No Images? Click here

Wednesday, 13 March 2019

Risk Management Alert – Cybercrime

Representatives from Law Mutual (WA) recently attended a round table discussion with other legal profession insurers specifically to discuss Cybercrime.

It is evident from the discussions that there has been an increase in claims relating to cybercrime across Australia. The majority of the incidents arise from intercepted emails from clients relating to payment or transfer of fund requests, and intercepted emails from within the practices purporting to be from practice principals requesting a funds transfer.

In most cases, the hacker has gained access to the practice's server as a result of an employee clicking on a link in a phishing email. However, there appears to be a lag time between the original breach of the server and the interception of emails. This is allowing the hackers three to four weeks access to the server prior to the practice realising that there has been a breach.

Recent incidents to be aware of:

  • The hacker gains access to the practice’s template bill and client details. The hacker then amends the bank details on the bill providing the hacker’s account instead of the practice’s account, and sends it out to the client. The client pays the bill and the payment from the client is lost to the hacker’s account.
  • The hacker intercepts a payment transfer email. Instead of changing the bank details, the hacker amends the email to instruct that half of the payment is paid into one bank account (the hacker’s account) and the other half is paid into the correct account. On the face of it, this seemed plausible to the practitioner, however, half of the money was lost to the hacker’s account.

Steps you can take

Practices should consider implementing policies and protocols that balance security, privacy, and efficiency to mitigate the risk of falling victim to cybercrime, especially on any matters where money will be transferred via the firm’s trust account including:

  • Transfer of funds: Adopt the practice of verifying every client and instruction to transfer or payout trust funds (e.g. payee, account, amount) (Note that by s226 LPA it is an offence to cause a deficiency). Adopt protocols to protect law practice funds (e.g. verification of certain amounts or types of payments). Many practices are returning to paper based transfer instructions and are not accepting email instructions.
  • Adopt employment practices that promote security: Set clear expectations about staff commitment, competence and compliance regarding cyber security and consequences for breach. Require users to declare policies have been read and agreed to. Use log on screen reminders to reinforce safe use. Monitor and enforce compliance. Provide adequate training.
  • Background checks: Vet staff and contractors for trustworthiness, especially those in accounts and IT.
  • Phishing and suspicious emails: Ensure users can recognise the characteristics of suspicious emails (e.g. odd URLs or language, urgency, directions to transfer funds). Use phishing tests to check users can be trusted to report suspicious emails and not click on links or attachments.

In October 2016, Law Mutual (WA) facilitated the seminar Cyber crime – how to prevent an attack and its impact on professional liability. The seminar provided practical examples of basic protections that legal practices can adopt to mitigate the risk of cybercrime.

In addition to the cybercrime presentation, there are a number of other resources that may assist practices to mitigate the risk of falling victim to cybercrime:

  • ACCC Scamwatch
  • Stay Smart Online
  • Law Council of Australia Cyber Precedent Tools

Law Mutual (WA) insured practices are reminded that losses as a result of cybercrime may not be covered under the Law Mutual (WA) Professional Indemnity insurance arrangements; cover will depend upon the facts of each individual case.

Insurance Renewal 2019/2020

The application forms for the Professional Indemnity Insurance arrangements for the upcoming 2019/2020 insurance year are required to be submitted by Friday, 29 March 2019.

Please note that payment of the invoice for the Annual Contribution and Administration Levy must be made by no later than Wednesday, 15 May 2019.

2019/2020 Risk Management Seminar Programme

We are currently in the process of finalising the full Risk Management Seminar Programme for 2019/2020; further details will be released in April. 

Every insured practitioner is entitled to two hours of low cost seminars.

In addition, your firm may be entitled to a risk management discount on its next insurance application if it meets the principal and practitioner attendance requirements, in the period 1 March 2019 to 28 February 2020.

Further information regarding the Risk Management Discount requirements and the options available for approved risk management training can be found on the Law Mutual (WA) website.

Practice Risk Management Tips

We suggest that managers of Law Practices consider whether or not there is a need to obtain PI top up insurance. This is not offered by Law Mutual (WA); we suggest you contact your insurance advisor.

Managers might also like to consider joining the Law Society of WA’s Professional Standards Scheme which may enable the Law Practice to limit its liability in the event of a claim. If you are interested, please contact Vicki Coles, Manager Risk Law Mutual (WA) on (08) 9324 8653 or via email at vcoles@lawmutualwa.com.au

Get to know your Law Mutual (WA)

Sharan Gill, Manager Claims

Sharan began her legal career with Crown Law in Brisbane before relocating to Perth in 2008. She joined Law Mutual (WA) for a year before embarking into private practice at Jarman McKenna, working primarily in the insurance area, with a focus on professional indemnity and medical negligence claims. Sharan returned to Law Mutual (WA) in January 2014.

Outside of work, Sharan enjoys interior designing, refining her culinary skills with a glass of good wine and spending time with her daughters, Saryna and Zara.

 

Contact Law Mutual (WA)

Street Address: Level 4, 160 St Georges Terrace, Perth WA 6000
Postal Address: PO Box Z5345, Perth WA 6831
Telephone:  (08) 9481 3111   |   Facsimile:  (08) 9481 3166
Email: info@lawmutualwa.com.au   |   Website: www.lawmutualwa.com.au

 
The Law Society of Western Australia
Level 4, 160 St Georges Terrace, Perth 6000
Phone: (08) 9324 8600   |     Fax: (08) 9324 8699
E: info@lawsocietywa.asn.au  | W: lawsocietywa.asn.au

Disclaimer: This email is an information service of the Law Society of Western Australia. The information provided does not constitute legal advice and recipients should consult the Government Gazette, relevant statutes and other source documents as appropriate. Reasonable steps have been taken to protect our mail servers and web pages via the use of anti-virus software but recipients are advised to take all necessary steps to ensure that their own systems are virus protected. The Law Society of Western Australia does not accept responsibility for any loss or damage sustained as a consequence of any virus transmission.

Copyright © 2019 The Law Society of Western Australia. All Rights Reserved.
Preferences  |  Unsubscribe