Proctor : September 2018
23 PROCTOR | September 2018 Whilst Lexon’s policy may respond to third-party losses resulting from cyberfraud, prevention is certainly better than a cure which involves Excess, potential Deterrent Excess and potential levy consequences together with the stress and time of managing a claim. Some of the practical steps you can take are outlined below: Use Lexon’s conveyancing protocol letters, tools and checklists Use the suite of tools developed by Lexon for use in conveyancing matters to reduce the risk of loss of funds through cyberattacks. These same measures can be adapted for use in other transactions. Email footers Note our risk alert advice to not put electronic instruction warnings only in your email footer – fraudsters have intercepted these communications and have deleted the footer before sending the fake email – make the warning a part of your standard first retainer letter. Our letter packs across all areas of practice contain these warnings. Use ‘two factor authentication’ before any funds are transferred Immediately prior to funds being transferred utilise ‘two factor authentication’ (such as contact via a separately verified telephone number) to ensure that funds are sent to the right account. If a fraudster is monitoring your emails, this step will make their job that much harder. Failure to follow these steps can result in a Deterrent Excess being applied. Have all your staff complete our complimentary online cybersecurity training course Lexon has released an online learning module, Cyber Security Training. This module has been designed to assist practices in identifying situations where cyber and related fraud risks exist which might expose the law practice to financial losses. The module can be found at lexoninsurance.com.au . PEXA platform users If your practice uses PEXA, undertake a regular review of all registered users to check they are your staff. PEXA is aware of instances of compromised practitioners’ email accounts, allowing an unknown person to intercept a change-in-password email and enter the PEXA system. Maintain good cybersecurity and be vigilant! Ensure that: • Your virus protection, firewall and operating systems are patched and up to date (note earlier comments on specific PEXA obligations if using this platform). • You never click on a link included within an email without first hovering to check the link address. Many of the recent cyberattacks originated from clicking on a link in an email, where there appeared to be no immediate effect. When in doubt, call the apparent sender of the email to query the legitimacy of the email. • You never reveal user credentials and passwords (fraudsters may try and get these by masquerading as potential clients or using other targeted communications – this is covered in our complimentary cybersecurity training course). • You adopt a less trusting mindset to email communications – healthy scepticism is required. • If you think you may have been compromised, you immediately: • change your passwords (for example, personal, server, domain hosting, PEXA) • have your IT support provider review the matter including IP addresses accessing your server, monitoring for any new Outlook ‘rules’ and analysing suspicious ‘clicked on’ links • contact our Risk team who can discuss other time-critical steps to take to minimise exposure. • You avoid password reuse across different services – make sure that the password that you are using for your work email service is not used for other services like Dropbox, Hotmail, Facebook, etc. • You make sure email auditing is enabled. You can check this with your IT support provider. • If you aren’t using it, you disable it. For example, if you only access Outlook on your workstation, consider whether your IT support provider should disable Outlook Web Access. • You visit the Australian Government cyber security sitestaysmartonline.gov.au . Cyberfraud risks September hot topics Lexon Insurance Pte Ltd ARBN 098 964 740 Incorporated in Singapore Registration No: 200104171C • The foreign law exclusion in the policy has a carve-out for ‘pre-approved’ foreign law work. As business becomes more international, Lexon recognises that retainers from time to time will touch upon matters involving foreign law. The policy response seeks to strike a balance by providing coverage to practices that can demonstrate sufficient experience and skill in these specialised areas, whilst at the same time protecting the insured cohort as a whole from the cost of claims that arise where practices become involved in foreign law matters outside of their competence. If you would like to seek pre- approval, please complete the application form available on our website. • For the 2018/19 insurance year, QLS Council arranged with Lexon to again make top-up insurance available to QLS members who sought the additional comfort of professional indemnity cover beyond the existing $2 million per claim provided to all insured practitioners. An application form can be found on our website. • We remind practitioners acting as directors or officers of ‘outside’ companies (or any other body corporate) that the Lexon policy only responds to claims arising from the provision of legal services. Practitioners who assume those roles may wish to seek appropriate advice as to whether they have, or require, directors’ and officers’ insurance. Did you know? Lexon Insurance Pte Ltd is a wholly owned subsidiary of Queensland Law Society.