Fasten your cyber seatbelts: Cybersecurity tips for lawyers

Fasten your cyber seatbelts: Cybersecurity tips for lawyers

Episode Summary: Cybersecurity failures rarely start with sophisticated hacks. They start with exploiting everyday habits and loopholes that are easy to overlook. In this episode, we unpack cybersecurity for lawyers with one clear message: prevention is better, and much cheaper to implement, than the cure. Guest: • Chris Schwinghamer, Chief Information Officer, Victorian Legal Services Board and Commissioner • Specialist in digital strategy, cybersecurity and data governance in regulatory environments • https://au.linkedin.com/in/chrisschwinghamer [https://au.linkedin.com/in/chrisschwinghamer] Host: • Jayne Gurton, Law Institute of Victoria • podcasts@liv.asn.au | https://www.linkedin.com/company/law-institute-of-victoria [https://www.linkedin.com/company/law-institute-of-victoria] Episode Overview: Cybersecurity and cyber risk mitigation for lawyers is no longer just about anticipating and preparing for the worst case scenario. It is about managing routine tasks and habit. In this episode, Chris Schwinghamer explains why law practices are attractive targets for cyber crime and how simple behaviours can significantly reduce exposure. The discussion covers cyber hygiene in legal practice, including password management, multi-factor authentication, software updates, phishing awareness and safer use of social media. We also explore remote work risks, public Wi-Fi, VPN use and protecting devices when travelling or working outside the office. This episode focuses on practical, low-cost actions that support client confidentiality, professional obligations and compliance with minimum cybersecurity expectations. Topics & Timestamps: • 02:55 Common cybersecurity vulnerabilities in law firms • 04:44 Strong passwords, passphrases and password managers • 06:36 Why software updates matter for ransomware prevention • 08:28 Phishing red flags and business email compromise • 10:55 Social media hygiene and over sharing risks • 12:29 VPNs, public Wi−Fi and remote work security • 13:50 Securing devices when working outside the office • 15:12 Where to find trusted cybersecurity resources Key Takeaways: • Cybersecurity risk often comes from small, routine decisions rather than major system failures • Law practices are high-value targets because of the sensitive information they hold • Long, memorable passphrases and password managers reduce password-related breaches • Keeping systems updated is a critical defence against ransomware • Urgency, impersonation and unusual requests are key phishing warning signs • Simple habits like pausing to verify requests prevent costly cyber incidents Resources & Links: • LIV Cybersecurity Hub – Centralised guidance and CPD resources for practitioners | https://www.liv.asn.au/cybersecurityhub [https://www.liv.asn.au/cybersecurityhub] • Law Institute Journal – Cybersecurity and professional obligations – Editorial analysis linking cyber risk to legal duties | https://www.liv.asn.au/web/law_institute_journal_and_news/web/lij/year/2024/09september/practice_management__securing_your_practice_from_cyber_risk.aspx [https://www.liv.asn.au/web/law_institute_journal_and_news/web/lij/year/2024/09september/practice_management__securing_your_practice_from_cyber_risk.aspx] • VLSB+C Cybersecurity Guidance – Regulator guidance on why cybersecurity is a professional obligation | https://lsbc.vic.gov.au/lawyers/practising-law/cybersecurity [https://lsbc.vic.gov.au/lawyers/practising-law/cybersecurity] • Minimum Cybersecurity Expectations – VLSB+C standards for Victorian law practices | https://lsbc.vic.gov.au/lawyers/practising-law/cybersecurity/minimum-cybersecurity-expectations [https://lsbc.vic.gov.au/lawyers/practising-law/cybersecurity/minimum-cybersecurity-expectations] About This Podcast: Cross-Examined is a new podcast from the Law Institute of Victoria. Tune in to hear experts discuss hot topics in the law and the changes shaping the legal profession. Regular episodes will cover everything from AI and cyber threats to ethical dilemmas, workplace taboos and practice management insights. This podcast is recorded on the traditional lands of the Wurundjeri people of the Kulin Nation. The Law Institute of Victoria acknowledges the Traditional Custodians of Country across Australia. We pay our respects to Elders past and present. Disclaimer: This podcast