Skip to Content

Why cybersecurity matters and what you need to do

Cybercrime is a major risk for law practices of all sizes. The large sums of money and sensitive information entrusted to law practices make them targets for hackers and cybercriminals.

Implementing strong cybersecurity protocols and good practices is an essential and expected part of competent practice management. Principals play a crucial role in both implementing these measures, and ensuring that all staff not only understand but also consistently adhere to them.

Failing to protect against targeted and opportunistic cyberattacks can have serious consequences. Your practice, clients, other parties you do business with, and even the wider legal system may be impacted.

While this is a complex area, we offer two resources to help you take the necessary steps to strengthen your cybersecurity.

Minimum Cybersecurity Expectations

In this resource, we describe system and behavioural controls that law practices should implement. We also define conduct that is capable of constituting unsatisfactory professional conduct or professional misconduct.

Not every law practice requires the same set of cybersecurity measures. Some actions we specify may not be relevant to your practice. For instance, controls related to the handling of trust money won’t apply to barristers or community legal centres, unless they operate a trust account.

However, it’s imperative that you review all the minimum expectations thoroughly, as we expect any controls relevant to your practice to be adopted as soon as is feasible.

Critical controls – act now

All law practices should make it a priority to implement as soon as possible what we call “critical controls”:

  1. Multi-factor authentication
  2. Appropriate passwords
  3. Security updates

These controls are easy to put in place and increase your protection significantly, reducing the risk of a cyberattack.

Access Minimum Cybersecurity Expectations online or download below.

Cybersecurity Red Flags and Good Practices

This resource is designed to help lawyers identify warning signs of possible cyber-incidents. We explain good cyber practices and make clear our regulatory expectations regarding verifying client instructions. We encourage principals to share the resource with their staff.

Access Red Flags and Good Practices online or download below.

Further information

The LIV, the LPLC, and the Law Council of Australia all provide information on cybersecurity for lawyers. Community legal centres can also contact the FCLC for support in understanding and implementing the minimum expectations.

We understand that implementing these expectations may take time. However, by taking these basic steps, you can do your part to make sure you, your practice, and the profession are cyber-secure.

Last updated on
* Indicates required field
Back to top