Introducing Turnbull Hill Lawyers
Turnbull Hill Lawyers is a leading law firm who have been providing professional legal services to the people and businesses of the Newcastle, Hunter and Central Coast Regions, Sydney and other parts of NSW, since 1969.
With a team of over 40 staff, Turnbull Hill Lawyers are committed to providing the highest possible level of professional advice, and pride themselves on giving friendly, personal service.
Technology plays a critical role in the way Turnbull Hill Lawyers service their clients, and with associated cybersecurity threats moving at an unprecedented pace, the team have always looked to ensure their internal processes and cybersecurity practices are ahead of the game and that their customers’ data is secure.
In previous years, Turnbull Hill Lawyers had experienced firsthand how unsecure system passwords, and legacy IT misconfiguration, could leave them exposed to brute force cyber attacks.
Although the two attacks experienced by Turnbull Hill did not result in the loss of any data or breach of client confidentiality, they were a learning experience for the team in both business disruption and financial loss. To protect their firm from future attacks, they proactively engaged Diamond IT to run a comprehensive review on internal systems, processes, and cybersecurity defences.
The review identified areas of potential weakness to address, including a recommendation to train all employees in cybersecurity awareness. At the time, the threat landscape of the Australian legal industry was significantly changing, and the team at Turnbull Hill Lawyers acknowledged reports that indicated cyber criminals were moving toward targeting people rather than systems.
Continuous education is held in high regard for the team, and while cyber security training was part of the induction process, they wanted to make certain that their employees were properly equipped with the knowledge and tools they needed to identify and respond to cyber threats.
Melissa Burrows, Operations Manager of Turnbull Hill Lawyers, sought professional advice from Diamond IT’s Business Technology Consulting team about the best way to educate their staff and keep their systems and data safe.
Working collaboratively with the Turnbull Hill Lawyers team, Diamond IT started the process with face-to-face training to all employees, with a focus on identifying the current threats targeting the legal sector.
Following this, Diamond IT implemented monthly online cybersecurity awareness training modules, offering continuous education around topics such as ransomware awareness, the Australian Notifiable Data Breach Scheme, mobile scams, and working remotely.
“The monthly reports from Diamond IT provide a really good snapshot of how we are travelling with our cybersecurity strategy, including the visibility to target any areas of concern.” – Melissa Burrows, Operations Manager.
Diamond IT also rolled out simulated phishing email attacks to test the team’s ability to identify and report potential threats. A customised “Phish Alert” reporting tool was installed on all employee computers, which empowered the team to report any suspicious emails with one simple click. The ‘Phish Alert’ button reported all suspicious emails to the Diamond IT technical services team for analysis and blocking, and where the email was in fact a simulated test, employees were congratulated with an instant message to acknowledge that they had passed the test.
From the training modules and simulated attacks, monthly cybersecurity reports are generated to identify how the teams cyber safe habits were improving, who have not yet completed the training, and which team members have not successfully passed the simulated attacks.
“Diamond IT’s cybersecurity awareness training keeps cybersecurity front of mind for our employees and demonstrates how serious we are as a firm in preventing cyber attacks and protecting our clients’ data.”
The Outcome – “Cybersecurity is not just the IT team’s problem”
- To date, the Turnbull Hill Lawyers team have reported over 300 suspicious emails using the “Phish Alert” button.
- Of these, 50% were real malicious email attempts.
- With the help of Diamond IT’s training program and new internal processes implemented, the “Phish Alert” button provided a ‘self service’ option for employees to report suspicious emails, which allowed Turnbull Hill Lawyers internal IT capacity to focus on their core deliverables.
- The increased levels of cybersecurity awareness within the team ensures that safe cybersecurity behaviour, and the protection of sensitive client data remains front of mind for their employees.
- The cybersecurity awareness training allowed a cultural shift and an increase in accountability.
How we can support your cybersecurity defences
Cybersecurity Awareness Training
Cybersecurity Awareness Training educates you and your staff in the threats and attacks you are subjected to every day. Using multiple platforms, we guide you through the minefield that is Cyber and Data security and ensure you have the tools and experience to keep your organisations' systems and data safe.
Business Technology Consulting and Training
With Diamond IT… it’s personal. You're not "just a number". Our Business Analysts get to know you. They immerse themselves in your business to deeply understand how you operate. So, they get to understand what you’re trying to achieve and why…
Cybersecurity and Data Protection
Today, more than ever, you need to secure your network to keep your operations going, keep your data safe and most importantly keep your customers' private information safe.
IT Disaster Recovery Planning
Disaster doesn't strike often, but when it does the impacts can be significant.
You need to minimise the effect on your business operations, and your ability to service your customers during and after the event.