find the latest legal job
Corporate Counsel and Company Secretary
Category: Generalists - In House | Location: Newcastle, Maitland & Hunter NSW
· Highly-respected, innovative and entrepreneurial Not-for-Profit · Competency based Board
View details
Chief Counsel and Company Secretary
Category: Generalists - In House | Location: Newcastle, Maitland & Hunter NSW
· Dynamic, high growth organisation · ASX listed market leader
View details
In-house Projects Lawyer | Renewables / Solar | 2-5 Years PQE
Category: Generalists - In House | Location: All Australia
· Help design the future · NASDAQ Listed
View details
Insurance Lawyer (3-5 PAE)
Category: Insurance and Superannuation Law | Location: Brisbane CBD & Inner Suburbs Brisbane QLD
· Dynamic organisation ·
View details
Legal Counsel
Category: Corporate and Commercial Law | Location: North Sydney NSW 2060
· 18 month fixed term contract · 3-5 years PQE with TMT exposure
View details
The real cyber security risk to lawyers

The real cyber security risk to lawyers

David Rudduck

Not updating your mobile devices and hardware has the potential to expose confidential client information, writes David Rudduck.

Would you like your bank account emptied? I didn’t think so. Well, just like running old and outdated computers in your business (can anyone say Windows XP?), running an old and outdated mobile phone could be just as risky – if not worse!

If you use your mobile phone simply to make telephone calls and never, ever use it to browse the internet, read emails or send and receive text messages, then this article is irrelevant to you. 

For those of you left (which I’d hazard is the vast majority), if you ever use [any of these platforms on your phone], and your phone is a few years old, you could be an easy mark for organised criminals looking to make your data theirs.

Security researchers have reported a significant increase in malware targeting old and outdated mobile phones. The malware sits silently in the background, recording all your account logins, passwords and PINs – including those of your online banking!

The malware is delivered a number of ways – from seemingly innocuous website advertising (which just happens to have specially crafted malicious code embedded in it), which infects your device simply by visiting a ‘safe’ website, to something as simple and innocent as a text message.

You see, the problem is that while we live in a society of consumerism, some of us don’t rush out to buy the latest technology. Many would argue this is a good thing. You’re not being caught in the trap of spending money for the sake of spending, but sadly this may also be putting you and your clients at risk.

Manufacturers that use Google Android on their phones, like Samsung, HTC, Sony, Motorola and LG, will typically stop providing software and security updates to their handsets after about two years as they turn their focus to their new phones.

A similar philosophy is shared with Apple’s phones. After a certain period of time, the latest version of Apple’s mobile software is no longer made available to older handsets.

The issue here is that while the phone (or tablet) may still be usable, the device is not getting patched against bugs and security risks that have been discovered – leaving the user open to attack.

And because organised criminals are entrepreneurial, they’ve worked out that many of us are still using outdated technology that has many openly published bugs they can leverage to their advantage.

As I said above, something as simple as a specially crafted SMS can be sent to many older Android mobile devices to infect them with malware and ‘rootkits’. You wouldn’t even know if you’d been hit, until of course your bank rang you to tell you you’d had your accounts drained.

Or take for example the fact that the crims have worked out how to leverage internet advertising systems to infect your computers. How many times have IT professionals banged on about not visiting unsafe websites on your work devices? I’ve lost my voice over it!

Well, forget all that. You can actually be infected just by visiting if one of the advertising partners has inadvertently let a malicious actor run an advertising campaign that has some special code in it to infect people who see their advertising. You don't even need to click it any more!

Just like phasing out Windows XP and Windows Server 2003 a few years back, you need to budget towards the replacement of your mobile devices every few years and you need to make sure you keep the software up to date – regularly checking and installing software updates.

If you run Android, install an anti-virus program. Sophos and Webroot offer excellent protection.

Consider a password management system like LastPass or 1Password. When used correctly, it will ensure every website you visit has a super-complex password, and you’ll only need to remember a single password for your password wallet, which can be accessed on your computer and mobile devices.

And if you want ultimate protection, implement multi-factor authentication. RSA tokens for banking institutions mean that no matter whether your account details are compromised, without that rotating six-digit number, no one is getting into your account or transferring your funds elsewhere.

You can likewise use services like Google Authenticator to provide two-factor authentication (2FA) for Facebook, Google, emails and many other web services.

In summary, remember to update your digital devices. While using outdated platforms can create annoyance for some, it actually has the potential to impact you as a lawyer, and your clients, on an astronomical scale.

David Rudduck is the managing director of Insane Technologies. 

Like this story? Read more:

QLS condemns actions of disgraced lawyer as ‘stain on the profession’

NSW proposes big justice reforms to target risk of reoffending

The legal budget breakdown 2017

The real cyber security risk to lawyers
lawyersweekly logo
Promoted content
Recommended by Spike Native Network
more from lawyers weekly
LCA president Fiona McLeod SC
Aug 17 2017
Where social fault lines meet the justice gap in Aus
After just returning from a tour of the Northern Territory, LCA president Fiona McLeod SC speaks wit...
Marriage equality flag
Aug 17 2017
ALHR backs High Court challenge to marriage equality postal vote
Australian Lawyers for Human Rights (ALHR) has voiced its support for a constitutional challenge to ...
Give advice
Aug 17 2017
A-G issues advice on judiciary’s public presence
Commonwealth Attorney-General George Brandis QC has offered his advice on the public presence of jud...
Allens managing partner Richard Spurio, image courtesy Allens' website
Jun 21 2017
Promo season at Allens
A group of lawyers at Allens have received promotions across its PNG and Australian offices. ...
May 11 2017
Partner exits for in-house role
A Victorian lawyer has left the partnership of a national firm to start a new gig with state governm...
Esteban Gomez
May 11 2017
National firm recruits ‘major asset’
A national law firm has announced it has appointed a new corporate partner who brings over 15 years'...
Nicole Rich
May 16 2017
Access to justice for young transgender Australians
Reform is looming for the process that young transgender Australians and their families must current...
Geoff Roberson
May 11 2017
The lighter side of the law: when law and comedy collide
On the face of it, there doesn’t seem to be much that is amusing about the law, writes Geoff Rober...
May 10 2017
Advocate’s immunity – without fear or without favour but not both
On 29 March 2017, the High Court handed down its decision in David Kendirjian v Eugene Lepore & ...