At the Legal Innovation & Tech Fest in 2017, Fiona McLeod, President of the Law Council of Australia delivered an inspiring presentation titled “How Legal Technology is Adapting to Meet Evolving Consumer Demands.”

The post-presentation Q&A session sparked some interesting discussion around cyber security in Australia, and left us with some points to ponder. Specifically, are we too complacent when it comes to cyber security in Australia?

A few points of discussion and comments from the wider audience were:

• How many people save documents in the cloud? How many people have conferences over Skype, Facebook Messenger or other videoconferencing? Do you know that there’s limited security around those things and they are as easy to hack as a mobile phone? We have a fairly poor understanding of the capacity of cybercriminals to attack our privileged and confidential information. We go for the convenient options to manage documents of enormous size. There’s an attitude that it doesn’t matter because anyone looking at those documents would really need to know what they’re looking for. But with data analysis programs becoming more and more sophisticated, and being able to analyse as much data in a single day as we could 30 years ago in 10 years, they will work out and see what information they’re after and what we see as useful and valuable.
• Not all document management systems and all collaboration systems are insecure. Do a bit of research and use the ones which are safe.
• “I’m from North America, and when I talked about doing some more security training here in Australia I was told: “It’s not really as needed, people are very complacent about security here.”  One of the reasons for this, I heard, is that because you’re not required to report breaches in the same way that we are in North America. Shouldn’t this be mandated?”
• The data breach laws have been passed and they’ll come into effect in approximately March 2018. So yes, we are behind, but we’re catching up.
• However, it was announced that the Australian Federal Police (AFP) had been breaching the metadata retention laws themselves, so we do not have a sophisticated system of oversight, checks and balances. We do have laws, but when our law enforcers themselves are breaching them, this means that at the very least we have a very immature system of understanding about how those laws should operate and what checks and balances should be in place. The AFP’s admission that they’ve breached the metadata retention laws by accessing information without a warrant is a perfect example of our lack of sophistication and understanding in this space.
• Cyberterrorism does not have to be theft of intellectual property – consider hacktivism. When representing an unpopular client this is a possible threat.
• Perhaps our complacency towards cyber security is related to our geographical positioning – it makes us think that somehow the online world is a bit further away because we are?
• Changes in behaviour are often often driven by client demand. If corporate clients required compliance with these security standards in order for law firms to undertake their work attitudes would change.

About the Speaker

Fiona McLeod is the President of the Law Council of Australia and practises at the Victorian Bar. She has been recognised with numerous awards for excellence and leadership, for her work in supporting diversity and equality and her work in pro bono and human rights matters.