Proctor : September 2019
39 PROCTOR | September 2019 Whilst Lexon’s policy may respond to third-party losses resulting from cyberfrauds, prevention is certainly better than a cure which involves excess, potential deterrent excess, IT downtime and potential levy consequences, together with the stress and time of managing a claim. Some of the practical steps you can take are outlined below: Use Lexon’s risk management letters, tools and checklists Use the relevant suite of tools developed by Lexon for use in your matter to reduce the risk of the loss of funds through cyberattacks. Cyber is not just a conveyancing issue, attacks have occurred across other areas of practice as well. All of our risk packs have updated cyber warnings and prompts included. Email footers Note our risk alert advice to not put electronic instruction warnings only in your email footer – fraudsters have intercepted these communications and have deleted the footer before sending the fake email – make the warning a part of your standard first retainer letter. You should also use our recently updated Client Cyber Alert (found in our Initial Client Contact Pack) as the first page of your first communication to a client in a new matter. Use ‘two factor authentication’ before any funds are transferred Immediately prior to funds being transferred utilise ‘two factor authentication’ (such as contact via a separately verified telephone number) to ensure that funds are sent to the right account. If a fraudster is monitoring your emails this step will make their job that much harder. Failure to follow these steps can result in a deterrent excess being applied. Have all your staff complete our complimentary online cyber security training course Lexon has released a bespoke online cyber training course. This course has been designed to assist practices to identify situations in which cyber and related fraud risks exist which might expose the law practice to financial losses. Your practice was sent log-on details earlier this year and we strongly encourage you to complete the initial modules that have been released. If you have any queries regarding accessing the course, please contact Anthony Walduck at email@example.com. PEXA platform users If your practice uses PEXA, undertake a regular review of all registered users to check they are your staff. PEXA is aware of instances of compromised practitioner email accounts, allowing an unknown person to intercept a change-in-password email and enter the PEXA system. You will find Lexon’s Cyber Fraud Coverage Information Sheet, which includes a discussion about PEXA issues, on our cyber webpage. Maintain good cybersecurity and be vigilant! Ensure that: • Your virus protection, firewall and operating systems are patched and up to date (note earlier comments on specific PEXA IT obligations if using this platform). • You never click on a link included within an email without first hovering to check the link address. Many of the recent cyberattacks originated from clicking on a link in an email, where there appeared to be no immediate effect. When in doubt, call the apparent sender of the email to query the legitimacy of the email. • You never reveal user credentials and passwords (fraudsters may try and get these by masquerading as potential clients or using other targeted communications – this is covered in our complimentary cyber security training course). • You adopt a less trusting mindset to email communications – healthy scepticism is required. • If you think you may have been compromised, you immediately: • change your passwords (for example, personal, server, domain hosting, PEXA) • have your IT support provider review the matter • contact our risk team who can discuss other time critical steps to take to minimise exposure. • You visit the Australian Government cybersecurity site, staysmartonline.com.au. Cyberfraud risks – steps you should be taking September hot topics Lexon Insurance Pte Ltd ARBN 098 964 740 Incorporated in Singapore Registration No: 200104171C • In 2018 Lexon added cyber workshops to our extensive list of free in-house risk visits. Our cyber risk consultant, Cameron McCollum, takes practices through some simple measures that could have prevented claims we have seen, and system level controls that you can discuss with your IT adviser. If you’d like to get a headstart, you can download our Cyber Security LastCheck and arrange a meeting with your IT adviser now to work through it. If you haven’t already scheduled your practice for a visit, email firstname.lastname@example.org to register your interest. Cameron will be progressively visiting all areas where insured practices have offices. • For the 2019/20 insurance year QLS Council arranged with Lexon to again make top-up insurance available to QLS members who sought the additional comfort of professional indemnity cover beyond the existing $2million per claim provided to all insured practitioners. An application form can be found on our website. • We remind practitioners acting as directors or officers of ‘outside’ companies (or any other body corporate) that the Lexon policy only responds to claims arising from the provision of legal services. Practitioners who assume those roles may wish to seek appropriate advice as to whether they have, or require, directors’ and officers’ insurance. Did you know? Lexon Insurance Pte Ltd is a wholly owned subsidiary of Queensland Law Society.