is for informational purposes only and is not intended to replace professional legal advice. The views expressed in this podcast do not necessarily reflect the views of the Law Institute of Victoria (LIV). The LIV is not responsible for any losses, damages or liabilities that may arise from the use of this podcast. Listeners should seek independent legal advice for their matters. Production Information: • Produced by: The Law Institute of Victoria • Producer and audio editor: Garreth Hanley • Music: Garreth Hanley • Copy and show notes: Louise Surette Connect With Us Email: podcasts@liv.asn.au [podcasts@liv.asn.au] Website: https://liv.asn.au [https://liv.asn.au] LinkedIn: https://www.linkedin.com/company/law-institute-of-victoria [https://www.linkedin.com/company/law-institute-of-victoria] Apple Podcasts: https://podcasts.apple.com/au/podcast/cross-examined/id1858765728 [https://podcasts.apple.com/au/podcast/cross-examined/id1858765728] Spotify: https://open.spotify.com/show/0zvyk5xia4wYv9YWcXphgV [https://open.spotify.com/show/0zvyk5xia4wYv9YWcXphgV] Mentioned in this episode: 2026 Legal Forum advert Legal Forum 2026: Discover the forum where lawyers come to connect, be inspired and stay ahead. The Law Institute of Victoria’s flagship, full-day conference brings ideas, leading experts and the profession together to learn, connect and shape the future of legal practice. Wednesday 10 June | Pullman Melbourne on the Park | https://www.liv.asn.au/legalforum

Cyber incident fallout: What happens when the proverbial bits hit the fan?

Episode Title: Cyber incident fallout: What happens when the proverbial bits hit the fan? Episode Summary: When a cyber breach strikes, the technical problems are only the beginning. In this episode, we examine cyber incident fallout and what really happens inside a law firm once an attack is discovered. From regulatory obligations to client conversations and reputational risk, this discussion unpacks the hard realities lawyers face in the aftermath of a breach. Guest: • Cameron Whittfield, Partner, Herbert Smith Freehills Kramer • Specialist in cybersecurity, information security and emerging technology law • Market-leading adviser on major cyber incident response across Australia • www.linkedin.com/company/herbert-smith-freehills [www.linkedin.com/company/herbert-smith-freehills] • www.hsfkramer.com/our-people/c/cameron-whittfield [www.hsfkramer.com/our-people/c/cameron-whittfield] Host: • Jayne Gurton, Law Institute of Victoria • podcasts@liv.asn.au [podcasts@liv.asn.au] | https://www.linkedin.com/company/law-institute-of-victoria [https://www.linkedin.com/company/law-institute-of-victoria] Episode Overview: Cyber incidents are no longer rare occurrences for law firms, but an inevitable eventuality with long-lasting consequences. This episode focuses on cyber incident fallout and the legal and human challenges that follow a breach. Cameron Whittfield explains what those first chaotic hours in the aftermath of a cyber incident look like, why early decisions on communications and privilege are so difficult to undo, and what regulatory obligations such as the Notifiable Data Breaches scheme need to be planned for and actioned. . This discussion offers practical insights into post breach response and communication, stakeholder relationships and performing under pressure during a crisis. Listeners will learn why preparation matters even more than technology spend and how reputations are shaped by what happens in the aftermath of a breach as much as the breach itself. Topics & Timestamps: • 01:34 The first call – what it feels like when a breach is first discovered • 05:15 Bringing calm and structure to the first 48 hours • 07:16 The human impact inside a firm during a cyber crisis • 09:31 Where responses go wrong and why communication matters • 12:48 Client conversations and professional obligations after a breach • 14:42 Common mistakes firms keep repeating • 29:50 What good preparation looks like Key Takeaways: • The first 48 hours after a cyber incident shape legal, regulatory and reputational outcomes for years • Early communications decisions cannot be undone and require careful judgment • Blame cultures undermine effective crisis response and information sharing • Legal professional privilege must be managed carefully without blocking response efforts • Client trust depends on transparency, process and timing after a breach • Preparation