2 minute read
Members on the Move
• Assessing Risks with Electronic
Service Providers
Advertisement
Electronic service providers who offer to act as an agent to facilitate rapid access to and sharing of information between you and your clients pose specific risks; consider these points in your assessment of their services.
These system-focussed tools will make it much harder for the technical penetration of your systems by cybercriminals but you also need to manage that other layer of system security: people. If you’re thinking only clueless people fall victim to cyber-attacks, think again. Social engineering, or the art of deceiving someone into divulging confidential information, can be pretty sophisticated. It is an art that has been around as long as any confidence trickster. THE MOVE experienced projects, energy and infrastructure lawyer John Doyle as a partner in its projects, infrastructure and construction practice.
John joins the Projects and Construction Team in Adelaide with partners Martin Lovell and Kathryn Walker. John brings experience in the electricity, mining, construction and You can have all the dead-bolts, alarms and locks available – but they will be of no use if you let a thief into your house thinking he or she is just delivering pizza.
This is not just about clicking links in phishing emails, although the successful “spear-phishing” attack on Hillary Clinton’s campaign manager via an “account reset” email purporting to be from Google shows these scams still work. The more sophisticated “pretexters” see hackers spending months developing relationships with staff to build trust or monitoring email traffic before carrying out their attacks. Phishing attacks happen over email, phone and text message. They can be embedded in advertising and turn up in web search results.
Ensuring that you have a cybersecurity training programme in place that is regularly updated is paramount. There are infrastructure project delivery space having prepared, negotiated and advised on connection agreements, supply arrangements, construction related agreements including EPC, design and construction, procurement, equipment supply contracts, operation and maintenance agreements, ECI, alliance and partnering arrangements and other related project documents. also companies who deliver cybersecurity awareness training for staff. Raising awareness of what is out there, and what the latest forms of attack are (pop quiz: what are smishing, vishing, pharming and BEC?) will also go some way to mitigating your risk. You should be doing those small things like hovering over links, inspecting email addresses and thinking before complying with an urgent request for information or payment. All staff should be aware of what to look for and reminded to look for them.
Even if not a single cent of client money is lost, the thought of being locked out of your systems, unable to service your clients and being liable for the cost of getting your business up and running again should be prompt enough to sort this out. Don’t put it off any
MEMBERS ON
Piper Alderman has welcomed back
longer - start today. JOHN DOYLE
John is returning to Piper Alderman after starting his career with the firm in 2001. Since leaving the firm in 2004, John has worked in both Australia and the UK in internationally recognised law firms, and in senior in-house roles with Piper Alderman clients, electricity transmission network service provider ElectraNet, and construction and mining services company Lucas Total Contract Solutions.
