Assisting Lawyers

Have a query? Call the Helpdesk
PII & RM: +603-2050 2001
BCM General Line: +603-2050 2050
Marsh Insurance Broker: 
     +603-2723 3241 /3388
Font size
  • small text
  • medium text
  • large text

Cyber Crimes - Lawyers Are Not Spared

Raymond Reddington of Messrs Reddington and Co, the Insured Practice (“IP”) acted on behalf of Pavlovich Private Limited Company (“the client”) in a cross border transaction.  The other party was represented by Elizabeth Keen of Messrs Keen and Associates.  Due to the nature of the work and the volume of documents that needed to be exchanged, email became the primary communication tool for both of them.

While preparing a legal opinion for his client, Raymond received an email from Elizabeth forwarding some documents that needed to be attended to urgently.  The email provided Raymond with a link  to retrieve the documents.  After clicking the link, he was then directed to his email login page which prompted him to re-enter the user name and password for the account.  However, once the user name and password were entered, the email account was locked and he could no longer access his email account.

Confused, he contacted Elizabeth to enquire about her email and the documents that he was supposed to review.  Elizabeth informed him that her email was hacked a few days earlier and he should disregard any emails received from her email account.  In fact, she was no longer using the email account after it was hacked.  Raymond was still unaware that the email purportedly received from Elizabeth was actually a phishing email to obtain information such as list of contacts saved in the address book.

The next day, Raymond received several telephone calls from his clients and colleagues regarding an email purportedly sent from his email account requesting for friendly loans and payments for legal fees to be transferred to a local bank account which did not belong to him.  That gave him great shock. .

Raymond no longer has access to the email account, and lost most of his clients’ contacts.  He also was not able to retrieve any email communications with his clients.

To mitigate the situation, Raymond reported the incident to the email provider and created a new email account. He also notified the Insurers about the hacking incident as a circumstance that may give rise to a claim.

Note:
Phishing is used by hackers to obtain information such as user name, password or credit card details.  Victims of phishing will be directed to a clone login page which resembles the genuine web mail login pages such as Yahoo! and Google email.  Once the information is obtained, hackers will obtain the access to email accounts and the recovery of the hacked email account will be difficult.
 
How to protect yourself and your firm from being susceptible to cybercrimes?
  1. Formulate and implement IT and social media policy or guidelines for your firm.
  2. Update your antivirus and firewall.
  3. Use original software for your firm’s IT system.  Using counterfeited software not only gets you fined, it will also expose your firm’s IT infrastructure to malwares and viruses.  Counterfeited software does not provide the requisite supports and updates from the developer if software are affected or compromised.
  4. Scan thumb drives and external hard disks for viruses before opening contents and disable the auto play setting.
  5. Scan all emails that have attachments before opening them.  Viruses and malwares are normally sent by hackers through emails.
  6. If you suspect that your computer has been infected or compromised, inform the IT Department to run a backup of data and format the computer immediately.
  7. For increased security, block access to social media and online file sharing sites such as Facebook, Twitter, Tumblr, Google Drive and Dropbox on the firm’s internet network.  Social media sites are known to be breeding grounds for viruses, malwares and phishing.
  8. Provide IT training for all staff especially new joiners.
  9. If the firm has an allocated budget for IT infrastructure, invest in a secured office email and IT system.  Free email providers such as Yahoo! and Gmail are susceptible to spam emails which contain malwares and viruses.  
  10. Consider purchasing a cyber insurance policy which can allow the firm to be reimbursed for both first party (the firm’s own costs and expenses) and third party (its legal liability) expenses in the event of a cyber breach or attack.

Sources:
  1. Jonathan Ames, Cyber security: Lawyers are the weakest link, The Lawyer (28 October 2013)<http://www.thelawyer.com/cyber-security-lawyers-are-the-weakest-link/?nocache=true&adfesuccess=1>
  2. Ashley Roughton, Cyber vulnerability – minimising the risk, Managing Partner (8 February 2016) <http://www.managingpartner.com/feature/risk/cyber-vulnerability-minimising-risk>
 
The content of this publication is intended to provide a summary and general overview on matters of interest. It is not intended to be comprehensive nor does it constitute legal advice. We attempt to ensure that that the content is current but we do not guarantee its currency. You should seek legal or other professional advice before acting or relying on the content.