Queensland Law Society

The PEXA hack – new security guidelines and why they are important even to firms which do not use e-conveyancing

In two separate incidents, clients have lost substantial amounts after a conveyancer’s email was compromised and funds diverted by altering payment information on the PEXA platform. PEXA has now introduced new security measures to prevent attacks of a similar nature and all subscribers are strongly advised to implement them.

Although PEXA is not widely used in Queensland, the lessons to be learned affect most law practices.

If you store data in a cloud platform, you should think carefully about the PEXA attack.  Why? PEXA may be very secure, but the overall system was subverted anyway. Even if a cloud provider’s security is excellent, your information can only be ‘in the cloud’ sometimes, and the data is no more secure than the weakest link on the chain it passes through.

What should you do in response?

There are a number of measures. One of the simplest and most effective is to use Multi Factor Authentication wherever it is available (which means most cloud services or networks these days).

It does not cost much to set up, and although it feels slightly inconvenient to use at first the overall security improvement is well worth it.

For a more detailed discussion of the risks and how to use Multi Factor Authentication please see our article on LawTalk or the cyber security web page.

If you are concerned about your firm’s cybersecurity risk but don’t know where to start, QLS will be providing materials and assistance to implement a cyber security programme starting next month. Register your interest by calling the QLS Ethics Centre on 3842 5843.