find the latest legal job
Corporate and Commercial Partner
Category: Corporate and Commercial Law | Location: Adelaide SA 5000
· Full time · Join a leading Adelaide commercial law firm
View details
In-house Legal Counsel & Commercial Lawyers
Category: Corporate and Commercial Law | Location: All Sydney NSW
· Providing lawyers with flexibility and control over when they work, how they work and who they work for.
View details
In-house Legal Counsel & Commercial Lawyers
Category: Corporate and Commercial Law | Location: All Melbourne VIC
· Providing lawyers with flexibility and control over when they work, how they work and who they work for.
View details
Legal Inhouse / Lawyer / Company Secretary
Category: Other | Location: Brisbane QLD 4000
· Fantastic Company · Potential to be Part Time / Flexible Work Pattern
View details
Infrastructure Lawyer/SA
Category: Construction Law | Location: Sydney CBD, Inner West & Eastern Suburbs Sydney NSW
· Global elite law firm · Dedicated Infrastructure team
View details
The real cyber security risk to lawyers

The real cyber security risk to lawyers

David Rudduck

Not updating your mobile devices and hardware has the potential to expose confidential client information, writes David Rudduck.

Would you like your bank account emptied? I didn’t think so. Well, just like running old and outdated computers in your business (can anyone say Windows XP?), running an old and outdated mobile phone could be just as risky – if not worse!

If you use your mobile phone simply to make telephone calls and never, ever use it to browse the internet, read emails or send and receive text messages, then this article is irrelevant to you. 

For those of you left (which I’d hazard is the vast majority), if you ever use [any of these platforms on your phone], and your phone is a few years old, you could be an easy mark for organised criminals looking to make your data theirs.

Security researchers have reported a significant increase in malware targeting old and outdated mobile phones. The malware sits silently in the background, recording all your account logins, passwords and PINs – including those of your online banking!

The malware is delivered a number of ways – from seemingly innocuous website advertising (which just happens to have specially crafted malicious code embedded in it), which infects your device simply by visiting a ‘safe’ website, to something as simple and innocent as a text message.

You see, the problem is that while we live in a society of consumerism, some of us don’t rush out to buy the latest technology. Many would argue this is a good thing. You’re not being caught in the trap of spending money for the sake of spending, but sadly this may also be putting you and your clients at risk.

Manufacturers that use Google Android on their phones, like Samsung, HTC, Sony, Motorola and LG, will typically stop providing software and security updates to their handsets after about two years as they turn their focus to their new phones.

A similar philosophy is shared with Apple’s phones. After a certain period of time, the latest version of Apple’s mobile software is no longer made available to older handsets.

The issue here is that while the phone (or tablet) may still be usable, the device is not getting patched against bugs and security risks that have been discovered – leaving the user open to attack.

And because organised criminals are entrepreneurial, they’ve worked out that many of us are still using outdated technology that has many openly published bugs they can leverage to their advantage.

As I said above, something as simple as a specially crafted SMS can be sent to many older Android mobile devices to infect them with malware and ‘rootkits’. You wouldn’t even know if you’d been hit, until of course your bank rang you to tell you you’d had your accounts drained.

Or take for example the fact that the crims have worked out how to leverage internet advertising systems to infect your computers. How many times have IT professionals banged on about not visiting unsafe websites on your work devices? I’ve lost my voice over it!

Well, forget all that. You can actually be infected just by visiting if one of the advertising partners has inadvertently let a malicious actor run an advertising campaign that has some special code in it to infect people who see their advertising. You don't even need to click it any more!

Just like phasing out Windows XP and Windows Server 2003 a few years back, you need to budget towards the replacement of your mobile devices every few years and you need to make sure you keep the software up to date – regularly checking and installing software updates.

If you run Android, install an anti-virus program. Sophos and Webroot offer excellent protection.

Consider a password management system like LastPass or 1Password. When used correctly, it will ensure every website you visit has a super-complex password, and you’ll only need to remember a single password for your password wallet, which can be accessed on your computer and mobile devices.

And if you want ultimate protection, implement multi-factor authentication. RSA tokens for banking institutions mean that no matter whether your account details are compromised, without that rotating six-digit number, no one is getting into your account or transferring your funds elsewhere.

You can likewise use services like Google Authenticator to provide two-factor authentication (2FA) for Facebook, Google, emails and many other web services.

In summary, remember to update your digital devices. While using outdated platforms can create annoyance for some, it actually has the potential to impact you as a lawyer, and your clients, on an astronomical scale.

David Rudduck is the managing director of Insane Technologies. 

Like this story? Read more:

QLS condemns actions of disgraced lawyer as ‘stain on the profession’

NSW proposes big justice reforms to target risk of reoffending

The legal budget breakdown 2017

The real cyber security risk to lawyers
lawyersweekly logo
Promoted content
Recommended by Spike Native Network
more from lawyers weekly
Nov 24 2017
Demand lifts in 2017/18 for short-term finance to cover crises
Promoted by NWC Finance. The first five months of the 2017-18 financial year have seen unpreceden...
LCA welcomes religious freedom panel
Nov 24 2017
LCA welcomes religious freedom panel
The Law Council of Australia says the establishment of a panel which will examine the human right to...
Law Society launched a new website, legal politics and lawmaking
Nov 24 2017
Law Society launches project to engage young Aussies
The Law Society of NSW has launched a new website to engage young Australians in legal politics and ...
Allens managing partner Richard Spurio, image courtesy Allens' website
Jun 21 2017
Promo season at Allens
A group of lawyers at Allens have received promotions across its PNG and Australian offices. ...
May 11 2017
Partner exits for in-house role
A Victorian lawyer has left the partnership of a national firm to start a new gig with state governm...
Esteban Gomez
May 11 2017
National firm recruits ‘major asset’
A national law firm has announced it has appointed a new corporate partner who brings over 15 years'...
Nicole Rich
May 16 2017
Access to justice for young transgender Australians
Reform is looming for the process that young transgender Australians and their families must current...
Geoff Roberson
May 11 2017
The lighter side of the law: when law and comedy collide
On the face of it, there doesn’t seem to be much that is amusing about the law, writes Geoff Rober...
May 10 2017
Advocate’s immunity – without fear or without favour but not both
On 29 March 2017, the High Court handed down its decision in David Kendirjian v Eugene Lepore & ...