this product is unavailable for purchase using a firm account, please log in with a personal account to make this purchase.

Select from any of the filters or enter a search term

Cyber threats and data breaches: Three actions to prepare law firms

Cyber threats and data breaches: Three actions to prepare law firms

By Ian Bloomfield

Continuing Legal Education Securities Technology 


Cyber security is now being promoted by federal and state governments, and professional associations as a priority for businesses of all sizes. These three actions will set your firm on track to defend against cyber threats and data breaches.

  • Make cyber security a strategic objective: effective cyber security is every bit as important for the future viability of your business as all the other strategic considerations.
  • Identify your risk profile: without a risk assessment it is impossible to know if your current arrangements are adequate.
  • Cyber security is no longer just an IT issue: Don’t rely on security services and systems alone for protection – people are the last defence. Implement formalised cyber security training for all staff, and follow-up with regular refresher sessions.

Make cyber security a strategic objective

Making cyber security a strategic objective means building it into your business plan and having clearly defined strategies. Simply putting some policies and procedures in place will no longer suffice. In addition, there needs to be a governance framework to implement the strategies so that it is prioritised across all aspects of management, forms part of the risk management approach, and most importantly, is fully understood and committed to by leaders and staff alike.

Identify your risk profile

Understanding how cyber risks can ultimately translate into business risks is crucial. This is the role of a cyber security risk assessment. A risk assessment will give an in-depth understanding of a law firm’s risk profile so informed decisions can be made about how to improve the firm's cyber security. When you know the risks you can then make an assessment of how best to manage those risks. The scale and sophistication of cybercrime is such that all businesses need to be including cyber security as part of their overall risk management considerations. Any business not taking steps to assess their cyber security resilience and not prioritising the remediation of identified risks is putting their ongoing viability at risk.

Cyber security is no longer just an IT issue

It’s a common misconception that cyber security is all about hardware and software, and just an IT issue. This is obviously a big part of cyber security, but it is not enough to defend against the all-pervasive nature and sophistication of cyber threats today. Cyber security is a business issue, so in addition to IT, consideration also has to be given to policies, procedures, processes and people. The people element is often overlooked. Everybody needs to play a part and everyone in the business needs to be aware of their role in preventing and reducing cyber threats. Training, in conjunction with regular refresher training, is the best way to engage and unite employees and instil good cyber security habits.


Ian Bloomfield, managing director, Ignite Systems

Want to find out more? Register for the LIV's Essential Skills: Dealing with difficult people and protecting your firm from cyber threats on 15 March where Ian Bloomfield will be speaking on the above issues and more. This session will also cover how to deal with difficult people and provide advice on ethics and best practice when engaging with the court, colleagues and clients. For more information, see here.

Views expressed on (Website) are not necessarily endorsed by the Law Institute of Victoria Ltd (LIV).

The information, including statements, opinions, documents and materials contained on the Website (Website Content) is for general information purposes only. The Website Content does not take into account your specific needs, objectives or circumstances, and it is not legal advice or services. Any reliance you place on the Website Content is at your own risk.

To the maximum extent permitted by law, the LIV excludes all liability for any loss or damage of any kind (including special, indirect or consequential loss and including loss of business profits) arising out of or in connection with the Website Content and the use or performance of the Website except to the extent that the loss or damage is directly caused by the LIV’s fraud or wilful misconduct.

Be the first to comment