Law Team Cyber Security & Fraud Prevention Policy

Law Team is committed to protecting our clients’ information and funds from cyber risks. Cybercrime targeting law practices is on the rise, with threats like phishing emails, business email compromise (BEC), and impersonation scams becoming increasingly sophisticated. The Law Society of NSW has reported a surge in such scams and urges law practices to educate clients about these risks. In line with current cybersecurity best practices and professional conduct guidance from the Law Society of NSW, we have implemented this Cyber Security & Fraud Prevention Policy. This policy explains the measures we take – and the steps we expect you to take – to ensure secure communication and payments. Our goal is to work together with you to prevent cyber fraud and maintain the confidentiality and integrity of your matters.

Our Professional Obligations

Law Team adheres to all professional conduct rules regarding confidentiality and data security. Solicitors in NSW have a duty to maintain client confidentiality and protect sensitive information. Accordingly, we employ robust security measures (up-to-date encryption, secure networks, and multi-factor authentication) and continually train our staff in cybersecurity. We also follow guidance from the Law Society’s insurer, Lawcover, and other authorities to prevent, detect, and respond to cyber incidents. However, effective cybersecurity is a partnership – we need your vigilance as well. This policy outlines how we will communicate securely with you, how you can verify important information, and what steps to take to avoid scams. Please read it carefully and feel free to discuss any questions with us.

Key Cyber Risks to Be Aware Of

Cyber criminals target law firms and their clients because we handle sensitive data and large financial transactions. Below are some common cyber risks and scams you should be aware of:

  • Phishing Scams: Fraudulent emails (or text messages) designed to trick you into revealing personal information, passwords or to click on malicious links/attachments. These messages often appear to come from a legitimate source (such as our firm or a known institution) but are in fact fake. Best practice: Do not click on suspicious links or open unexpected attachments, and never provide login details or confidential information in response to an unsolicited email. If an email from Law Team looks odd or asks for unusual information, contact us by phone to verify its authenticity before taking any action.

  • Business Email Compromise (Email Fraud): In a BEC scam, a hacker intercepts or falsifies email correspondence between you and our firm to divert payments to the criminal’s bank account. For example, a scammer who gains access to an email account might send you an email that looks like it’s from Law Team, instructing you to pay money into a fraudulent account. They may even create fake email addresses very similar to ours, or insert themselves into an email thread. Best practice: Treat any email about bank account changes or payment instructions with extreme caution. Law Team’s bank account details will never change during a transaction and we will not email you about changes to our account details. If you receive any communication suggesting a different account or a last-minute change, do not transfer any funds and call us immediately on our verified phone number (as listed on our website or engagement letter). Never trust a phone number provided in a suspicious email – always use our official contact number to reach us.

  • Impersonation & Voice Scams: Cybercriminals may impersonate Law Team or even you as the client, via email or phone. This can include voice cloning scams, where someone uses technology to mimic a lawyer’s or client’s voice over the phone. You might receive a call that sounds like it’s from our office, requesting urgent payment or sensitive information. Best practice: Be wary of any unexpected requests for money or information by phone. Law Team will never call to ask for your password or confidential log-in codes, and we will not suddenly demand payment to a new account without prior in-person or written verification. If you receive a call purportedly from us that seems unusual or urgent, hang up and call our main office number to confirm the request. Always verify the identity of the person you’re dealing with. Similarly, if we receive unusual instructions appearing to come from you, we will pause and verify with you via known contact details or in person, to ensure it’s really you. This mutual verification protects both parties.

(Note: Other cyber risks include malware and ransomware delivered via phishing, but the above are the most common schemes targeting client-lawyer communications and funds. By following the practices below, we can significantly reduce these risks.)