Reducing the threat of a cyber-attack
NASA, Cathay Pacific, British Airways and Marriott are just some of the organisations that have suffered high profile cyber-attacks. Businesses face a multitude of challenges but arguably one of the most testing challenges is evading a cyber-attack. Fallout from such an attack can have shattering consequences for a business and it is therefore imperative that organisations have the correct tools at their disposal to combat, counter and diminish the impact of an attack before it is too late.
It is becoming more important than ever for businesses to have robust defences in place to reduce the risk of being struck by a cyber-attack. In the event that an organisation is hit by a cyber-attack, it’s essential that they know how to limit the damage and ensure that the business can operate as normal. How can I reduce the threat or impact of a cyber-attack on my business?
The best step any business can take to protect itself from a cyber-attack is to put preventative measures in place before the attack occurs.
Some best practices include:
- Downloading the latest security software for your business
- Be aware of email addresses you do not recognise and watch out for suspicious links
- Ensuring files and documents are backed up remotely
However, businesses need to act smarter to fully commit to reducing the risk of a cyber-attack. An example of doing so is for a business to implement policies, so that there is a framework of what measures to take in the event of a cyber-attack and how they can be prevented in the first place.
Recommended policies include:
- IT Security Policy – The policy should include information for staff on how to protect IT equipment, ensure data is encrypted and provide details on what action to take in the event of a breach.
- IT and Communications Policy – This policy should clearly set out the prohibited uses of the business’s IT systems;
- Disciplinary Policy – This should set out the consequences and seriousness of employees breaching the confidentiality provisions of their employment contracts; and
- Whistleblowing/Grievance Policy – This will allow staff members to properly communicate their concerns on cybersecurity (or any other issue) to management.
That being said a common weakness for many businesses - regardless of the technology, defences and policies the business puts in place - is human error. Human error inevitably costs businesses money, time, resources and sometimes their reputation. This is through mistakes and not following company policies and procedures correctly.
Therefore, businesses should:
- Educate employees about the business’s security policies
- Educate employees about what to do to prevent cybersecurity risks from emerging and, if they do emerge, what steps should be taken to mitigate the risks
- Hold regular training workshops and refresher sessions
- Ensure robust confidentiality provisions are inserted into all employee contracts in relation to the business’s data and that of its customers, suppliers and partners
What impact will a cyber-attack have on my business?
The effects of a cyber-attack can be wide-ranging. Each organisation is unique in terms of the impact of an attack, but there are similar themes across various sectors and industries.
The common effects of a cyber-attack can include:
- The business suffering from day-to-day operational disruption
- Damage to the business’s reputation
- Potentially losing the value of customer and supplier relationships in the wake of the attack
- The additional time, cost and resource needed to carry out a full investigation into the attack, how the attack happened and how it can be prevented in future
- The business being forced to implement improved cybersecurity defences to avoid future attacks, which can prove expensive
- Potential for increased insurance premiums as a result of declaring the attack to the business’s insurer
- Potential loss of the business’s intellectual property and other data
How can Verisona Law assist?
At Verisona Law, we can assist you and your business by:
- Preparing robust and compliant internal policies and procedures to be adhered to before, during and after an attack
- Reviewing the business’s existing policies and procedures
- Reviewing current employee contracts and commercial agreements to ensure confidentiality provisions cogently protect the business
- Helping to manage and mitigate the legal and commercial consequences after an attack
- Providing training for employees and senior management
If you would like more information, then please don't hesitate to contact Grant Usher, Associate Solicitor 02392 312058.
- Acting for land owners or property developers in relation to both residential and commercial development projects
- Advising on the structure and content of the legal documentation associated with the sale and acquisition of development sites
- Negotiating section 106 planning agreements
- Negotiation of option agreements and conditional planning agreements
- Plot sales / disposals
Landlord and Tenant
- Advising landlords and tenants in relation to the taking of and the grant of commercial leases of all form of commercial property
- Dealing with subleases of commercial premises
- Dealing with ancillary leasehold documentation such as licences to alter, change of use or licence to sublet
- Advising in relation to variations of leases
- Advising in relation to agreements for leases including development obligations
Real Estate Finance
- Acting for lenders or borrowers in relation to the taking and granting of security over all forms of commercial property
- Acting and advising borrowers in relation to obligations in standard security documentation issued by both corporate and individual lenders
- Perfecting a lenders security over the property at the Land Registry and Companies House
- Dealing with commercial remortgages
- Dealing with variations to existing security or substituted security
- Acting for liquidators, administrators in bankruptcy in the sale of all forms of commercial property
- Acting on and dealing with the sale of property under the Proceeds of Crime Act
- Acting for buyers of commercial property from liquidators, administrators and trustees in bankruptcy
- Acting for sellers or buyers of all forms of commercial investment property
- Advising on the due diligence to be undertaken in connection with the acquisition of investment premises
- Advising in relation to the VAT and TUPE implications arising out of an investment transaction
- Advising buyers in relation to their ongoing liabilities under the individual leases
- Advising on the property aspects arising out of the sale and purchase of businesses
- Advising on the nature and extent of property warranties included within the legal documentation
- Advising and dealing with obtaining the necessary consents for the transfer of any leasehold premises as part of the corporate transaction
Property related Pension Schemes
- Acting for pension providers and individuals in relation to property related pension scheme arrangements
- Advising pension companies in relation to the legal structure of property related schemes
- Carrying out appropriate due diligence in relation to the property aspects of a pension scheme
- Advising on and dealing with issues arising out of the transfer of assets from one pension fund to another
Sales and Acquisition of Commercial Property
- Acting for sellers or buyers in relation to the sale and acquisition of all forms of commercial property