In February, ARNECC released version 6 of it’s Model Participation rules. Section 7 strictly addresses ‘obligations regarding system security and integrity and explains that a Subscriber must “ensure that each of its Users has received training …including cybersecurity awareness training covering as a minimum:
- secure use of the ELN,
- secure use of the Subscriber’s Systems and
- secure use of email and other electronic communication.”
In addition to the Subscriber themselves receiving training, other principals, Officers, employees, agents and contractors who access the Subscriber’s Systems must receive cyber security awareness training covering the above.
What does this mean for my firm?
Since May 2020, ARNECC has recommended cyber security training after conducting a security review. The reason being that “Cyber security is of broader relevance to Subscribers and is not limited to transactions with land.”
With ARNECC now mandating that firms must undertake training to protect themselves from cyber fraud, this can mean added pressure on firms to satisfy such requirements. But there are solutions in place to support firms like yours to manage such requests.
Cyber security scams and hacking are unfortunately on the rise. Protecting your firm’s private information and keeping your client’s data safe goes a long way to enhancing your reputation and growing your business.
Early in 2020, InfoTrack spoke with David Bowles from the Queensland Law Society. David told us about the risks that law firms were facing at the beginning of the COVID-19 pandemic when the transition to remote work was paramount and uncertainty was high. David shared a case study of a Queensland firm who were unfortunately victims of cybercrime, highlighting just how important training and good practices are.
“A regional firm in Queensland couldn’t log into their trust account. Fortunately, they were on the ball and didn’t just write it off. They said, ‘no there’s something not right here.’ When they couldn’t get on to the website, they got straight on to the bank. The bank told them that there were transactions going on. One had been affected during their lockout period and they very quickly ascertained that $40,000 had been withdrawn from their trust accounts without authorisation.”
How do I avoid this happening to me?
David suggests that cyber security “is a matter of governance as opposed to a technical problem. We use the word cyber security, but it’s really information security and fraud resistance and that involves taking all the moving parts with them.” Firms must consider;
- how people do their job,
- what the firm policies are,
- how well those policies are explained and followed,
- knowing the basic network that people operate on.
In the case study David describes, the firm had a good outcome because they rigorously checked their trust account every day and their trust accounts administrator knew if there was something wrong to follow up on it straight away. The combination of people, process and technology helped to make sure there were backups in place to prevent further issues.
Knowing this, how do I achieve compliance?
By completing Cyber Security Awareness Training, you and your staff can learn more about how to identify fraud activity, how to protect yourself from hacking attempts and what to do if your computer is hacked.
InfoTrack has partnered with CryptoAustralia to offer all FilePro clients complimentary Cyber Security Awareness Training. For 1 CPD unit, the training can be completed anywhere at any time and covers:
- What is payment redirection fraud?
- How does payment redirection fraud work?
- How to tell if you have been hacked
- What to do if you get hacked
- What to ask your IT provider
- Cyber insurance
The training consists of two 30-minute online presentation modules. To complete the online training and receive certification, both training videos must be watched and the quiz for each section, completed.
I’ve completed my training. What next?
Now you know what to look out for with a cyber attack and how to prevent your firm from being the victim or target of such sinister actions. To assist FilePro clients even further, InfoTrack has developed a Cyber Security Checklist that covers who in your firm needs training and what to do if you think your firm has been the victim of a cyber attack. The checklist replicates guidelines set out by ARNECC and can be found on our Cyber Security Awareness Training homepage. When preparing for cyber security compliance, a subscriber or compliance officer should take the lead in completing the relevant documentation.
Cyber security is now more important than ever before, and it is crucial to use secure platforms. InfoTrack’s suite of cloud-based products has been built for lawyers and conveyancers to use anywhere, at any time, ensuring their firms remain productive and efficient. To find out how you can keep your firm safe from hacking, get started with InfoTrack today.
InfoTrack is the leading innovator in legal technology. We provide an integrated platform that enables our clients to find, analyse, organise and communicate information efficiently and effectively. InfoTrack has been at the forefront of helping businesses through technology innovation for over 21 years and has a deep understanding of the legal conveyancing industry with over 8,000 legal clients across Australia.