Story image

Australia's law firms facing 'serious but not insurmountable' cyber flaws

29 May 2018

A survey by Edith Cowan University and the Law Society of Western Australia has shown that lawyers are putting client data at risk because they are not taking cybersecurity measures seriously enough.

Edith Cowan University’s Security Research Institute (ECUSRI) polled 122 lawyers and found that 41% didn’t know what cybersecurity countermeasures were available on their smartphones, while 11% said they have no antivirus protection on their work computer.

ECU Associate professor Mike Johnstone says the results show there are serious but ‘not insurmountable flaws’ in the way lawyers are protecting themselves and their devices from cyber attacks.

Forty-one percent of respondents did not have automatic updates switched on for their work computer.

“Lawyers, along with doctors are the two professions which handle most of our confidential information on a day-to-day basis. It’s incredibly important that their cybersecurity practices are improved to protect their clients and themselves,” he explains.

The survey also revealed that only 9.4% of respondents use encryption to protect client data – but the temptation to use home or free public WiFi is too tempting for 64% of lawyers.

More than half (53%) send work-related emails to a non-business email account, such as Gmail or Hotmail. 94% use email to send confidential data.

“Imagine if a lawyer you’d engaged to draft a will had their email compromised and a cybercriminal gained access to all of the information contained in that will? Trials could also be affected if key documents related to arguments are inaccessible due to a ransomware attack like the WannaCry attack in 2017,” Johnstone notes.

DLA Piper is one of the biggest law firms in the world and was one of the hundreds of businesses affected by the NotPetya malware last year. The attack resulted in the firm’s closure for several days until systems were restored, ECUSRI points out.

“ECU is working with the Law Society of WA to provide professional development opportunities for lawyers aimed at improving their knowledge of cybersecurity,” adds ECUSRI professor Craig Valli.

“What is powerful is the proactive position the Law Society of Western Australia has taken in understanding this and the speed in which training has been deployed against these insights.”

The research identified five key areas for immediate improvement:

- Turn on automatic software updates on all devices - Utilise cybersecurity countermeasures like antivirus and firewalls on computers and smartphones - Encrypt sensitive client data, especially when sent via email - Limit use of third-party email services such as Gmail and Hotmail - Report cyber attacks to government initiatives such as the Australian CyberCrime Online Reporting Network (ACORN)

ECU is one of two Academic Centres of Cyber Security Excellence in Australia. ECU’s Joondalup Campus is also home to the headquarters of the Cyber Security Cooperative Research Centre, established in April 2018 with $140 million in funding.

Hybrid cloud security big concern for business leaders
A new study highlights that IT and security professionals have significant concerns around security for hybrid cloud and multi-cloud environments.
GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.