The guidance highlighted common threats like business email compromise and ransomware
The New Zealand Law Society has published a guidance on cyber safety in legal practice.
The guidance was released at the close of Cyber Security Awareness Month last month. It highlighted business email compromise (BEC), ransomware, phishing and credential theft, and third-party or supply-chain compromise as common cybersecurity threats.
In BEC, cybercriminals redirect trust-account payments by pretending to be lawyers or clients. With ransomware, attackers lock systems or encrypt data, charging a ransom for their retrieval.
In phishing and credential theft, login details are obtained through malicious links or attachments. With third-party or supply-chain compromise, the ones attacked are IT providers, cloud storage or document-sharing services.
Small firms, particularly those holding client funds or commercially sensitive information, are not exempt from being cyberattacked, according to the New Zealand National Cyber Security Centre (NCSC) and CERT NZ.
The Law Society recommended that law firms determine whether external platforms for cloud and AI tools satisfy privacy and confidentiality requirements. It suggested that lawyers avoid providing sensitive client information to unprotected generative AI tools.
It recommended that organisations confirm fund transfer instructions with clients by phone or in person. It also suggested that organisations get specialist cyber insurance. The Law Society also urged organisations to check where client information is kept and processed, especially if they are working with overseas vendors.
Law firms were urged to implement the following general cybersecurity measures:
