Home » Law firms need to consider increasing cyber security measures in 2021

Law firms need to consider increasing cyber security measures in 2021

Posted by Jeremy Duffy | 21 December 2020 | Corporate Finance

Nexus’ Principal and legal tech expert Jeremy Duffy discusses the three key things legal businesses need to undertake to start 2021 in a more cyber-secure position.


Nexus Principal and legal tech expert Jeremy Duffy recently chaired a session on cyber security and legal practice management at the Legal Technology Conference [i], held by the South Australian Law Society.

The session focused on how law firms can greatly reduce the risk of and damage from cyber-attacks and IT breaches through good online practices and employee education.

“Law firms and legal industry suppliers are high value targets for ransomware and cyber-attacks, as the data they house is always client-confidential and potentially industry-sensitive [ii]; and with the exponential business utilisation of technology this past year, law firms and law firm suppliers are becoming increasingly vulnerable to attack,” said Nexus Principal Jeremy Duffy.

Although the focus of the session was on law firms, Jeremy stresses that the issues raised are similar across all businesses and government generally.

The three key themes which emerged from the cyber security session chaired by Jeremy were:

  • Increased use of technology is leaving firms vulnerable: The impressive increase in technology uptake and use within law firms, such as audio visual and team management platforms, as a result of COVID-19 has significantly increased the risk of cyber-attack.
  • Cyber-attacks are increasingly being socially engineered: The number one enabler of cyber-attacks is ‘social engineering’; a process using deception to manipulate individuals into divulging confidential or personal information for fraudulent purposes. All that is needed is a telephone and Internet connection.
  • The importance of the ‘Essential Eight’ [i]: The Australian Cyber Security Centre has outlined eight essential practices businesses can and need to do to restrict the possibility of cyber-attack including regular software updating, restricted administration privileges, multi-factor authentication and daily backups.

“The global and social events of 2020 have changed the world forever,” said Jeremy, “The utilisation of technology within businesses and at home increased exponentially and will not diminish going forward. Technology is now a key enabler of business engagement, but it brings with it all of the risks of managing the security and integrity of business data and operations.”

Looking towards 2021, Jeremy said, “As the effects of COVID-19 continue to play out domestically and internationally, the three key things all business owners can do over the Christmas break to start 2021 in a more cyber-secure position are:

  1. Audit your online cyber security defences: “This includes ensuring that all applications are the ‘latest version’, complex and unique passwords and multifactorial authentication are in place where possible, and data backup and retrieval processes are working appropriately and securely”.
  2. Assess which parts of your business may be vulnerable to cyber-attack: “I highly recommend businesses take the time over the break to assess the technologies they use which may be vulnerable to cyber-attacks and to invest in the technology tools and processes available to mitigate risk in those areas.”
  3. Educate all levels of staff on the importance of cyber-security practices: “Develop a staff awareness strategy so that employees can recognise the key cyber security threats, such as social engineering, phishing, watering hole attacks and ransomware infiltration, and collectively guard against them.”

“As well as investing in and integrating the latest IT security technology platforms, one of the best approaches any law firm can undertake to help protect their business from cyber-attack is to ensure their staff are well educated in identifying potential cyber threats, and that their business operations include robust procedures to constantly assess for potential vulnerabilities,” said Jeremy.

Jeremy Duffy sits on the Legal Technology Committee of the Law Society of South Australia.


[i] Australian Cyber Security Centre, Essential Eight Explained

[i] The Law Society of South Australia, Legal Technology Conference, 22 October 2020

[ii] Lawyers Weekly.com.au; Hackers threaten to leak data from legal services firm, 25 November 2020

Nexus has changed the way legal services are delivered: Better, Faster, Simpler
Nexus is a law firm of depth and innovation with a national footprint, led by a peer group of like-minded senior professionals. We deliver solution-focused legal services without the pretense. Our clients enjoy direct access to senior lawyers, who are trusted advisors and use our advanced group systems. This allows us to deliver time and cost efficiencies to clients. At Nexus, we deliver the right advice our clients need at the right time to make a real difference in their business.

 This publication is © Nexus Law Group and is for general guidance only.
Legal advice should be sought before taking action in relation to any specific issues. 

Related Articles

Repeal of Covid Business Protection January 2021

18 January 2021 | Corporate Finance |

In a bid to support the Australian economy and business during the pandemic, the new Coronavirus Economic Response Package Omnibus Act restricted the ways that creditors could recover their debts. These COVID-driven debtor relief measures have now expired.

Australia’s new Payment Times Reporting Scheme will commence 1 January 2021

01 December 2020 | Corporate Finance |

With Australia’s new Payment Times Reporting Scheme commencing 1 January 2021, large businesses in Australia will start the new year having to publicly report their payment practices to small businesses.