Posts by John Reeman
AML Tranche 2 and Cybersecurity: Same Problem, Different Regulator
Australian law firms are spending serious time and money preparing for AML Tranche 2. And they should be. The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 brings legal practitioners, conveyancers, accountants, and real estate agents into the AML/CTF regime for the first time. Commencement is 1 July 2026. AUSTRAC enrolment opens 31 March.…
READ MORE >>First 24 Hours Post-Breach: Key to Your Firm’s Next Year
Your Firm’s First 24 Hours After a Breach Will Define the Next 12 Months In every incident I’ve worked, from compromised email accounts at mid-tier firms to full-scale ransomware events at national practices, one pattern holds. The quality of the first 24 hours determines the trajectory of the following twelve months. Insurance outcomes, client relationships,…
READ MORE >>Fractional Security Leadership: The vCISO Model for Law Firms
The security questionnaire from your largest client just landed. It’s 200 questions. Your IT provider can answer maybe 40 of them. The rest require someone who understands your firm’s risk posture, not just your firewall configuration.
“We don’t need a full-time CISO. We just need someone who knows what they’re doing.”
Penetration Testing for Law Firms: What to Expect and Why It Matters
“We got into your trust account in 2 hours.”
The managing partner’s face shifted through several expressions — disbelief, concern, and finally something like relief that this was a test rather than an actual attack.
The penetration test we’d just completed for his firm revealed what many law firm security assessments reveal: the gap between security policy and security reality.
On paper, the firm had reasonable controls. Antivirus on all workstations. Firewall protecting the network. A password policy requiring complexity. Cyber insurance in place.
In practice, a straightforward phishing attack, combined with credential reuse and missing multi-factor authentication, created a path from external attacker to trust account access in just over two hours.
This is why penetration testing matters.
READ MORE >>Mobile Forensics for Litigation: What’s Actually Recoverable From a Smartphone
Mobile phones are often the most valuable source of evidence in modern litigation. They contain communications, location data, financial records, and user activity that no other source captures.
But mobile evidence is also fragile, time-sensitive, and technically complex to extract properly.
The firms that get mobile forensics right start early, engage specialists, and treat mobile devices with the same evidentiary seriousness as documents and emails.
READ MORE >>Why Every Law Firm Needs a Tabletop Exercise
It’s 9:47am on a Tuesday. Your practice manager calls—staff can’t access the document management system. Then the ransom note appears.
Who makes the call on whether to pay? Who tells clients their matters may be compromised? Who’s calling the insurer, the OAIC, the police?
If your firm hasn’t answered these questions before the pressure hits, you’ll be making critical decisions on the fly. That’s where tabletop exercises come in.
READ MORE >>Digital Forensics for Law Firms: What It Actually Involves (And Why It Matters)
“We need to know what they took.”
Seven words that change everything in a data breach investigation.
When a law firm discovers unauthorised access, the first question is rarely “how did they get in?” It’s “what did they see?”
That question has regulatory implications. Client implications. Insurance implications.
Digital forensics answers it.
READ MORE >>What Can Be Recovered From an iPhone in a Forensic Investigation
When an iPhone becomes central to a legal matter—employment dispute, family law, commercial litigation—clients often ask the same question: what can actually be recovered?
The answer depends on the device, how it’s been used since the relevant events, and the extraction method available. But in many cases, significantly more can be recovered than people expect.
READ MORE >>The First 72 Hours: What Really Happens When a Law Firm Gets Breached
It’s 11:47pm on a Friday. A managing partner’s name lights up your phone.
“Something’s wrong. The system’s locked us out. There’s a message on the screen demanding Bitcoin.”
In that moment, everything changes.
I’ve taken that call more times than I’d like to count. And in almost every case, the difference between a manageable incident and a catastrophic one comes down to what happens in the next 72 hours.
Not the next week. Not when the insurance company finally assigns a response team.
READ MORE >>Welcome to the “Cybersecurity Loop” Edition #17
🎄 Ho Ho Ho! 🎄 Welcome to the festive edition of the cybersecurity loop! Quick heads up — I’m building something new for 2026. It’s called “The Reluctant CISO”: a private community for legal sector leaders who’ve inherited cybersecurity responsibility without the title, training, or team. If that sounds familiar, keep an eye out.…
READ MORE >>