Posts by John Reeman
Why Every Law Firm Needs a Tabletop Exercise
It’s 9:47am on a Tuesday. Your practice manager calls—staff can’t access the document management system. Then the ransom note appears.
Who makes the call on whether to pay? Who tells clients their matters may be compromised? Who’s calling the insurer, the OAIC, the police?
If your firm hasn’t answered these questions before the pressure hits, you’ll be making critical decisions on the fly. That’s where tabletop exercises come in.
READ MORE >>Digital Forensics for Law Firms: What It Actually Involves (And Why It Matters)
“We need to know what they took.”
Seven words that change everything in a data breach investigation.
When a law firm discovers unauthorised access, the first question is rarely “how did they get in?” It’s “what did they see?”
That question has regulatory implications. Client implications. Insurance implications.
Digital forensics answers it.
READ MORE >>What Can Be Recovered From an iPhone in a Forensic Investigation
When an iPhone becomes central to a legal matter—employment dispute, family law, commercial litigation—clients often ask the same question: what can actually be recovered?
The answer depends on the device, how it’s been used since the relevant events, and the extraction method available. But in many cases, significantly more can be recovered than people expect.
READ MORE >>The First 72 Hours: What Really Happens When a Law Firm Gets Breached
It’s 11:47pm on a Friday. A managing partner’s name lights up your phone.
“Something’s wrong. The system’s locked us out. There’s a message on the screen demanding Bitcoin.”
In that moment, everything changes.
I’ve taken that call more times than I’d like to count. And in almost every case, the difference between a manageable incident and a catastrophic one comes down to what happens in the next 72 hours.
Not the next week. Not when the insurance company finally assigns a response team.
READ MORE >>Welcome to the “Cybersecurity Loop” Edition #17
🎄 Ho Ho Ho! 🎄 Welcome to the festive edition of the cybersecurity loop! Quick heads up — I’m building something new for 2026. It’s called “The Reluctant CISO”: a private community for legal sector leaders who’ve inherited cybersecurity responsibility without the title, training, or team. If that sounds familiar, keep an eye out.…
READ MORE >>118 Australian Businesses Hit by Ransomware in 2025 | What Leaders Must Know
According to data tracked by ransomware.live, 118 Australian organisations have already been publicly impacted by ransomware this year. The victims span almost every sector of the economy — airlines, telecommunications providers, medical practices, retailers, manufacturers, professional services, and law firms. The diversity of targets reinforces an uncomfortable truth: no organisation is too small, too regulated,…
READ MORE >>Australian Clinical Labs Case: Lessons in Cyber Response & Communication
The ACL judgment is a valuable reminder that cyber-risk is not just about firewalls, malware signatures or patches. It’s also about how we interpret, act on and communicate the results of our investigations, particularly when external advisors are involved.
READ MORE >>Beyond the Gateway: Why Traditional Email Security Can’t Stop BEC Attacks Targeting M&A Deals and Trust Accounts
Welcome to the world of modern Business Email Compromise (BEC), where the attack vector isn’t a malicious payload, but elaborately constructed deception that exploits the very trust relationships that make business possible.
READ MORE >>The Hidden Battlefield: Why Traditional EDR Leaves Your Identity Layer Exposed
Modern cybersecurity has a blind spot problem. Organisations invest heavily in Endpoint Detection and Response (EDR) solutions, believing they’ve fortified their defences. Yet attackers continue to move laterally through networks, escalating privileges and exfiltrating data often without triggering a single alert. The reason? EDR tools excel at monitoring endpoints, but they fundamentally cannot see what…
READ MORE >>Digital Forensic Evidence Collection for Insider Threat Cases: Legal Guide 2025
Insider threats have fundamentally transformed with the proliferation of cloud computing, remote work arrangements and sophisticated data management systems. Unlike external cyber security breaches, insider threats involve individuals with legitimate system access who misuse their privileges. This creates unique challenges for legal practitioners, as the line between authorised and unauthorised activity can be subtle, requiring careful analysis of digital footprints to establish intent and scope of misconduct.
READ MORE >>