Our submission to the Parliamentary Joint Committee on Law Enforcement into Cybercrime
In October 2023 Law & Cyber was invited by the Parliamentary Joint Committee on Law Enforcement to file a submission on the capability of law enforcement to respond to cybercrime. It argues that the exponential growth in cybercrime against Australians cannot be prevented or addressed by law enforcement only, and that to have any meaningful impact on cybercrime impacting the community, the Parliament and regulators must address an ecosystem of factors that have led to the ongoing increase in cybercrime affecting Australians.
The human factor: building a cyber-aware culture in your law firm
In the world of cyber risk, it’s often said that “humans are the weakest link,” which can be an exercise in blaming and shaming that is hardly helpful and puts a huge and unfair responsibility on individuals who may make a single, understandable mistake.
Cyber education for law firms is more important than ever
With cybersecurity breaches again in the news, and the announcement of Australia’s first cybersecurity coordinator to lead responses to cyber-attacks, we wanted to share some crucial insights that could significantly impact your law firm's security and reputation. Cybersecurity breaches result in serious financial losses, legal and regulatory non-compliance, and reputational damage. Cybercrime has become the number one business risk that law firms must prepare for.
Payment redirection fraud – who does (and who should) bear the loss in fraudulent banking transactions, and is Australia’s electronic banking system fit for purpose?
This article has been accepted for Publication in IEEE Xplore and is © IEEE.
The banking system is part of Australia’s critical infrastructure, and integrity and trust in transactions is essential to our financial system. This paper describes the losses incurred by victims of payment redirection fraud due to cyber events and email scams, and the difficulties they face in recovering what are often very substantial losses. It argues that present levels of cybercrime in conjunction with the adoption of electronic banking in its present form has effectively transferred the risk of fraud in banking transactions from banks to the community. The article explores whether it is realistic to expect that Australian individuals and businesses have sufficient cybersecurity resources or knowledge to protect themselves from cyber risk and email fraud at a time when cybercrime is prevalent and perpetrated by organised crime, but education is neither widespread nor comprehensive.
The article analyses victims’ legal rights in cases involving business email compromise and other scams, and concludes that customers and others caught up in fraudulent transactions have little practical legal recourse against the criminals responsible or banks who could do significantly more to prevent scams from succeeding. While Australian banks are best placed to introduce greater protections for customers, they have not implemented measures used by banks elsewhere, and they also resist legal responsibility for their customers’ losses of this nature. The paper argues that it is not realistic to expect that individual customers bear the burden of either knowledge of or investment in this area and that present electronic banking arrangements leave the community, and particularly vulnerable consumers of banking services, exposed to serious financial loss.
When clients and customers become victims
Data breaches at scale: implications of the Optus and Medibank breaches.
Cybersecurity – a matter of trust
The recent spate of reported cyber-attacks is likely due to both increased frequency and greater reporting obligations under Australian law.
8 reasons why business email compromise is a risk for trustees
Business email compromise is an insidious and increasingly common means of fraud that poses a threat to any businesses, especially law firms, that act as trustees in large transactions.
Solicitors' duties in the digital era - is there a duty of technological competence?
Even without a formally recognised duty of technological competence, such a duty might be inferred by an Australian court having regard to reported levels of cybercrime, other professional duties and the official warnings by regulatory bodies.
Eight reasons why cyber threats are now a key risk for property practitioners
The choice between paying a ransom and either losing all your business records or seeing confidential client information lost or published is one that no practitioner ever wants to make.
Cyber extortion – legal and ethical considerations if you receive a ransom demand
The choice between paying a ransom and either losing all your business records or seeing confidential client information lost or published is one that no practitioner ever wants to make.
Home truths for all after ransomware attack hits celebrity law firm
A potentially costly ransomware attack on a major American law firm is a reminder for all firms to educate their employees about cyber risks at a time when more people are working during the COVID-19 crisis
The insurance jigsaw puzzle – how different policies respond to cyber events and email fraud
Three types of insurance – PII, cyber and crime cover may be required for comprehensive protection.
Cyber risk for lawyers: a unique form of professional risk
Cybercrime is challenging organisations everywhere, with daily news stories about businesses, government organisations and even global IT companies that have been hacked. Law societies and insurers have been warning lawyers about cyber risk, in particular…
Professional duties and email security for conveyancers
Conveyancers have been early adaptors of electronic conveyancing, which has been mandatory for all mainstream property transactions in NSW since 1 July 2019. With the commencement of this new era it is timely to consider the lessons that have been (and can still be) learned about cyber risk and resilience in conveyancing.
Protecting client confidentiality in the digital era
Cyber risk may be a modern phenomenon, but the old adage about an ounce of prevention being better than a pound of cure still applies.
Email compromise is impacting businesses globally
Unless training is provided and proper accounts processes are in place, employees will often action fake payment requests that appear to come from a senior officer within the organisation.
Owning your practice’s cyber security - MSPs and you
Be proactive in understanding your practice’s cyber security profile – do not regard it as a ‘set and forget’ issue.
Practical guidance for managing cyber risk
Managing cyber risk is now an integral part of legal practice, and law firms should consider both risk management and risk transfer via insurance when planning cyber risk response.
Transitioning to e-conveyancing
From 1 July 2018, all caveats and land transfers without mortgages in NSW have been lodged electronically, and this will be extended to all mainstream property transactions from 1 July 2019.
How cyber resilient is your law practice?
Our article by Simone featured in the Law Society Journal, December 2018. Click though to read the full article where Simone discusses the types of scams impacting legal practices, and how they actually work. She highlights possible dangers in outsourcing responsibility for cyber resilience to external IT consultants and, how do different insurance policies respond?