Find us

6/11 Prince of Wales Avenue South West Rocks,
PO Box 16 South West Rocks NSW 2431

T 02 6566 6250

Level 1 22 Belgrave Street Kempsey
PO Box 161 Kempsey NSW 2440

T 02 6562 3300

Cyber security

Cyber security and our firm – what is all the fuss about?

Cyber security and client confidentiality plays a major role in our service to you. Whether we keep your details and dealings on paper or a computer – we need to ensure its security.

Using up-to-date hardware and software is a good start in ensuring electronic data security.

Law Firms have been targeted by cyber criminals for years.

The most common attack is interception of emails to obtain payment information or bank account details.

Sensitive information must not be contained within an email.

A law firm recently advised their client of the amount of stamp duty they were required to pay in a conveyancing matter.

The firm provided their trust account details to their client via email.

The email was intercepted by a cyber-criminal who changed the account details before the email arrived in the client’s inbox.

The client paid the stamp duty to the account in accordance with the email and the money was never seen again.


In another instance, a client emailed a law firm their account details for payment of their share of a deceased estate.

Again, the email was intercepted by a cyber-criminal and account details changed.

The law firm proceeded to pay their client the proceeds of the estate, however the funds went straight into the fraudster’s account instead.


Another recent example of a breach of cyber-security is a law firm who opened an attachment in a suspicious email.

The attachment was malicious and installed ransomware on the firm’s server.

The firm discovered that their backups had not been working for several years and therefore they had no choice but to pay the $5,000 ransom for an encryption key to access their client’s data.

What measures do we take to promote cyber-security?

  • Our firm will never ask you for sensitive information by email;
  • Our trust account details can only be obtained verbally or in print form;
  • Any account details we receive by mail or email are verified verbally;
  • We utilise a secure client portal to share sensitive information with our clients;
  • We use the latest version of security programming and update such programming constantly;
  • Our backups are tested regularly to ensure that in the event of an emergency we can restore our client’s data;
  • Our hardware is updated regularly; and
  • We train our staff to be vigilant about cyber-crime and suspicious emails.

We take Cyber Security seriously! Do you? Our blog How to protect your business from Cyber-Crime is a must read for all business owners.

If you have any concerns regarding cyber-security and your business, or require assistance with your legal obligations to secure your client’s data, contact us.