New Zealand Law Society

Navigation menu

Australian survey shows lawyers lack cyber security awareness

24 May 2018

A survey of 122 West Australian lawyers by academics from Edith Cowan University has found what the researchers describe as a worrying lack of cyber security knowledge among the profession.

Professor Craig Valli, Associate Professor. Mike Johnstone and Ms Rochelle Fleming from Edith Cowan University’s Security Research Institute (ECUSRI) conducted the research in partnership with the Law Society of Western Australia.

They found that

  • 11% of lawyers had no anti-virus protection on their work computer,
  • 41% did not know what cyber security countermeasures were in place on their smartphones,
  • 64% reported using home or free public wi-fi,
  • 41% did not have automatic updates switched on for their work computer,
  • 53% forward work-related emails to a non-business email account (Gmail or Hotmail),
  • 94% use email to send confidential data,
  • 9% use encryption to protect client data.

Associate Professor Johnstone says there are some serious but not insurmountable flaws in the way lawyers are protecting themselves from cyber-attack.

“Lawyers, along with doctors are the two professions which handle most of our confidential information on a day-to-day basis,” he says.

“It’s incredibly important that their cyber security practices are improved to protect their clients and themselves.

“Imagine if a lawyer you’d engaged to draft a will had their email compromised and a cybercriminal gained access to all of the information contained in that will?

“Trials could also be affected if key documents related to arguments are inaccessible due to a ransomware attack like the Wannacry attack in 2017.”

The research identified five key areas for immediate improvement:

  • Turn on automatic software updates on all devices.
  • Utilise cybersecurity countermeasures like antivirus and firewalls on computers and smartphones.
  • Encrypt sensitive client data, especially when sent via email.
  • Limit use of third-party email services such as Gmail and Hotmail.
  • Report cyberattacks to government initiatives such as [CERT NZ].

Last updated on the 16th September 2019