• Technology
  • June 17, 2020

Cyber Threats – what are your business's obligations around hacking prevention?

As you will no doubt be aware, over the past few days there has been a worldwide cyber-attack which has included a cyber-attack on the NHS. Justice Secretary Michael Matheson said more than 120 public bodies were being contacted to ensure their defences were adequate. NHS systems were expected to be recovered by Monday and that patients with appointments should attend as planned. The cyber-attackers used ransomware called WannaCry. The cyber-attack was caused by a simple email attachment, which when opened contained a virus. Anti-virus software will not often pick up these viruses as antivirus companies can only protect against viruses once they know about them. This means that there will be a period of time between the viruses being released and anti-virus software being updated where businesses will be exposed when a new virus is released. Security experts have warned that more attacks are imminent. In this blog, we consider your legal obligations in relation to cyber-attacks and what you can do as a business to help protect from future attacks. Government Survey Chris Baraniuk of the BBC has reported that nearly half (46%) of British businesses discovered at least one cyber security breach or attack in the past year, a government survey has indicated. That proportion rose to two-thirds among medium and large companies. Most often, these breaches involved fraudulent emails being sent to staff or security issues relating to viruses, spyware or malware. The government survey reported that a sizeable proportion of the businesses still did not have the basic protections in place. Legal obligations Paragraph 7, Part I, Schedule 1, Data Protection Act 1998 (DPA 1998) states that organisations that process personal data must take "appropriate technical and organisational measures" to protect that data against unauthorised or unlawful processing and against accidental loss or destruction of or damage to personal data. A cyber-attack would be considered to be a data security breach covered by the Seventh Principle. There is no definition of what constitutes "appropriate technical and organisational measures" and there is no one size fits all solution for any business. Security measures must, however, be put in place by businesses and businesses must assess their risk in relation to data security breaches. Practical steps At a very basic level, businesses should remind their employees to be vigilant in opening emails and attachments from unknown sources. Employees should be reminded to consider whether they are expecting the email, whether they know the sender and whether they are expecting the email/documents. Employees should be reminded that if in doubt they should not open the attachments or emails and send to their IT department for review. Businesses should carry out risk assessments on their business to look at how they can protect from cyber-attacks. The National Cyber Security Centre has published a guidance note on how to protect your business. Businesses should set up a cyber protection policy and appoint representatives on their boards and in management teams to manage risk from cyber-attacks.   Annelie Carver, Corporate and Software LawBrief. For further information on your legal obligations surrounding data security, you can consult with Annelie or any other of our Technology specialists by submitting a legal enquiry here.

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.



Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By LawBite Team
  • April 01, 2022
3 ways to protect your business from cyber security threats

Cyber security threats, including cyberattacks, phishing attacks, and ransomware attacks have increased markedly since 2020. As the workforce began...


Security
blog image
  • By LawBite Team
  • April 01, 2022
How to coordinate a cyber incident response plan

If you own a business the question of whether you will suffer a cyber incident is not one of ‘if’ but ‘when’. In the 12 months from March 2020/21 f...


Security
blog image
  • By LawBite Team
  • March 31, 2022
How to protect your business from phishing emails

The average office worker receives 121 emails per day. This, along with the fact that criminals are getting smarter, means phishing emails are beco...


Security

LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Talk to a Lawyer

Book a Call
defend a claim

Essentials Plan

Join for Free