and planning matter more than the size of a firm’s IT budget Resources & Links: • LIV Cybersecurity Hub – Practical guidance and resources for Victorian legal practitioners | http://www.liv.asn.au/cybersecurityhub [http://www.liv.asn.au/cybersecurityhub ] • LIJ: Cyber risk and law firms – Analysis of cyber security obligations for legal practices | https://www.liv.asn.au/web/law_institute_journal_and_news/web/lij/year/2025/02february/law_firms_and_cyber_risk.aspx [https://www.liv.asn.au/web/law_institute_journal_and_news/web/lij/year/2025/02february/law_firms_and_cyber_risk.aspx ] • Office of the Australian Information Commissioner – Notifiable Data Breaches scheme overview | https://www.oaic.gov.au/privacy/notifiable-data-breaches [https://www.oaic.gov.au/privacy/notifiable-data-breaches ] • Australian Cyber Security Centre – Cyber security guidance for professional services firms | https://www.cyber.gov.au [https://www.cyber.gov.au ] • Privacy Act 1988 (Cth) – Legislative framework governing data breaches | http://www.legislation.gov.au/C2004A03712/latest/text [http://www.legislation.gov.au/C2004A03712/latest/text] • Herbert Smith Freehills Kramer Cybersecurity Practice – Insight into cyber incident response | https://www.hsfkramer.com/insights/2023-06/surging-cyber-incidents-regulatory-activity-and-class-claims-in-australia [https://www.hsfkramer.com/insights/2023-06/surging-cyber-incidents-regulatory-activity-and-class-claims-in-australia ] About This Podcast: Cross-Examined is a new podcast from the Law Institute of Victoria. Tune in to hear experts discuss hot topics in the law and the changes shaping the legal profession. Regular episodes will cover everything from AI and cyber threats to ethical dilemmas, workplace taboos and practice management insights. This podcast is recorded on the traditional lands of the Wurundjeri people of the Kulin Nation. The Law Institute of Victoria acknowledges the Traditional Custodians of Country across Australia. We pay our respects to Elders past and present. Disclaimer: This podcast is for informational purposes only and is not intended to replace professional legal advice. The views expressed in this podcast do not necessarily reflect the views of the Law Institute of Victoria (LIV). The LIV is not responsible for any losses, damages or liabilities that may arise from the use of this podcast. Listeners should seek independent legal advice for their matters. Production Information: • Produced by: The Law Institute of Victoria • Producer and audio editor: Garreth Hanley • Music: Garreth Hanley • Copy and show notes: Louise Surette Connect With Us: Email: podcasts@liv.asn.au Website: https://liv.asn.au [https://liv.asn.au ] LinkedIn: https://www.linkedin.com/company/law-institute-of-victoria [https://www.linkedin.com/company/law-institute-of-victoria] Apple Podcasts: https://podcasts.apple.com/au/podcast/cross-examined/id1858765728 [https://podcasts.apple.com/au/podcast/cross-examined/id1858765728] Spotify: https://open.spotify.com/show/0zvyk5xia4wYv9YWcXphgV [https://open.spotify.com/show/0zvyk5xia4wYv9YWcXphgV ] Mentioned in this episode: 2026 Legal Forum advert Legal Forum 2026: Discover the forum where lawyers come to connect, be inspired and stay ahead. The Law Institute of Victoria’s flagship, full-day conference brings ideas, leading experts and the profession together to learn, connect and shape the future of legal practice. Wednesday 10 June | Pullman Melbourne on the Park | https://www.liv.asn.au/legalforum

Sheep in wolf’s clothing: How white hat hackers and pen testing help stop hacks

Episode Summary: Many law firms make a heavy investment in cybersecurity tech, and yet attackers can simply walk straight through their front door. This episode exposes how ethical (and criminal) hackers think and act, revealing why human trust and everyday routines are often a real vulnerability attackers’ exploit. This episode pulls back the curtain on penetration testing, and the white hat hackers who help firms fix weaknesses before criminals can exploit them. Guest: • James Thompson, Director, principal cybersecurity consultant and penetration tester, Malware Security • More than 20 years’ experience testing government, defence and critical infrastructure networks • Specialist in offensive security, social engineering and red team engagements • www.linkedin.com/in/cyberjt [www.linkedin.com/in/cyberjt] • www.malsec.com.au [www.malsec.com.au ] Host: • Jayne Gurton, Law Institute of Victoria • podcasts@liv.asn.au [podcasts@liv.asn.au] | https://www.linkedin.com/company/law-institute-of-victoria [https://www.linkedin.com/company/law-institute-of-victoria] Episode Overview: Securing a law firm from cyber attacks must take into account not just technology, but the physical environment as well. In this episode, penetration testing expert James Thompson explains what really happens when an organisation hires a pen tester and how cyber breaches can come through the front door as well as a link in an email. The discussion unpacks penetration testing, red team engagements and social engineering attacks, with practical examples from professional services environments. Listeners will learn how ethical hackers exploit human behaviour, why organisations often fall within minutes of an initial breach and what law firms can do right now to reduce their attack surface. Topics & Timestamps: • 02:04 What is penetration testing • 04:40 Common vulnerabilities in office environments • 08:49 Real-world social engineering scenarios • 11:14 What happens after initial network access • 13:48 Practical steps firms can take immediately • 15:20 Choosing a penetration testing provider • 17:20 Emerging cyberthreats and AI-enabled attacks Key Takeaways: • Penetration testing combines technical skill with human manipulation to mirror real cyber attacks • Front desks, unlocked doors and helpful staff are common breach points • Many organisations are compromised within 15 to 30 minutes of initial access • Multi-factor authentication and reducing attack surface significantly raise the barrier • Not all vendors offering pen tests deliver genuine human-led testing • Regular testing and staff awareness are essential parts of cyber risk management Resources & Links: • Law Institute of Victoria cyber security resources – Practical guidance for legal practices | https://www.liv.asn.au/web/resource_knowledge_centre/cybersecurity-hub/web/content/resource_knowledge_centre/cybersecurity-hub.aspx [https://www.liv.asn.au/web/resource_knowledge_centre/cybersecurity-hub/web/content/resource_knowledge_centre/cybersecurity-hub.aspx ] • Law Institute Journal – Cyber risk and legal practice coverage | https://www.liv.asn.au/web/law_institute_journal_and_news/web/lij/year/2025/02february/law_firms_and_cyber_risk.aspx | https://www.liv.asn.au/web/search_results_page.aspx?search=cyber [https://www.liv.asn.au/web/law_institute_journal_and_news/web/lij/year/2025/02february/law_firms_and_cyber_risk.aspx | https://www.liv.asn.au/web/search_results_page.aspx?search=cyber] • Australian Cyber Security Centre – Guidance for professional services | https://www.cyber.gov.au [https://www.cyber.gov.au] • Malware Security – Penetration testing and red team services | https://malsec.com.au [https://malsec.com.au] • Australian Signals Directorate Essential Eight – Baseline cyber security controls | https://www.cyber.gov.au/resources-business-and-government/essential-cybersecurity/essential-eight [https://www.cyber.gov.au/resources-business-and-government/essential-cybersecurity/essential-eight] About This Podcast Cross-Examined is a new podcast from the Law Institute of Victoria. Tune in to hear experts discuss hot topics in the law and the changes shaping the legal profession. Regular episodes will cover everything from AI and cyber threats to ethical dilemmas, workplace taboos and practice management insights. This podcast is recorded on the traditional lands of the Wurundjeri people of the Kulin Nation. The Law Institute of Victoria acknowledges the Traditional Custodians of Country across Australia. We pay our respects to Elders past and present. Disclaimer This podcast is for informational purposes only and is not intended to replace professional legal advice. The views expressed in this podcast do not necessarily reflect the views of the Law Institute of Victoria (LIV). The LIV is not responsible for any losses, damages or liabilities that may arise from the use of this podcast. Listeners should seek independent legal advice for their matters. Production Information • Produced by: The Law Institute of Victoria • Producer and audio editor: Garreth Hanley • Music: Garreth Hanley • Copy and show notes: Louise Surette Connect With Us Email: podcasts@liv.asn.au [podcasts@liv.asn.au] Website: https://liv.asn.au [https://liv.asn.au] LinkedIn: https://www.linkedin.com/company/law-institute-of-victoria [https://www.linkedin.com/company/law-institute-of-victoria] Apple Podcasts: https://podcasts.apple.com/au/podcast/cross-examined/id1858765728 [https://podcasts.apple.com/au/podcast/cross-examined/id1858765728] Spotify: https://open.spotify.com/show/0zvyk5xia4wYv9YWcXphgV [https://open.spotify.com/show/0zvyk5xia4wYv9YWcXphgV] Mentioned in this episode: 2026 Legal Forum advert Legal Forum 2026: Discover the forum where lawyers come to connect, be inspired and stay ahead. The Law Institute of Victoria’s flagship, full-day conference brings ideas, leading experts and the profession together to learn, connect and shape the future of legal practice. Wednesday 10 June | Pullman Melbourne on the Park | https://www.liv.asn.au/legalforum

Cybersecurity misconduct risks for Victorian lawyers

Episode Summary: Victorian lawyers are now being held to a minimum cybersecurity standard, and failure can lead to professional misconduct findings. This episode examines cybersecurity professional misconduct risks, what regulators expect in practice and how new privacy and ransomware laws raise the stakes for every firm, big or small. Guest: • Simone Herbert-Lowe, founder, Law & Cyber • Professional indemnity specialist with more than 30 years of legal experience • Expert at the intersection of cyber risk and legal professional responsibility • https://www.linkedin.com/in/simone-herbert-lowe/ [https://www.linkedin.com/in/simone-herbert-lowe/] • https://www.lawandcyber.com.au [https://www.lawandcyber.com.au] Host: • Jayne Gurton, Law Institute of Victoria • podcasts@liv.asn.au [podcasts@liv.asn.au] | https://www.linkedin.com/company/law-institute-of-victoria [https://www.linkedin.com/company/law-institute-of-victoria] Episode Overview: Cyber risk has moved from an abstract IT issue to a core professional responsibility for Victorian lawyers. In this episode, we examine cybersecurity professional misconduct through the lens of recent court decisions, regulatory guidance and real-world claims experience. Simone Herbert-Lowe explains how the “reasonable practitioner” standard is being applied in 2026, why human behaviour remains the weakest link in law firm security, and how small and mid-sized practices are often more exposed than large firms. The discussion also unpacks the VLSB+C minimum cybersecurity expectations, the expanded reach of the Privacy Act through AML/CTF obligations, and the impact of new laws on ransomware reporting and serious invasions of privacy. Listeners will gain practical guidance on what compliance looks like in day-to-day legal practice and where to focus limited time and resources. Topics & Timestamps: • 00:12 Why cybersecurity failures can now amount to professional misconduct • 01:25 Recent court cases shaping cyber risk expectations • 04:44 Why small firms are attractive cyber targets • 06:48 Behavioural breaches and human error in law firms • 09:26 The “reasonable practitioner” standard in 2026 • 12:38 Cloud services, offshore data and Privacy Act obligations • 14:21 Ransomware reporting and the statutory privacy tort • 16:29 Practical actions firms should take this week Key Takeaways: • Cybersecurity failures can now trigger findings of unsatisfactory professional conduct or misconduct. • Small and sole practices are as at risk as large firms. • Human behaviour, not technology, is behind many serious breaches. • The VLSB+C minimum cybersecurity expectations set a clear baseline for Victorian lawyers. • Privacy Act obligations can apply regardless of firm size through AML/CTF requirements. • Principals must be able to demonstrate practical, documented cyber controls. Resources & Links: • LIV Cybersecurity Hub – Practical guidance and resources for Victorian practitioners | https://www.liv.asn.au/cybersecurityhub [https://www.liv.asn.au/cybersecurityhub ] • VLSB Minimum Cybersecurity Expectations – Regulator guidance setting baseline standards | https://lsbc.vic.gov.au/sites/default/files/2024-02/VLSB%2BC_Minimum_Cybersecurity_Expectations.pdf [https://lsbc.vic.gov.au/sites/default/files/2024-02/VLSB%2BC_Minimum_Cybersecurity_Expectations.pdf ] • Australian Information Commissioner v Australian Clinical Labs Limited [2025] FCA 1224 – Federal Court decision on privacy and cyber breaches | https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/FCA/2025/1224.html [https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/FCA/2025/1224.html] • ASIC