Login
7 tips to ensure your cyber security is up to scratch
A cyber-security specialist has provided insight on how law firms can ensure they have adequate cyber-security measures in place.
Emma Musgrave
For Lander & Rogers partner Lisa Fitzgerald, the new year period is an opportune time for businesses, including law firms, to reassess and bolster their protection.
“Even when they have a data breach response plan, it’s often stored on servers and may be rendered inaccessible during a cyber incident. The Federal Government’s Cyber Strategy 2020 report flags express directors’ duties in relation to cyber security, which could mean greater potential for shareholder class actions where a cyber incident leads to a drop in share price.
“All businesses today need data to operate. Whether that data is personal, sensitive, confidential, privileged or simply essential to running the business, as soon as that data becomes inaccessible, business comes to a grinding halt.”
Here are seven ways businesses can protect themselves against a threat, according to Ms Fitzgerald:
1. Review your IT systems and increase malware detection measures.
2. Remind your staff to be on the alert for phishing emails and actively monitor compliance with your IT policies.
3. Ensure data breach response plans are up to date and fit for purpose.
4. Require two-factor authentication, including from third-party tech vendors.
5. Encrypt the most sensitive and business-critical data, including customer data. This will require a data audit.
6. Reinstate robust procurement processes for cloud services and ensure your contract will help, rather than hinder, you at a time of crisis.
7. Obtain cyber insurance.
If the business has already fallen victim to an attack, Ms Fitzgerald advised there are several measures one can take.
“Activate your data breach response plan – your external lawyer is well placed to be a custodian of this plan and to play a key role in ensuring timely, effective and compliant steps are taken,” she said.
“Engage a cyber forensics team to understand what and who has been potentially affected as soon as possible. Waiting until exfiltration of data has been proven is not enough and dangerously narrow. Screenshots of data don’t require data extraction or transfer from a server, so identifying potentially impacted data is part of this process.
“Obtain legal advice without delay to help with an effective response and to mitigate damage.
“Check the terms of your insurance policy and follow it.”
Emma Musgrave
Emma Musgrave (née Ryan) is the managing editor, professional services at Momentum Media.
Emma has worked for Momentum Media since 2015, including five years spent as the editor of the company's legal brand - Lawyers Weekly. Throughout her time at Momentum, she has been responsible for breaking some of the biggest stories in corporate Australia. In addition, she has produced exclusive multimedia and event content related to the company's respective brands and audiences.
Prior to joining Momentum Media, Emma worked in breakfast radio, delivering news to the Central West region of NSW, before taking on a radio journalist role at Southern Cross Austereo, based in Townsville, North Queensland.
She holds a Bachelor of Communications (Journalism) degree from Charles Sturt University.
Email Emma on:
