No one is immune to cyber-crime. In today’s digital age, security cannot be an afterthought –proactive measures and education are necessary in order to minimise the risks presented.
This is pertinent for the legal industry, particularly those practising within property law and facilitating settlements for homebuyers and sellers through the electronic platforms available.
Residential property is Australia’s largest asset class, worth $7.1 trillion1, which makes it an understandably attractive target for criminals and fraudsters. While this has always been the case, the progress into a more digital means of exchanging and settling transactions gives rise to new possibilities for would-be criminals and fraudsters.
The latest Australian Competition and Consumer Commission (ACCC) Scamwatch data is telling.
In 2019, phishing via email and phone – the apparent primary weapon of choice for hackers due to its low complexity and high success rate –scammed Australian businesses out of more than $1.5 million, almost doubling the losses experienced in 2017 and 20181.
And this is a trend that has continued into 2020. The ACCC reported financial losses as a result of phishing to be $121,319 in January 2020 alone, nearly doubling that of January 20192.
New challenges with COVID-19
Further to this, the current outbreak of Coronavirus (COVID-19) has brought to the fore some of the challenges faced by the industry. It has notably also sparked a surge of phishing attempts on unexpectant individuals seeking to benefit from the rushed approach of some parties to get up to speed with these types of transactions.
One such instance saw the logo of the CDC Health Alert Network spoofed, claiming to provide a list of local active infections before ensnaring confidential information and selling it on the dark web for financial gain and potential use in more elaborate scams3.
Clearly, now more than ever, the security awareness of legal practitioners is under the microscope.
How firms can bolster their cyber security
Fundamentally, we need to broaden our view of what being cyber-secure is. This calls for a holistic, 360-degree approach to security – but cyber-security in particular. Constant education and briefing of staff, as well as instilling discipline and processes in securing operations is paramount.
Critically, we must also embrace the technology available to us. A common misconception is that you need a big budget and sophisticated products to be cyber-secure. In reality, taking the time to review and maintain the technology within your organisation may likely bolster your firm’s security without significant cost. Technology should always be viewed as a tool in your toolbox – and tools need to be maintained and sometimes updated to ensure you can work at your most efficient.
The Australian Cyber Security Centre (ACSC) has an established ‘essential eight’ list of strategies, which when used in combination may greatly protect against threats.
The ACSC’s guidance discusses reviewing and restricting access privileges, frequently patching your operating systems, applications and browsers, implementing multi-factor authentication and regularly backing up your data. These are far from overly complex or bank-breaking measures to introduce and for most law practices many of these aspects are business as usual.
There is also excellent technology available to lawyers as well, including a range of trusted no-cost or low-cost anti-virus protection software to help safeguard your data.
Industry specific solutions exist too. For example, with property settlements you can make use of free applications such as PEXA Key to enable your client, individual or organisation, to provide their bank account details for the transfer of funds in an encrypted environment – eliminating an otherwise significant risk for lawyers and clients alike. Trust account details can be communicated securely to the client via the app also.
The industry has an obligation to its clients to continuously bolster its understanding of technology and with it, cyber-crime, something the legal profession has historically found challenging.
This need not be a daunting task and by simply taking the time to review and prioritise your risk profile you can take control of your cyber-security and likely improve it through small inexpensive measures and better education and practices being implemented.
As practitioners, we hold an obligation to use the appropriate technology and empower staff with the knowledge to protect our firms and most importantly our clients.
1 Australian Competition and Consumer Commission (ACCC) https://www.scamwatch.gov.au/about-scamwatch/scam-statistics?scamid=31&date=2019
2 Australian Competition and Consumer Commission (ACCC) https://www.scamwatch.gov.au/about-scamwatch/scam-statistics?scamid=31&date=2020-01
3 Centres for Disease Control and Prevention https://www.cdc.gov/media/phishing.html