v FIIG Securities Limited [2026] FCA 92 – Cybersecurity governance and regulatory enforcement | https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/FCA/2026/92.html [https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/FCA/2026/92.html] • Mobius Group Pty Ltd v Inoteq Pty Ltd** \[2024\] WADC 114 District Court of Western Australia, decided 20 December 2024 https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/wa/WADC/2024/114.html [https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/wa/WADC/2024/114.html] • Ransomware payment reporting factsheet – Department of Home Affairs guidance | https://www.homeaffairs.gov.au/cyber-security-subsite/files/factsheet-ransomware-payment-reporting.pdf [https://www.homeaffairs.gov.au/cyber-security-subsite/files/factsheet-ransomware-payment-reporting.pdf] • OAIC guidance on statutory privacy tort – Overview of serious invasions of privacy | https://www.oaic.gov.au/privacy/your-privacy-rights/more-privacy-rights/statutory-tort-for-serious-invasions-of-privacy [https://www.oaic.gov.au/privacy/your-privacy-rights/more-privacy-rights/statutory-tort-for-serious-invasions-of-privacy] • Australian Privacy Principles: https://www.oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-guidelines [https://www.oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-guidelines] About This Podcast Cross-Examined is a new podcast from the Law Institute of Victoria. Tune in to hear experts discuss hot topics in the law and the changes shaping the legal profession. Regular episodes will cover everything from AI and cyber threats to ethical dilemmas, workplace taboos and practice management insights. This podcast is recorded on the traditional lands of the Wurundjeri people of the Kulin Nation. The Law Institute of Victoria acknowledges the Traditional Custodians of Country across Australia. We pay our respects to Elders past and present. Disclaimer This podcast is for informational purposes only and is not intended to replace professional legal advice. The views expressed in this podcast do not necessarily reflect the views of the Law Institute of Victoria (LIV). The LIV is not responsible for any losses, damages or liabilities that may arise from the use of this podcast. Listeners should seek independent legal advice for their matters. Production Information • Produced by: The Law Institute of Victoria • Producer and audio editor: Garreth Hanley • Music: Garreth Hanley • Copy and show notes: Louise Surette Connect With Us Email: podcasts@liv.asn.au [podcasts@liv.asn.au] Website: https://liv.asn.au [https://liv.asn.au] LinkedIn: https://www.linkedin.com/company/law-institute-of-victoria [https://www.linkedin.com/company/law-institute-of-victoria] Apple Podcasts: https://podcasts.apple.com/au/podcast/cross-examined/id1858765728 [https://podcasts.apple.com/au/podcast/cross-examined/id1858765728] Spotify: https://open.spotify.com/show/0zvyk5xia4wYv9YWcXphgV [https://open.spotify.com/show/0zvyk5xia4wYv9YWcXphgV] Mentioned in this episode: 2026 Legal Forum advert Legal Forum 2026: Discover the forum where lawyers come to connect, be inspired and stay ahead. The Law Institute of Victoria’s flagship, full-day conference brings ideas, leading experts and the profession together to learn, connect and shape the future of legal practice. Wednesday 10 June | Pullman Melbourne on the Park | https://www.liv.asn.au/legalforum

The psychology behind scams – why cybersecurity is about people, not tech

Episode Summary: Most cyber breaches are not technology failures. They are psychological successes. In this episode, cybersecurity psychology takes centre stage as Dr James Carlopio explains how scammers exploit human instinct, habit and urgency, and what lawyers can do to build safer cyber cultures. Guest: * Dr James Carlopio, psychologist and co-founder, Cultural Cyber Security * PhD in organisational psychology * Expert in cyber psychology, social engineering and cultural approaches to cyber risk * https://au.linkedin.com/in/jamescarlopio [https://au.linkedin.com/in/jamescarlopio] * https://www.culturalcybersecurity.com/james-carlopio-ccs [https://www.culturalcybersecurity.com/james-carlopio-ccs] Host: * Jayne Gurton, Law Institute of Victoria * podcasts@liv.asn.au [podcasts@liv.asn.au] | https://www.linkedin.com/company/law-institute-of-victoria [https://www.linkedin.com/company/law-institute-of-victoria] Episode Overview: Cybersecurity