Top of page
Global Site Navigation


Local Section Navigation
You are here: Main Content

Client data potentially at risk due to lawyers’ lack of cybersecurity

Wednesday, 23 May 2018


Confidential and highly sensitive client data is at risk of exposure according to the authors of new research on the cyber security practices of lawyers.

Professor Craig Valli, Associate Professor. Mike Johnstone and Ms Rochelle Fleming from Edith Cowan University’s Security Research Institute (ECUSRI) surveyed 122 lawyers on their cyber security practices and revealed a worrying lack of knowledge among the profession.

The research was conducted in partnership with the Law Society of Western Australia. It is part of a wider professional development program between the Law Society and ECUSRI.

The findings revealed:

  • 11 per cent of lawyers had no anti-virus protection on their work computer
  • 41 per cent did not know what cyber security countermeasures were in place on their smartphones
  • 64 per cent reported using home or free public Wi-Fi
  • 41 per cent didn’t have automatic updates switched on for their work computer
  • 53 percent forward work-related emails to a non-business email account (Gmail or Hotmail)
  • 94 per cent use email to send confidential data
  • Only 9.4 per cent use encryption to protect client data

Associate Professor Johnstone said there were some serious but not insurmountable flaws in the way lawyers were protecting themselves from cyber-attack.

“Lawyers, along with doctors are the two professions which handle most of our confidential information on a day-to-day basis,” he said.

“It’s incredibly important that their cyber security practices are improved to protect their clients and themselves.

“Imagine if a lawyer you’d engaged to draft a will had their email compromised and a cybercriminal gained access to all of the information contained in that will?

“Trials could also be affected if key documents related to arguments are inaccessible due to a ransomware attack like the Wannacry attack in 2017.”

Indeed, one of the largest law firms in the world, DLA Piper, was one of hundreds of businesses hit by the NotPetya attack in 2017. The attack reportedly shut the firm down for a number of days until their systems were restored.

Professor Craig Valli, (ECUSRI) said that cyber security vulnerability is not unique to the legal profession.

“ECU is working with the Law Society of WA to provide professional development opportunities for lawyers aimed at improving their knowledge of cybersecurity,” he said.

“What is powerful is the proactive position the Law Society of Western Australia has taken in understanding this and the speed in which training has been deployed against these insights” said Professor Valli.

The research identified five key areas for immediate improvement:

  • Turn on automatic software updates on all devices
  • Utilise cybersecurity countermeasures like antivirus and firewalls on computers and smartphones
  • Encrypt sensitive client data, especially when sent via email
  • Limit use of third-party email services such as Gmail and Hotmail
  • Report cyberattacks to government initiatives such as the Australian CyberCrime Online Reporting Network (ACORN)

A Survey of Lawyers’ Cyber Security Practises in Western Australia was presented at the Association of Digital Forensics, Security and Law Conference in San Antonio, Texas.

In 2017 ECU was named as one of just two Academic Centres of Cyber Security Excellence in Australia by the Federal Government.

ECU’s Joondalup Campus is also home to the headquarters of the Cyber Security Cooperative Research Centre, established in April 2018 with $140 million in funding.


Skip to top of page