AML Onboarding & VOI

Compliant client onboarding and identity verification

AML/CTF Compliance Centre

Complimentary, all-inclusive AML/CTF solution

Searches and Certificates

Order all your searches and certificates in one place

Property Interface

A dynamic, matter specific environment

Family Law Interface

Manage family law matters with one solution

Wills & Estates Interface

Simplify estate administration and planning

Contract Review tool

Review contracts faster with AI-assisted precision

Settlement Services

Electronically lodge registry documents and settlements

Financial Disclosure

Securely collate client financial documentation

Process Serving

Serve documents fast with tracking

Practice Management Integration

Streamline administrative tasks and optimise workflows

Integration Support Guides

Access our support guides for comprehensive self-help assistance

InfoTrack Connect

Allows suppliers to connect their products and services with the InfoTrack Ecosystem

Next Gen Integration

Learn how software and integrations can transform the way you work

News and Insights

Find out the latest industry updates

AML/CTF Training

Take on compliance with confidence

Events and Webinars

Take your professional development to the next level

Cyber Security Awareness Training

Build your cyber resilience

Property Market Update

Discover leading edge property insights

2025 State of Real Estate Report

Insights from Australian Buyers and Sellers

playbook playbook white logo
Monthly digest covering the latest news for legal and conveyancing industries.

About Us

Learn more about who we are and what we do

Our Team

Find out who drives InfoTrack's innovation and strategy

Join Us

Be a part of our award-winning culture

Media

Featured media releases and mentions

Contact

Get in touch with a member of our team

Awards

Showcasing our people, solutions and service

Discover our award-winning technical innovations.

Cybercrime: Targeting the law with Dr Graeme Edwards

Cybercrime

We do everything online now; from ordering groceries to doing our banking. As internet use becomes more integrated into our everyday lives, so too does the threat of cybercrime. We’ve been hearing a lot about cybercrime over the past couple of years, which begs one to question, are attacks of the cyber-type becoming more prevalent? We recently sat down with cyber investigator, Dr Graeme Edwards to get some insight into cybercrime and find out why the legal industry has become a major target.

What is cybercrime?

G: Cybercrime can cover a lot of things, but generally it’s the use of technology to commit criminal offences. Cybercrime can be an act of internal crime, or it could be an attack on a particular system to take out a computer. It can be a person in another country attacking you purely because they’ve found online that your computer has a vulnerability. It could also be a specific attack to steal intellectual property, credit cards, client lists, email lists and so on. It’s a very wide thing that covers the use of technology, internal and external to an organisation and unfortunately, it’s absolutely rampant.

Why do they do it?

For whatever reason makes sense to them. Money is always a big motivator. Some people do it for power because they love having the power on the internet to destroy and walk over others. Revenge can also be a motivator. And sometimes it’s just pure ego; the fact that they have the power and the capacity. There are a lot of motivators. While it may not make any sense to us, it really depends on what’s going through their minds at the time.

Why target law firms?

Law firms hold very sensitive information, and there have been some examples recently of UK law firms getting hacked into. For example, intellectual property trademark lawyers might have an IPO coming up, or something like that. Have a look at the work law firms are doing in the commercial field. Two companies might be in a dispute over something, there might be something happening that could affect the share price of an organisation on the ASX – all of these sorts of things. There’s very, very important information stored by law firms, and unfortunately, to the bad guys, that’s got value.

What are the most common vulnerabilities?

People and their computers, the operating systems and applications not being secure. When the likes of Microsoft or Apple release operating systems updates, the bad guys know that there’s a certain period of time where there are vulnerabilities in the system before you update it. You might have operating system 10.2, and the manufacturer releases version 10.3. The difference between 10.2 and 10.3 are some vulnerabilities they have identified. 10.3 patches it, however, this means that 10.2 doesn’t, so attackers will attack those vulnerabilities for those who haven’t updated their system.

Another common vulnerability is the human – never trust anyone you meet online, particularly on social networks, because you literally don’t know who you’re dealing with. One of the most common ways of breaking into a system is through phishing emails; where you click on a link or download an attachment which ends up compromising your system and the whole network.
Unfortunately, one of the most common vulnerabilities is not understanding the system or what the internet is and the environment when you go online. The internet can be a very hostile, aggressive place but you can’t see it because we’re all busy online doing whatever we do there (shopping, banking, social media, research etc). Unfortunately, if you don’t regularly check and update your operating system and your wits about you when online, you can potentially be a simple target.

How can businesses protect themselves?

Get expert cyber advice from IT professionals. The Australian Signals Directorate have some very good advice on how to protect your systems. Australian Cyber Security Centre also have advice that is easy to read.

There’s no ABC for protecting all organisations. Often, it’s unique to each organisation; how they’re structured, where employees work, how remote they are and who needs to access what. However, there is a lot of help available. As a first step, I would recommend having a pre-incident response plan in place, so that if you find that your organisation has suffered a major cybercrime, you can pull out of the drawer the incident response plan that says, ‘this is what we do in these particular circumstances and these are the people who we need to contact immediately’.

If you’ve enjoyed reading this blog post, be sure to check out our podcast with Dr Graeme Edwards.