Lawyers have ‘worrying lack’ of cybersecurity knowledge
New research shows that highly sensitive and confidential client data is at risk of exposure as lawyers are not cognisant of cybersecurity measures and practices.
A survey of 122 lawyers, conducted jointly by the Edith Cowan University’s Security Research Unit and Law Society of Western Australia, has revealed a “worrying lack of knowledge” among the legal profession when it comes to protecting client information online.
The survey revealed that only 9.4 per cent of lawyers use encryption to protect client data, 94 per cent use email to send confidential data, and 53 per cent forward work-related emails to non-business email addresses, such as Gmail or Hotmail.
In addition, 11 per cent of lawyers don’t have anti-virus protection on their work computers, 41 per cent don’t have automatic updates installed for their work computers, 64 per cent use home or free public Wi-Fi, and 41 per cent are unaware of what cybersecurity measures are in place on their smartphones.
The findings offer a contrast to recent findings from Iron Bastion, which found that Australia’s top and mid-tier firms are leading the way when it comes to implementing technologies to combat the threats of cyberattacks, specifically phishing.
The survey results from the west, however, paint a different picture when it comes to individual actions.
ECU associate professor Mike Johnstone said there were “serious but not insurmountable flaws” in the ways that lawyers are choosing to protect themselves from cyber-attack.
“Lawyers, along with doctors, are the two professions which handle most of our confidential information on a day-to-day basis,” he said.
“It’s incredibly important that their cybersecurity practices are improved to protect their clients and themselves.”
He advised lawyers to consider the scenario of drafting a will, having email accounts compromised and thus allowing a cybercriminal to gain access to the contents of that will.
“Trials could also be affected if key documents related to arguments are inaccessible due to a ransomware attack,” he said.
The research also identified a number of ways for lawyers to immediately improve their cyber practices: turning on automatic software updates on all devices, utilising cybersecurity countermeasures on computers and smartphones, encrypting sensitive client data, limiting use of third-party email services, and reporting cyberattacks to government initiatives such as the Australian CyberCrime online Reporting Network.
According to Law Society of WA president and Clayton Utz senior associate Hayley Cormann: “Given that lawyers regularly handle sensitive information, it is crucial that they follow best practice in order to protect their clients and their own firms.”
“Cybersecurity will continue to be an important focus of [the Law Society's] education programs going forward,” she said.