Attwood Marshall Lawyers Property & Commercial Department Manager and Senior Paralegal, Jess Kimpton, discusses cyber crime on property transactions and what Attwood Marshall Lawyers has implemented to put security first as Australia prepares for more cyber-attacks.
Introduction
Australia ranks in the top five most targeted countries for cybercrime.
Cyber-attacks are sophisticated operations which are a serious threat to businesses across all industries.
It comes as no surprise that customers are becoming more hesitant and concerned to share their identification and personal and financial information with businesses. However, when someone is buying or selling property, they have no choice but to disclose personal and financial records.
It is important that clients can trust the organisations they hand this information to, having confidence that such businesses have the systems and security measures in place to protect them.
Unfortunately, hacking is an extremely lucrative business. Hackers, and the organisations they are affiliated with make millions of dollars extorting businesses when they gain access to their systems and data, stealing sensitive information and encrypting the file using ransomware.
In September 2022, Optus revealed they had been hacked, impacting 10 million of their customers.
Similar breaches were reported when Medibank was hacked one month later, in October 2022, seeing cyber-criminals gain access to thousands of customer’s data, then releasing the most sensitive information publicly, including mental health diagnoses, pregnancy terminations, and other personal information.
Law firms, big and small, are also attractive targets for cyber-criminals with as many as 16 per cent of law firms stating they have been impacted by cybercrime in recent years, when surveyed by leading SAAS technology innovator, InfoTrack. That means 1 in 10 law firms have fallen victim to cybercrime.
Cyber threats cannot be understated, and businesses must step up to protect their systems, data, and their customers.
What is the government doing to tackle cybercrime?
The 2022 National Plan to Combat Cybercrime
Under Australia’s Cyber Security Strategy 2020, the National Plan was created to tackle the evolving threat of cybercrime. The National Plan focusses on three pillars:
- Prevention and protection: action under this pillar will focus on strengthening Australia as a hostile environment for cybercriminals to ensure that they do not profit from targeting Australian businesses and the community. The focus will also be on supporting industry leadership to prevent and protect against cybercrime threats and leveraging academia and cutting-edge research and development to respond to this ever-changing threat. The government will also focus on working with international partners to enhance global responses to threats of cybercrime.
- Investigation, disruption, and prosecution: under this pillar the focus will be to strengthen criminal justice responses ensuring law enforcement has the appropriate powers to investigate, disrupt, and prosecute cybercrime.
- Recovery: under this pillar there will be a focus on continuing to build awareness among victims of cybercrime and help victims access resources on recovery and report cybercrime incidents. There will also be a focus on how government can continue to support organisations specialising in post-incident support services.
Click here to see the complete plan and the roadmap to implement action.
The government has also established the National Office For Cybersecurity to attempt to deliver a more coordinated approach to cybersecurity.
The Privacy Act 1988 was also recently amended to promote and protect the privacy of individuals. The latest legislative changes include:
- Implementing an increased fine of up to $50 million for businesses or organisations who experience serious or repeated privacy breaches, and $2.5 million for an individual. Such breaches may also be regarded as a criminal offence.
- Strengthening the Notifiable Data Breaches Scheme
- Giving new powers and additional funding to the Office of the Australian Information Commissioner (OIAC) to demand information, investigate and impose penalties for actual or suspected privacy breaches.
- Expanding coverage to practices outside of Australia if the entity operates in Australia, or collects or holds information about us directly from an Australian source.
What is PEXA doing to ensure their system is safe?
With the ongoing risk of cybercrime, and the sensitive nature of property transactions, PEXA have released the following security updates and alerts this year:
Scam – Fraudsters targeting buyers and sellers
PEXA identified an incident where a scammer was fraudulently posing as one of their members (a law firm). The cyber-criminal conducted a “phishing” attempt on the law firm’s client, attempting to deceive the client into providing their bank account details. The cyber-criminal used the firm’s email address with additional characters added, attempting to fleece the client.
To protect against scams like this, PEXA recommend law firms use PEXA Key. PEXA Key is a free app which has been built for the industry to eliminate the risk of email phishing and fraud, enabling clients to provide their bank details to their lawyer safely. The app is backed by PEXA’s Secure Communications Guarantee. The Guarantee protects buyers and sellers if communication of bank account details is corrupted within the PEXA platform or intercepted due to fraud.
Once information has been entered via PEXA Key, it cannot be altered in the workspace.
Security incidents – fake emails instructing lawyers where to transfer funds
There have been incidents where emails to legal practitioners have been intercepted by cyber criminals, who update banking information details within the email so that when the lawyer receives the email stating where surplus funds must be paid, the account details the funds will be transferred to different to that of the client.
Following this incident, PEXA served a stern reminder to all legal practitioners to discuss these types of scams with their IT providers, and undertake a review of their systems, to ensure the possibility of compromise is limited.
For small firms who may handle their IT systems internally, this should serve as a strong warning to ensure they have the professionals and knowledge required to handle these types of security incidents and put the preventative measures in place.
Security recommendations
PEXA recommends the following to ensure transactions remain secure:
- Implement virus protection to identify and remove viruses immediately.
- Enforce reporting procedures for all employees who have access to PEXA.
- Monitor the workspace to identify any unusual or suspicious activity on an ongoing basis.
- Manage digital certificates appropriately and never share with any other user. Digital certificates should be protected with a PIN or passphrase and digital certificates should be disconnected from a computer when a user is no longer accessing the PEXA system. Each signer must also have their own unique Digital Certificate.
- Audit user profiles, ensuring that inactive users are immediately removed.
- Implement a firewall to monitor outgoing and incoming information traffic and block attacks from outside threats
- Always comply with patches, updates, and fixes to the system. If an update is available, implement it immediately. Patches can be automatically enabled to ensure systems are always updated in a timely manner.
- Use a strong password. Passwords should never be reused more than one, should never be shared with others, and should be changed every 6-8 weeks.
PEXA continues to keep their members up to date with cyber risks and lead the way in security, ensuring customers can have confidence in their property transactions.
Attwood Marshall Lawyers – ensuring legal matters and property transactions are secure
Attwood Marshall Lawyers remain up to date with communication released by PEXA and follow all recommendations.
Beyond adopting PEXA’s recommendations, we also implement strategies to prioritise compliance and system security.
Attwood Marshall Lawyers have partnered with one of the country’s top IT Security providers, Sentrian, who deliver world class protection. We use the best practice management software and property transaction programs on the market, ensuring our lawyers follow strict protocol when handling sensitive information.
We also deliver training for our staff to ensure everyone is informed and on aware of cyber security threats. We are connected to our IT providers 24/7 to be able to identify and respond to any threats immediately.
If you are buying or selling property, make sure that your most valuable investment is in the hands of someone who will protect your best interests, including your data!
To discuss our property and conveyancing services, please contact us anytime on 1800 621 071 or email jkimpton@attwoodmarshall.com.au
