Skip to Content

To help law practices protect their clients’ data and meet their legal and ethical obligations, the following tables set out minimum cybersecurity expectations. They also list examples of unacceptable cybersecurity practices that we consider capable of amounting to unsatisfactory professional conduct (UPC) or professional misconduct (PM).

Law practice principals should use the tables below as a guide to the basic system and behavioural controls you need to implement. This includes the critical system controls without which your practice is most vulnerable. If there are any critical controls that you are yet to implement, these should be your highest priority.

System controls and behavioural controls are two types of cybersecurity measures to protect information systems and data:

  • System controls encompass the technical safeguards implemented within an organisation's information systems to protect against external threats and vulnerabilities.
  • Behavioural controls focus on influencing and regulating human behaviour to minimise security risks.

Both types of controls work together to protect your law practice from any potential security threats. Many of them will be straightforward for individuals to implement (e.g. turning on automatic software updates). However, you also need to consider whether your practice requires additional security measures, based on its size and capability, the type of work you perform, and the nature and location of your clients.

If you require support or guidance to understand and implement these controls, or to determine which additional controls are right for your practice, we recommend engaging an IT security consultant. Your professional association may also be able to assist you. Community legal centres can contact the Federation of Community Legal Centres for further support.

Last updated on

Cybersecurity

Last updated on

Why cybersecurity matters and what you need to do

Cybercrime is a major risk for law practices of all sizes. The large sums of money and sensitive information entrusted to law practices make them targets for hackers and cybercriminals.

Implementing strong cybersecurity protocols and good practices is an essential and expected part of competent practice management. Principals play a crucial role in both implementing these measures, and ensuring that all staff not only understand but also consistently adhere to them.

Failing to protect against targeted and opportunistic cyberattacks can have serious consequences. Your practice, clients, other parties you do business with, and even the wider legal system may be impacted.

While this is a complex area, we offer two resources to help you take the necessary steps to strengthen your cybersecurity.

Last updated on
Zen garden with three stacked stones and racked sand

Wellness for Law Forum returns in February

As part of our commitment to fostering a culture of wellbeing within the legal community, we're joining the Law Institute of Victoria (LIV) in supporting this unique annual gathering of academics, lawyers and law students.

Orange graphic shapes on navy blue background

Commissioner Update - December 2023

In this issue: Cybersecurity | Annual report highlights | Detailed SLP survey results | Exploring legal costs | Keeping Women Out of the Justice System | Sexual harassment positive duty and more.

Teal graphical image with aqua detail

Early career lawyers’ experiences of supervised legal practice: 2023 survey

As part of the annual practising certificate renewal period we survey Victorian lawyers to find out more about their working lives.

Orange graphics on a teal background

Protect your law practice from cyberattacks

Implementing appropriate cybersecurity protocols is essential for competent practice management. Here's what you need to do.

Publication

Grants program measurement framework

Outcomes and indicators to help grant applicants.

Form

2024 Change Grants application

PDF version of the form to help applicants.

Publication

2024 Change Grants guidelines

Everything you need to know before applying in the 2024 grants round

Subscribe to Lawyers Back to top