Lawyers exposing clients to potential cyber attacks
The cybersecurity practices of lawyers could be putting their client data at risk, according to new research.
Researchers from Edith Cowan University’s Security Research Institute (ECUSRI) surveyed 122 lawyers about their cybersecurity habits, and revealed a concerning lack of knowledge among the profession.
Key findings from the research include:
- 11% of lawyers had no antivirus protection on their work computer.
- 41% did not know what cybersecurity countermeasures were in place on their smartphones.
- 64% reported using home or free public Wi-Fi.
- 41% didn’t have automatic updates switched on for their work computer.
- 53% forward work-related emails to a non-business email account (Gmail or Hotmail).
- 94% use email to send confidential data.
- Only 9.4% use encryption to protect client data.
According to researcher Associate Professor Mike Johnstone, there were some serious but not insurmountable flaws in the way lawyers were protecting themselves from cyber attack.
“Lawyers, along with doctors, are the two professions which handle most of our confidential information on a day-to-day basis,” he said.
“It’s incredibly important that their cybersecurity practices are improved to protect their clients and themselves.
“Imagine if a lawyer you’d engaged to draft a will had their email compromised and a cybercriminal gained access to all of the information contained in that will?
“Trials could also be affected if key documents related to arguments are inaccessible due to a ransomware attack like the Wannacry attack in 2017.”
In fact, one of the largest law firms in the world, DLA Piper, was one of hundreds of businesses hit by the NotPetya attack in 2017. The attack reportedly shut the firm down for a number of days until their systems were restored.
Professor Craig Valli from ECUSRI said that cybersecurity vulnerability is not unique to the legal profession.
“ECU is working with the Law Society of WA to provide professional development opportunities for lawyers aimed at improving their knowledge of cybersecurity,” he said.
“What is powerful is the proactive position the Law Society of Western Australia has taken in understanding this and the speed in which training has been deployed against these insights.”
The research identified five key areas for immediate improvement:
- Turn on automatic software updates on all devices.
- Utilise cybersecurity countermeasures like antivirus and firewalls on computers and smartphones.
- Encrypt sensitive client data, especially when sent via email.
- Limit use of third-party email services such as Gmail and Hotmail.
- Report cyber attacks to government initiatives such as the Australian CyberCrime Online Reporting Network (ACORN).
A Survey of Lawyers’ Cyber Security Practices in Western Australia was presented at the Association of Digital Forensics, Security and Law Conference in San Antonio, Texas.
In 2017, ECU was named as one of just two Academic Centres of Cyber Security Excellence in Australia by the federal government.
ECU’s Joondalup Campus is also home to the headquarters of the Cyber Security Cooperative Research Centre, established in April 2018 with $140 million in funding.
Academics involved in the research included Professor Craig Valli, Associate Professor Mike Johnstone and Rochelle Fleming. The research was conducted in partnership with the Law Society of Western Australia. It is part of a wider professional development program between the Law Society and ECUSRI.
Thousands of job applicants' personal details were potentially left exposed to the online...
Six physical IT and information security companies from Australia and New Zealand have...
A $10 million cybersecurity initiative has just been launched by the federal government.