psychology explains why most breaches occur even in organisations with strong technical controls. In this episode, Dr James Carlopio explores how social engineering, phishing scams and AI-driven deepfakes exploit hardwired human instincts rather than technical weaknesses. Drawing on real-world examples, James explains why awareness alone is not enough, and why behaviour change requires skills, repetition and cultural leadership. Legal practitioners will gain practical insights into reducing cyber risk through everyday habits, verification practices and leadership role modelling, with a focus on making cybersecurity personal, relevant and embedded in day-to-day legal practice. Topics & Timestamps: * 00:04 Why cybersecurity failures are mostly human, not technical * 01:47 Why law firms are attractive targets for scammers * 03:31 Common scam tactics targeting lawyers and legal staff * 05:25 Psychological principles criminals exploit * 06:44 Deepfakes, voice cloning and verification strategies * 09:09 Why old confidence scams still work * 10:24 Practical, low-cost cyber prevention strategies * 13:36 Emerging threats and AI-driven scam campaigns * 16:20 Simple actions listeners can take immediately Key Takeaways: * Most cyber breaches succeed by exploiting human behaviour rather than technical gaps * Law firms are high-value targets because of money movement and sensitive data * Social engineering relies on urgency, habit and trust * Awareness alone does not build cyber resilience * Practical skills and regular practice reduce risk more than one-off training * Leadership behaviour and culture drive cybersecurity outcomes Resources & Links: * LIV Cybersecurity Hub – Practical guidance and resources for Victorian legal practitioners | https://www.liv.asn.au/cybersecurityhub [https://www.liv.asn.au/cybersecurityhub] * Law Institute Journal: Cybersecurity and phishing risks – Analysis and guidance for legal practices | https://www.liv.asn.au/lij [https://www.liv.asn.au/lij] * Office of the Australian Information Commissioner – Notifiable Data Breaches reports | https://www.oaic.gov.au/privacy/notifiable-data-breaches [https://www.oaic.gov.au/privacy/notifiable-data-breaches] * Cultural Cyber Security – Insights on cyber psychology and behaviour change | https://www.culturalcybersecurity.com [https://www.culturalcybersecurity.com/] About This Podcast: Cross-Examined is a new podcast from the Law Institute of Victoria. Tune in to hear experts discuss hot topics in the law and the changes shaping the legal profession. Regular episodes will cover everything from AI and cyber threats to ethical dilemmas, workplace taboos and practice management insights. This podcast is recorded on the traditional lands of the Wurundjeri people of the Kulin Nation. The Law Institute of Victoria acknowledges the Traditional Custodians of Country across Australia. We pay our respects to Elders past and present. Disclaimer: This podcast is for informational purposes only and is not intended to replace professional legal advice. The views expressed in this podcast do not necessarily reflect the views of the Law Institute of Victoria (LIV). The LIV is not responsible for any losses, damages or liabilities that may arise from the use of this podcast. Listeners should seek independent legal advice for their matters. Production Information: * Produced by: The Law Institute of Victoria * Producer and audio editor: Garreth Hanley * Music: Garreth Hanley * Copy and show notes: Louise Surette Connect With Us: * Email: podcasts@liv.asn.au [podcasts@liv.asn.au] * Website: https://liv.asn.au [https://liv.asn.au/] * LinkedIn: https://www.linkedin.com/company/law-institute-of-victoria [https://www.linkedin.com/company/law-institute-of-victoria] * Apple Podcasts: https://podcasts.apple.com/au/podcast/cross-examined/id1858765728 [https://podcasts.apple.com/au/podcast/cross-examined/id1858765728] * Spotify: https://open.spotify.com/show/0zvyk5xia4wYv9YWcXphgV [https://open.spotify.com/show/0zvyk5xia4wYv9YWcXphgV] Mentioned in this episode: 2026 Legal Forum advert Legal Forum 2026: Discover the forum where lawyers come to connect, be inspired and stay ahead. The Law Institute of Victoria’s flagship, full-day conference brings ideas, leading experts and the profession together to learn, connect and shape the future of legal practice. Wednesday 10 June | Pullman Melbourne on the Park | https://www.liv.asn.au/legalforum