbursing trust money

When acting as stakeholder, you need to check that any conditions for disbursing the money have been strictly met and keep appropriate documentary evidence. In one claim, a practitioner acted for a company that was to be nominated by an affiliate as the purchaser of a property for development. The client needed to raise capital […]

More
14 September 2018

Email instructions in relation to payment of a bank cheque – what would you do?

You are handling a property settlement for a vendor and receive a bank cheque at settlement made payable to the client for the net proceeds of sale. You send an email to the client confirming settlement and advising that you are holding a bank cheque for the client. You receive an email reply asking you […]

More
3 August 2018

Beware of bad cheque scams

LPLC has previously warned practitioners about bad cheque scams, also known as advance fee scams. These appear to still be alive and well. The scam typically involves a firm being asked by a new, typically foreign-based client to bank a cheque on the client’s behalf for a matter in the firm’s jurisdiction. The client then […]

More
27 June 2016

Key Risk Checklist: Cyber Security

It is essential that firms take steps to prevent cyber-crime as practitioners are increasingly at risk of cyber-attacks. This is a list of the things firms need to do to at least lock the door on cyber-crime. Cyber security ☐  Always authenticate email instructions that involve sending money by speaking to the client in person […]

More
2 November 2018

Risk video bite – Stop and think

Presenter: Matthew Rose, LPLC Risk Manager

More
6 October 2017

Risk video bite – Cyber security

Presenter: Matthew Rose, Risk Manager, LPLC

More
10 April 2018

Cyber fraud – five steps to protect yourself

Cyber thieves are clever. They target lawyers because we direct transfers of money and they want to steal it. DON’T FALL FOR IT! Be suspicious of email instructions. Cyber fraudsters will get in any way they can. Make sure it’s not through you. Five steps to protect yourself. Identify – Don’t accept email requests on […]

More
5 February 2018

Cyber security – how to protect yourself | Client brochure

Our firm has proactive steps in place to protect you and your information from cyber-attack. We also need you to take some precautionary steps to ensure the security of your information. What we will do Tell you at the start of a matter what our payment details are and not change those details unless we […]

More