Snapshot
- Cyber security is an essential part of legal practice management.
- In a 2022 Federal Court case, the court made it clear that regulators consider inadequate cyber security as a regulatory issue.
- Earlier this year, the Legal Services Board and Commissioner of Victoria published Minimum Cybersecurity Expectations for Victorian legal practitioners. Some unacceptable cybersecurity practices could constitute unsatisfactory professional conduct or professional misconduct.
- Lawcover and the Law Society of NSW have also provided guidance on identifying and preventing cyber fraud with online resources.
Law firms regularly handle substantial funds and sensitive information. This makes them attractive targets for cyber criminals who engage in social engineering, ‘man-in-the-middle’ cybercrimes or seek ransoms to prevent the release of confidential information. Major firms DLA Piper, Allen & Overy and HWL Ebsworth have all been the subject of well publicised cyber attacks targeting operations and data.
However, smaller firms are not immune to cyber attacks and are particularly at risk of impersonation fraud and business email compromise. In the case of small firms, the target is usually funds transfers, but compromises can also lead to breaches of the Privacy Act 1988 (Cth) and loss of confidential data. The prevalence of these types of attacks makes cyber security an essential part of legal practice management.