Cyber security for your practice – 6 priority questions to ask now

February 22, 2017

As a professional services provider, cyber security is mission critical because it enables you to provide timely and reliable service to your clients.

Does your conveyancing or legal practice have a layer of security designed to protect it in cyberspace? You probably will say yes, because you backup data to protect against loss and use firewall for system security. 

But these relate to internal and not external security. But how are you protected when you are working with external platforms?

Here are 6 questions to get you thinking:

1. What does your external service provider do to protect you against brute force attacks?

Through trial-and-error, hackers discover passwords and use them for malicious purposes. Your provider should require a complex password of sufficient length with a mix of numbers, letters and symbols. This exponentially increases the number of possible combinations that hackers must attempt. Your provider should discourage passwords of predictable pattern, and insist on a change of password regularly as well as offer a password lockout after a certain number of attempts. 

2. Are software updates automatically pushed through to all users when they login?

All vendor supplied software you use must be at levels supported by the supplier for example, all upgrades, patches and hot fixes rolled out by the supplier should be implemented without delay. You can check for updates yourself, but your provider should take control of this for you to ensure system integrity.

3. Is all data stored in Australia?

Data that is stored overseas may be subject to the laws of another country. Data sovereignty matters because it impacts on your privacy obligations and security measures. Did you know even if you use a local provider, your data can still be sent abroad? This may occur when the provider has a branch overseas, or the provider's systems are shared for other reasons.

4. Is all data encrypted in transit?

Malicious operators can intercept your data if it is transmitted across unencrypted networks. Unauthorised access jeopardises the security of your data. Data encryption in transit should be the minimum security standard adopted by your provider. 

5. What does your provider do in terms of backup?

Did you know it is important that backups are done both offsite and onsite? Offsite backup should be via continuous automated sync, or set to sync by users at logout or other predetermined points. Onsite backup, such as on the users' desktop, should be available so users can work offline if required.

6. Does your provider have disaster recovery plans in place (DRP)?

A DRP should be part of any IT framework for business continuity. It puts disaster planning and risk management in perspective and makes it more likely that disasters and risks will be handled smoothly. 

As noted by the Law Council of Australia , cybercrime is a problem that every business address, and it is an ongoing problem with new risks constantly emerging.

At SAI Global, we understand cyber security is important to you. We are committed to the mitigation of information security risk and the safeguarding of data. Discover how Conveyancing Manager tackles all the above priority areas by contacting us today.

Read more about SAI Global's commitment to cyber security:
• SAI Global is an Official Champion of Data Privacy Day