When Willie Sutton, infamous American bank robber, was asked why he robbed banks, he replied: “Because that’s where the money is.” Banks may still have the money, but law firms have the information. And in the online world, information is the new gold mine.
With computer-related fraud, identity theft, hacking and violations of network security now commonplace in our globalised society, how do we deal with online security risks?
We spoke with Alec Christie, privacy and cyber-law specialist and partner at international law firm DLA Piper, about the launch of its new cybersecurity tool, CyberTrak, and how the legal industry can fight the good fight against online crime.
What is cybercrime?
In Australia, the term “cybercrime” is used to describe:
- Crimes directed at computers or other information communications technologies (ICTs, such as hacking networks to steal sensitive business information and denial of service attacks)
- Crimes where computers or ICTs are an integral part of an offence (such as online fraud and identity theft).
The dangers that cybercrime presents to law firms are obvious: the risk of sensitive, confidential client information or privileged lawyer/client communications being leaked and the risk of unauthorised, external access to the personal and financial data of employees, clients and third parties.
Christie says that cyberattacks on businesses are now a question of when, not if. And it seems the Australian federal government agrees with the launch of its National Plan to Combat Cybercrime.
The government has also passed new laws (the Cybercrime Legislation Amendment Bill 2011 amended a number of acts) to make it easier for police to track down cybercriminals around the world and allow Australia to accede to the Council of Europe Convention on Cybercrime, joining 34 other nations in the global fight against cybercrime.
In a world of increased connectivity and heavy reliance on digital technologies, what extra measures can lawyers and law firms take to protect firm and client data and minimise the risk of a breach?
CyberTrak and cybercrime challenges
In a volatile online environment, knowledge and information is power. DLA Piper is forging its own path with its wholly owned subsidiary company, Blue Edge Lab, in partnership with the Internet Security Alliance (ISA).
Aimed at multinational companies, businesses that work online and those that are required to navigate complex international laws and cybercrime regulations, the lab’s CyberTrak tool provides instant online access to credible information about laws and policy developments in 23 key markets across the Americas, Asia-Pacific, Europe and the Middle East.
“[The tool] provides current links to laws and regulations,” Christie says. “It can be used as a comprehensive guide to analysing security issues and standards in a wide range of areas, or as a starting point to find the right information and then seek further legal advice if necessary.”
Access to that information is designed to help people in key company positions make better risk-management decisions and reduce the costs associated with keeping abreast of changing regulatory requirements.
“Law firms are now global businesses. Even national firms have global reach. Everyone is online and, in my view, law firms often seriously underestimate the threat of cyberattacks in this environment.”
With new tools like CyberTrak on the rise, it appears the market is responding to clear concerns about security. What else can law firms do to protect their data?
Risk minimisation: Easy steps to combat cybercrime
According to Christie, 80 per cent of cyberattacks can be avoided with the most basic level of security. “Studies show that 65 per cent of cyberattacks occur because of ‘insiders’. Situations like employees losing unencrypted laptops. These types of risks can be avoided with the use of careful security layers so that people within firms have different levels of access to information on the server, and by computer users changing passwords more often.”
Christie recommends that lawyers and law firms:
- Check the security set-up and access of service providers
- Consider how the organisation is exposed to risk and put together a clear cybersecurity strategy, addressing technology issues, personnel training and other risk-management steps
- Avoid seeing cybersecurity as an ‘IT issue’ alone and take a more holistic approach in order to combat cyberattacks.
In addition to CyberTrak, lawyers can also access helpful online information from a range of government websites, which is part of the federal government’s plan to partner with industry to promote a safer and more secure digital environment, and to empower businesses to look after themselves.
Some of these resources include:
- The Australian Cyber Security Centre website (the 2015 ACSC conference will be held in Canberra on 22-23 April)
- Stay Smart Online, which offers information for small and medium enterprises on steps they can take to protect themselves and their customers online
- The Australian Signals Directorate’s top four strategies to mitigate targeted cyber intrusions, which can assist businesses to form their own mitigation strategies.
Don’t wait for your firm’s first breach. Be diligent, be prepared and have a serious plan in place to fight the good fight against cybercrime.
To find out more about how technology is influencing the legal profession, download our free whitepaper.