A new study has found alarming evidence that confidential and sensitive data is at risk of exposure due to the cyber security practices of lawyers.
The Edith Cowan University’s Security Research Institute survey of 122 lawyers, in partnership with the Law Society of Western Australia, found 11 per cent had no anti-virus protection on their work computers, 41 per cent did not know what cyber security counter measures were in place on their smartphones, and 94 per cent used email to send confidential data. Just 9.4 per cent used encryption to protect client data. Associate Professor Mike Johnstone said there were some serious but not insurmountable flaws in the way lawyers were protecting themselves from cyber attack.
“Lawyers, along with doctors, are the two professions which handle most of our confidential information on a day-to-day basis,” he said. “It’s incredibly important that their cyber security practices are improved to protect their clients and themselves. Imagine if a lawyer you’d engaged to draft a will had their email compromised and a cyber-criminal gained access to all of the information contained in that will?
“Trials could also be affected if key documents related to arguments are inaccessible due to a ransomware attack like the Wannacry attack in 2017.”
The research identified five key areas for immediate improvement:
• Turn on automatic software updates on all devices
• Use cybersecurity countermeasures like antivirus and firewalls on computers and smartphones
• Encrypt sensitive client data, especially when sent via email
• Limit use of third-party email services such as Gmail and Hotmail
• Report cyberattacks to government initiatives such as the Australian Cybercrime Online Reporting Network (ACORN)