this product is unavailable for purchase using a firm account, please log in with a personal account to make this purchase.

Select from any of the filters or enter a search term

Cybercrime risk heightened for home-based practitioners

Cybercrime risk heightened for home-based practitioners

By Karin Derkley

COVID-19 Practice Management 


Lawyers working from home due to COVID-19 are being urged to take immediate action to secure their computer systems.

Legal practitioners should:

  • disable or distance themselves from digitial assistants such as Alexa
  • create strong passwords of 12 characters
  • use multi-factor authentication
  • be hyper-vigilant about phishing emails
  • confirm requests for money by phone
  • print out their incident response policy
  • check the LIV cybersecurity information hub for updates

LIV Technology and the Law section member EJ Wise, who presented an LIV webinar on cyber-security this week, says every legal practitioner working from home needs to think carefully about how someone could access their home-based computer system, especially when it could now give access to your firm's servers and databases.

"You need to put yourself in the shoes of the criminal like you do after your first burglary," she says.
Law firms should ensure that any staff accessing servers from home use multi-factor verification and a strong password that is about 12 characters long, she says. Firms also need an incident response policy that should be printed out "because if you get ransomware, it will close everything down and you won't be able to access your electronics", she says.

BDO national cyber security leader Leon Fouche says there is likely to be an increase in phishing attacks over the coming months as cyber criminals take advantage of people working remotely. Phishing emails are composed to simulate bona fide emails in order to draw out information such as passwords, account details or other sensitive information.
"People will be receiving an increased number of work-related emails, which will lower their guard to detect phishing emails. Criminals will take advantage of this," he says. That makes it important for lawyers – especially those with access to trust accounts and sensitive information, and those who receive and authorise payments – to be aware of what these attacks can look like.
"If you, or a staff member, receive an email asking for a transfer of money or invoices to be paid, you need to be 100 per cent sure the person sending you the email is who they say they are. It is best to pick up the phone and confirm that person is who they say they are."
Automio founder and legal tech entrepreneur Claudia King says it can be basic problems that cause the biggest threat, such as sharing technology with other family members. "For example, not having a password set up on your home computer but logging into work services, resulting in others at your home seeing sensitive information."
"Now is the time to check all your passwords, ensure you're not using weak combinations, and set up two-factor authentication."
Ms Wise recommends disabling digital assistants such as Alexa or Google Assistants, or at least not talking to clients within earshot of such devices. "It’s not that Alexa will necessarily record you, but it provides a window of opportunity for someone to hack such devices. You can go in and increase your privacy settings to those kinds of devices but they're fundamentally insecure,"
Mr Fouche says the Australian Signals Directorate is recommending these strategies to mitigate the risk for organisations working remotely:

•    ensure your systems, including Virtual Private Networks and firewalls, are up to date with the most recent security patches
•    increase your cyber security measures in anticipation of the higher demand on remote access technologies, and test them ahead of time.
•    if you use a remote desktop client, ensure it is secure.
•    ensure your work devices, such as laptops and mobile phones, are secure.
•    implement multi-factor authentication for remote access systems and resources (including cloud services).
•    ensure that you are protected against Denial of Service (DoS) threats.
•    ensure that your staff and stakeholders are informed and educated in cyber security practices, such as detecting socially-engineered messages

LIV head of professional standards and quality assurance Peter Docherty will cover professional risks, including cybercrime, at the LIV's free lunchtime webinar on Friday 27 March: COVID-19: Practice continuity and contingency planning in a time of uncertainty.

The LIV has a hub centralising cybersecurity information, updates and support services here.

Views expressed on (Website) are not necessarily endorsed by the Law Institute of Victoria Ltd (LIV).

The information, including statements, opinions, documents and materials contained on the Website (Website Content) is for general information purposes only. The Website Content does not take into account your specific needs, objectives or circumstances, and it is not legal advice or services. Any reliance you place on the Website Content is at your own risk.

To the maximum extent permitted by law, the LIV excludes all liability for any loss or damage of any kind (including special, indirect or consequential loss and including loss of business profits) arising out of or in connection with the Website Content and the use or performance of the Website except to the extent that the loss or damage is directly caused by the LIV’s fraud or wilful misconduct.

Be the first to comment