Software and virus protection
1/20
Do you have a process in place to ensure that new software patches are applied to your operating system and software?
Software and virus protection
2/20
Do you have antivirus protection in place and is it kept up to date?
Data storage and back-ups
3/20
How often do you complete data back-ups?
Data storage and back-ups
4/20
When did you last check that your back-ups are readily accessible and able to be used/not corrupted upon retrieval?
Data storage and back-ups
5/20
Where are back-ups stored?
Data storage and back-ups
6/20
Where data is backed up in the cloud, what authentication procedures are required by the cloud provider to ensure that unauthorised users are not able to access the practice's data?
Do you accept and act upon a client's directions for payment that are:
Do you inform your clients in writing that you will never send them an email changing your trust account details or asking for money to be sent to an account other than your trust account for property transactions or other major payments?
Have all staff members been advised to telephone to check payment directions received from other solicitors, when these are received by email?
What are the possible consequences for the law practice if it transfers monies held on trust to the wrong bank account via internet banking?
Staff risk-awareness and training
11/20
Have you incorporated cyber risk awareness in your staff policies and training?
Staff risk-awareness and training
12/20
Does your practice have a BYO device security policy for staff members who are able to access work files on non-company devices such as smart phones, tablets or home computers?
Staff risk-awareness and training
13/20
Have you advised all your staff members in writing of the importance of using passwords that are unique to the workplace only?
Staff risk-awareness and training
14/20
How often are you and your staff automatically required to regularly change your passwords?
Staff risk-awareness and training
15/20
Have you discussed with staff the risks associated with clicking on attachments or hyperlinks in emails that look unusual or suspicious, and which could contain viruses, ransomware or other malware?
Staff risk-awareness and training
16/20
Have you discussed with staff the risks associated with using free or unsecured WiFi, importing material onto the law practice's computer network through a USB drive, and taking confidential material outside the workplace via USB, mobile phone or laptop?
Staff risk-awareness and training
17/20
Are you and your staff aware of the risks of sending confidential information by unencrypted email or text message?
Data security breaches and privacy protection
18/20
Have you considered whether the Mandatory Breach Reporting regime under the Privacy Act 1988 (Cth) will apply to your law practice?
Do you have an emergency response plan for what to do in the event of a cyber-attack?
Protection under the group cyber risk policy purchased by Lawcover
20/20
Are you aware that Lawcover has purchased a group cyber risk policy that provides foundational cover of $50,000 for all its insured law practices, and that this includes crisis assistance and technical support following a cyber event?