We use cookies to compile information about how our website is used and to improve the experience of our website visitors. You can review and update your cookie setting by clicking "Manage cookies preferences". For more information about the cookies we use, please read our
Cookies and Electronic Marketing Policy.

17 June 2019

How to keep your law firm safe from security threats


Published on 17 June 2019

Law ranks among the top three industries reporting data breaches, according to the Office of the Australian Information Commissioner.Half came from human error, while the remainder were caused by malicious or criminal attacks. These figures are particularly concerning given the fact that a third of all Australian law firms do not invest in cybersecurity training, as a study by GlobalX and the Australian Legal Practice Management Association (ALPMA) recently found.

A risk too significant – and costly – to ignore

“Lawyers and conveyancers host a vast amount of personally identifiable information (PII), which heightens their risk of cyber attacks in an increasingly digitized work,” GlobalX CEO Peter Maloney told Australasian Lawyer. According to Peter, 79% of legal professionals are concerned about cybersecurity, but only 21% are confident their firm can handle a cyberattack.

Data breaches have been caused by both new and obsolete technology.

“It is clear that the lack of investment in regular cybersecurity training and slow adoption of modern technology is leaving an open door for cyber criminals,” Peter said.

It is a threat James Nunn-Price, Deloitte Asia-Pacific leader, understands all too well.

“The industry needs to avoid being the weak link as enterprises and end clients invest in cybersecurity. Ransomware, often used to take over email communications between parties, is one of the most prevalent global cyber-crime threats and currently costs the Australasian legal industry millions annually,” James told Australasian Lawyer “These criminals can request large sums of money before returning access to confidential client information. Meanwhile, this data can be used for insider trading and identity fraud.”

Switch to an intelligent password

Passwords are easily forgotten, which is why we tend to re-use the same passwords for multiple logins. The push for ever more complex passwords – symbols, numbers, upper case, lower case, and the occasional hieroglyph – turned the simple act of creating a password into a code-cracking event to rival The Imitation Game. These days, best practice suggests a far simpler solution – a passphrase. This involves a sequence of unrelated words, ideally three to four short words. For example, pulldragonapplenow is easy to remember but hard to crack.

Don’t go phishing

Phishing is the increasingly common practice of fraudulent emails or calls designed to mimic real people or organisations. Phishing emails attempt to trick victims into clicking links, downloading attachments or divulging sensitive information, such as passwords or financial information.

You can catch a phishing email from a dubious email address – a small spelling error or variation in the email will give it away as a false email address. It is also unlikely to address you by name or contain a website address that seems unfamiliar.

Urgency is a tactic often deployed to encourage you to divulge information. If you receive a phone call or suspicious email, never provide your personal or financial information, or assist with ‘updates’ to your existing details. Delete any emails you suspect to be fraudulent.

Avoid USBs and lock your computer

Physical breaches are among the simplest and most overlooked threats to security. While USBs were once a popular form of portable storage, cloud data storage services such as DropBox, Google Drive or LawConnect, which provide vast amounts of data storage, render USBs largely obsolete. Never plug in a USB into a computer unless you know its contents with confidence.

Similarly, unlocked computers allow for data theft or fraud. Make it a habit to lock your computer whenever you are away from your desk. 

Backup to the cloud, not local servers

Contrary to common belief, keeping your data in the cloud can often be safer than using a local server. Amazon Web Services, for example, deploys multiple data centres, ensuring a backup is available if one server goes offline or experiences a breach. The size and scale of major cloud providers like Amazon Web Services allows them to implement security best practices, which are constantly monitored and updated in a way few law firms could match. Find out how your data is currently being stored, whether it is on a local server or even in a physical filing room, and explore available cloud options.