Reported PEXA hacks a timely reminder to check security
The fallout over reported hacks of national e-conveyancing platform PEXA should serve as a reminder to lawyers and conveyancers to check the security of their passwords and login credentials, according to a Brisbane-based cybersecurity lawyer.
Bennett & Philp Lawyers director and IP practice group manager Nicole Murdoch said the PEXA incidents — including one instance where hackers were able to steal money from the sale of a former reality television star’s property by diverting the settlement funds into a fraudulent bank account — are nothing new.
In fact, she said, such hacks are an extension of issues that hit several law firms last year, when hackers access the email systems of at least two Queensland-based firms to alter banking details within email correspondence to divert funds elsewhere.
What this highlights, she posited, is the need for platforms that service law firms and conveyancers to be secure by design.
“Service providers such as PEXA should build robust security into their platforms from the ground up and continue to be vigilant to new security threats and techniques,” she said.
“Those using [these] service providers should maintain the security of their login details and passwords, put checks and balances in place so they do not solely rely on details stored by service providers and conduct routine risk assessments on service providers.”
“The lesson from all of this is to check all details of a transaction before committing to the transaction, remain vigilant and use a unique password for each account and re-set passwords often,” she continued.
Often, individuals will not know that their accounts have been compromised and thus are not on notice to reset their passwords, Ms Murdoch warned.
But notifications of data breaches under the new data breach notification laws should assist in the identification of account or login credentials being compromised.
Despite this, conveyancers and lawyers using e-conveyancing systems should not just sit back and expect PEXA and other providers to fix any shortfalls within the conveyancer’s own systems.
“While security of the PEXA platform is being improved, the conveyancer should also ensure their systems are safe and secure, and this means more rigorous attention to passwords and the protocols surrounding them,” she concluded.