Home / Checklists / Law firm cyber security incident response checklist
AU · Firm Management

Law firm cyber security incident response checklist

Law firms hold sensitive client data and are targets for ransomware, BEC, and phishing. This checklist is for firms responding to a suspected cyber security incident.

In short

This is a 12-step cyber security incident response checklist for Australian law firms. It covers detection, containment, notification, and recovery.

Run this checklist with Quillio — free trial
12-step checklist

The checklist

1

Activate incident response plan

Activate the firm's incident response plan and notify the response team.

2

Preserve evidence

Preserve logs, disk images, and affected systems before containment.

3

Contain the incident

Isolate affected systems from the network to prevent lateral spread.

4

Engage IT forensics

Engage internal or external forensic experts to identify scope.

5

Notify cyber insurer

Notify the cyber insurer within the policy notification period.

6

Assess data compromise

Identify what personal, client, and confidential data has been accessed or exfiltrated.

7

Assess privacy breach obligations

Assess whether the Notifiable Data Breaches scheme is triggered.

Privacy Act 1988 (Cth) pt IIIC
8

Notify OAIC if required

Notify the OAIC and affected individuals within 30 days of becoming aware.

Privacy Act 1988 (Cth) s 26WL
9

Notify clients

Notify affected clients of the incident and any impact on their matters.

10

Notify law society

Consider notifying the law society or legal regulator if client trust funds are affected.

11

Recover systems

Restore systems from clean backups and verify integrity.

12

Conduct post-incident review

Conduct a post-incident review and update the incident response plan.

When to use

When this checklist applies

Use immediately when a cyber incident is detected or suspected.

Common pitfalls

  • Containment before evidence preservation
  • Insurance notification missed
  • Data scoping rushed
  • OAIC notification deadline missed
  • Backups not verified before recovery
Use with Quillio

Run this checklist on a real matter

Quillio can help assess privacy breach obligations and prepare OAIC notification. See /practice-areas/firm-management or start a free trial.

General guidance for cyber incident response. Apply specific firm IR plan and regulatory obligations.

Use this checklist on your matter.

Quillio can run this checklist on a specific NSW conveyancing matter — confirm each item, calculate adjustments, and generate the supporting documents. The free trial requires no credit card.

Start your free trial