Law firms of all sizes, including sole practitioners, are targeted every day by cyber criminals from all over the world. Most law firms transact large amounts of money and hold confidential information that criminals can sell or use to extort a ransom payment. Failure to protect your business and your clients’ money and information could be costly both financially and to your firm’s reputation.

Basic information for everyone

Every staff member in a law firm is responsible for keeping the firm safe from cyber-attack. There are many things that everyone can do, and this guide addresses the five basic areas to focus on to help lock the door on cybercrime. It is important that everyone in a firm understands what the risks are and what part they must play in keeping the firm safe. The Australian Government’s StaySmartOnline website is a good place for everyone to start to review basic information about protecting your business online. Register for StaySmartOnline’s Alert Service to receive updates on scams, risks and preventative action to protect your firm and your clients.

It is everyone’s business

Cyber security is not just an IT issue. It is an essential part of today’s legal practice and everyone in your firm has a critical role in preventing cyber-crime. There is no silver bullet to protect your firm and your client’s money. The concept of cyber security must be built into everything people do in a law firm.
The approach to cyber security needs to be multi-pronged. This guide sets out five key areas to address, underlines why they are important, what can be done and how to do it. Included in this guide are links to valuable resources and information.

Cyber Security Guide for Lawyers: A practical guide to help lawyers be cybersafe

For a list of resource links mentioned in the guide click here.

Secure your technology

Law Institute Victoria (LIV): Cyber security essentials for law firms
StaySmartOnline website: Protect your assets Do things safely
Australian Cyber Security Centre: Guides Publications
AV Test website: the Independent IT Security Institute
Stay smart online: Multi-factor authentication for you
Australian Cyber Security Centre website: Implementing Multi-Factor Authentication
Corrs Chambers Westgarth: How to use multi-factor authentication to combat cyber-crime
Stay Smart Online: Backups Backups for Business Passwords for Business

Establish policies and procedures

Stay Smart Online: Protect your assets
Law Council Cyber Precedent website: Your firm their data Developing a cyber security strategy podcast Cyber security essentials Privacy principles and cyber security
LPLC: Recommended EFT process

Create a culture of cyber risk awareness

Australian Law Reform Commission: Data security and information destruction and retention requirements
Australian Government Business website: How to keep the right records
Stay Smart Online: Community

Warn clients about cyber risk

Use LPLC client brochure: Cyber security – how to protect yourself
See LPLC blog: Protect your clients from cyber fraud
Download: LPLC’s Call before you pay email footer

Have an incident report plan

See Law Council of Australia Cyber Precedent website: What to do if you are cyber-attacked
See the information at StaySmartOnline website: Recover when things go wrong
LPLC: list of Cyber-crime bank contact details
LIV: Cyber security essentials for law firms
Privacy Act 1988 (Cwealth) data breaches
LPLC: Cyber Insurance Cover