In an interview with SMSF Adviser’s sister publication Lawyers Weekly, Clyde & Co partner Jenny Thornton and senior associates Tim Searle and Steven Donley noted that the standard of care expected of companies in relation to cyber threats was increasingly high.
"Your standard of care 12 months ago, 18 months ago or two years ago, is very different to what the appropriate standard is now,” Ms Thornton said.
She suggested the firm had seen an uptick in claims for cyber breaches, citing an example where a hacker intercepted a client’s emails to their accountant and then forged a reply to authorise a trust account transfer.
"It won't be sufficient now just to have an email from clients authorising transfer of trust funds," Ms Thornton added.
As a minimum, she recommended firms encourage face-to-face meetings to establish the clients identify and discuss sensitive information.
In addition, firms should introduce authorisation passwords or security questions for any authorisations, establish confidential storage systems that are disconnected from networks, and double-check email authorisations via alternative means of communication.
“If you're not introducing those systems – the double-checks or triple-checks – you may be considered negligent, under your PI insurance or to the client,” she warned.
This increased responsibility is partly due to growing awareness of cyber attacks, Mr Searle suggested.
“The criminals are getting more sophisticated but they're developing recognisable streams of attack,” Mr Searle said.
“It's quite exciting – for the first time, we can see where it's all heading.”