Goodbye job applications, hello dream career
Seize control of your career and design the future you deserve with LW career

What law firms need to know about cyber security

Law firms face unique risks when it comes to cybercrime. Here’s what you can do to protect your business, writes Susie Jones.

user iconSusie Jones 23 July 2020 Big Law
Susie Jones
expand image

A new financial year is a great time to implement new processes and systems, particularly if there are areas you’ve been putting off actioning in the past. And for the legal industry, particularly small businesses, it’s never been more important to develop a robust cyber security approach.

The Australian Cyber Security Centre recently found that nearly half of Australian SMEs spent less than $500 on cyber security last year, despite research from Chubb Insurance finding over 60 per cent of Australian SMEs have experienced a cyber incident in the past 12 months. 

COVID-19 has only exacerbated these vulnerabilities. Ninety-nine per cent of cyber attacks require human interaction in order to succeed, which makes you and your team the best (and worst) cyber defence your business has.

This means that the last four months during the COVID-19 pandemic have not only been some of the most dangerous for the physical health of all Australians, but also for their digital health. In fact, Scamwatch has received reports of over 3,300 scams since the pandemic began earlier this year. 

It’s never been more important to understand the cyber security risks associated with your business, so here are the largest cyber security issues we’ve seen for the legal industry, and the steps you can take to combat them.

What risks do I need to watch out for?

The need for cyber security protection of confidential and proprietary client and law firm electronic information has never been more important, whether you’re a sole practitioner or part of a large firm. Maintaining privacy and confidentiality has been tested in the world of social distancing and remote work.

“Zoombombing” (where uninvited guests drop in on Zoom calls) has serious implications for the security of sensitive conversations, and ransomware attacks can be particularly damaging as lawyers hold a lot of valuable information in their own systems. 

A few years ago conveyancers were repeatedly targeted in cyberattacks due to their role in overseeing transfers of significant sums of money. These attacks were almost all email-based, with criminals taking over email accounts and then intercepting and changing account details to divert payments from the intended recipient. This has serious implications for the risk to law firms that may also be privy to sensitive payments information. 

Generally speaking, the most common scams targeting all types of businesses are invoice scams (fake invoices sent to you by a known supplier/customer through hacking their email), phishing scams and attacks on vulnerable remote access systems such as remote desktop and VPN solutions. 

What can I do? 

  1. Protect your passwords: Often cyber security all comes down to poor password management so start using a password manager and enable two-factor authentication 
  2. Double-check invoices: If an invoice you’ve received comes from a different business contact or just looks a bit different, avoid being tricked by making a call to the business you’re paying and check it to confirm before you pay the invoice
  3. Don’t think it won’t happen to you: Scammers don’t discriminate on size, they can hit thousands of businesses at the same time 
  4. Remember your own reputation: As a core part of a lawyer’s appeal is trust, misuse of a lawyer’s brand or reputation can be disastrous. Protect your personal information and accounts with the same rigour applied to your firm. 
  5. Get cyber fit: Just like getting fit doesn’t happen with one workout, cyber fitness is all about taking small incremental steps to improve your cyber security everyday. First step is to understand what you have to lose and what tech you rely on. What data do you have and what is valuable?
Susie Jones is the co-founder and CEO of Cynch Security.

You need to be a member to post comments. Become a member for free today!