Email is vulnerable, so when we’re looking at transferring tens of thousands, hundreds of thousands, or even millions of dollars, the risk management guard should be [at] the top.
Experts say cyber criminals are attacking small law firms and taking advantage of their vulnerabilities, as lawyers increasingly shift their practices online during the pandemic.
Lawcover’s Practice Risk Manager Malcolm Heath said the insurer had recorded a spike in cyber-attack claims this year, the majority relating to compromised business email accounts.
Heath addressed an audience of 120 solicitors who tuned in to the online Rural Issues Day conference hosted by the Law Society of NSW on 23 October, in a panel discussion focusing on the hardship and impact of recent crises on rural legal practice.
Heath and his co-panellists including consultant Rachel Setti, University of Newcastle professor and researcher Hazel Dalton, and Legal Services Commissioner for NSW John McKenzie, noted the increase in hacking exacerbated the years of intense stress law firms in regional areas had experienced, amid rapidly changing local economies, drought, bushfire, floods, and the pandemic.
Heath said fraudsters had stolen large settlements and payments by using business accounts to email clients their own bank details.
“Perhaps the cyber criminals are in full-scale operation as more and more businesses are going to remote environments, and that may increase exposure,” Heath said.
In the first four months of this financial year alone, Lawcover received 12 cyber-attack claims, compared to a total of 26 in 2019-20 and 21 the year before.
The insurer has paid out more than $5 million in losses since the first claim of this kind in 2016. Losses, usually suffered by small firms or sole practitioners, have blown out from $12,000 to nearly $1 million.
Heath said rather than be fearful of working online, lawyers should be cautious with all online transactions. He advised firms to enact extra verification measures on their email accounts, like software that sends a security access code to a mobile phone.
One tactic to watch out for is a fraudulent email linking to a website that appears to hold legal documents. The third-party website may ask for a name and password, giving hackers access to computer systems or emails.
Lawyers should also be warning their clients to look out for these kinds of email scams, Heath said.
“Email is vulnerable, so when we’re looking at transferring tens of thousands, hundreds of thousands, or even millions of dollars, the risk management guard should be [at] the top.
“It really is a … behaviour error. It’s often a reaction to haste or speed.”
The increase in hacking adds to a year of immense change and difficult economic circumstances posed via drought, bushfire, floods, and the pandemic.
“2020 has culminated in the most significant period of change in a short space of time, and that in itself is quite traumatic,” Heath said.
He said firms could contact Lawcover for pastoral care through trained counsellors, as well as premium relief.
Hazel Dalton, the research leader at the Centre for Rural and Remote Mental Health, said it’s been a difficult period for lawyers juggling their clients’ wellbeing with their own mental health. The Centre offers short, time-sensitive mental health training courses to help navigate difficult conversations.
“It can be comforting, and it can help you decrease the stigma in providing support for others and seeking help yourself,” Dalton said.
She said prioritising sleep, eating well, exercising, connecting with others and planning things to look forward to were beneficial. It’s also vital for lawyers to remind themselves of the importance of their role in their communities.
“Be compassionate with yourself – you’ve got a demanding job and it really makes a difference in people’s lives,” Dalton said.
“Sometimes it’s hard and we can’t always get it right or feel like we’re getting it right. So, taking time to look after yourself can make for better performance at work, a better human, and [being] happier with yourself. So give yourself a break.”