• Technology
  • May 16, 2017

Cyber Threats – what are your business's obligations around hacking prevention?

By Lawbite Team

Talk to a Lawyer Free Legal Help
As you will no doubt be aware, over the past few days there has been a worldwide cyber-attack which has included a cyber-attack on the NHS. Justice Secretary Michael Matheson said more than 120 public bodies were being contacted to ensure their defences were adequate. NHS systems were expected to be recovered by Monday and that patients with appointments should attend as planned. The cyber-attackers used ransomware called WannaCry. The cyber-attack was caused by a simple email attachment, which when opened contained a virus. Anti-virus software will not often pick up these viruses as antivirus companies can only protect against viruses once they know about them. This means that there will be a period of time between the viruses being released and anti-virus software being updated where businesses will be exposed when a new virus is released. Security experts have warned that more attacks are imminent. In this blog, we consider your legal obligations in relation to cyber-attacks and what you can do as a business to help protect from future attacks. Government Survey Chris Baraniuk of the BBC has reported that nearly half (46%) of British businesses discovered at least one cyber security breach or attack in the past year, a government survey has indicated. That proportion rose to two-thirds among medium and large companies. Most often, these breaches involved fraudulent emails being sent to staff or security issues relating to viruses, spyware or malware. The government survey reported that a sizeable proportion of the businesses still did not have the basic protections in place. Legal obligations Paragraph 7, Part I, Schedule 1, Data Protection Act 1998 (DPA 1998) states that organisations that process personal data must take "appropriate technical and organisational measures" to protect that data against unauthorised or unlawful processing and against accidental loss or destruction of or damage to personal data. A cyber-attack would be considered to be a data security breach covered by the Seventh Principle. There is no definition of what constitutes "appropriate technical and organisational measures" and there is no one size fits all solution for any business. Security measures must, however, be put in place by businesses and businesses must assess their risk in relation to data security breaches. Practical steps At a very basic level, businesses should remind their employees to be vigilant in opening emails and attachments from unknown sources. Employees should be reminded to consider whether they are expecting the email, whether they know the sender and whether they are expecting the email/documents. Employees should be reminded that if in doubt they should not open the attachments or emails and send to their IT department for review. Businesses should carry out risk assessments on their business to look at how they can protect from cyber-attacks. The National Cyber Security Centre has published a guidance note on how to protect your business. Businesses should set up a cyber protection policy and appoint representatives on their boards and in management teams to manage risk from cyber-attacks.   Annelie Carver, Corporate and Software LawBrief. For further information on your legal obligations surrounding data security, you can consult with Annelie or any other of our Technology specialists by submitting a legal enquiry here.

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By Lawbite Team
  • August 05, 2021
Business Software and IT Agreements, how do they work?

As a business owner, you may want to enlist the help of IT providers and software developers to design technology and software programs for your bu...

blog image
  • By Lawbite Team
  • April 27, 2020
COVID-19 - UK Government Support to Help SMEs

This is certainly a unique time that business owners are facing throughout the UK, and the rest of the world. The Chancellor of the UK Government, ...

Funding, In The News, Finance, Coronavirus
blog image
  • By Lawbite Team
  • December 05, 2019
The LawBite App is here!

Technology's disruption of traditional service sectors continues at speed, increasing the need for service sectors to adapt and respond with agilit...

Technology, Startups, In The News

LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Talk to a Lawyer

Book a Call
defend a claim

Essentials Plan