How prepared is your business in the event of a cyber security breach?

How can cyber attacks affect my business?

As technology becomes more advanced cyber security is becoming something every business needs to consider. A successful cyber attack can have a major effect on your business reputation and the trust of your consumers.

How will my reputation be affected?

Trust from your consumers is essential when growing your business, however a cyber attack can significantly erode that trust and become counterproductive when building your brand. If this happens, this can lead to a loss of customers, a loss of sales, and a reduction in profits amounting from this. Furthermore, affected customers may even consider legal action against your business. Suppliers may also lose trust in your business, and it may even affect relationships within your business such as with other partners or investors.

What about financial loss?

Cyber attacks can result in substantial financial loss arising from:

  • Theft of financial information, such as bank details or payment card details
  • Theft of money held within the business
  • A disruption in trading due to the inability to carry out further online transactions

Furthermore, businesses who have suffered a breach in their cyber security may also incur further costs in repairing affected systems and devices. In the long-run, it is usually cheaper to hire a professional penetration tester to make sure your systems are secure, than it is to repair the damage from a breach!


What are the legal consequences of a cyber security breach?

Under the Data Protection Act you must manage the security of any personal data you hold. Any data that is either accidently or deliberately compromised due to not having appropriate security measures may result in fines and regulatory sanctions. The General Data Protection Regulation (GDPR) is a new regulation coming into force in May 2018 by European Parliament. The aim of this regulation is to give people control over their personal data. Any breach of this regulation can lead to receiving a warning (in cases of first and non-intentional non-compliance), periodic data protection audits, and fines.

How can I prevent cyber breaches?

First and foremost, make sure you invest in some anti-virus and anti-malware software. Make sure that this software remains updated and that you perform regular security scans. If you find anything on your systems that shouldn’t be there, uninstall it or quarantine it using your anti-virus software immediately.

Secondly, ensure that your employees are aware of any cyber security prevention procedures that are in place within the business. Educate them on how to keep their passwords safe (such as not keeping a piece of paper with their passwords at the desk), and not to speak to those outside the business about security. One of the easiest way to breach security is simply to obtain a password or information from an employee.

It may seem obvious, but make sure any passwords used within your business are strong. The easiest way to enter a secure website is to exploit a weak password. In order to create a strong password, make sure it is at least eight characters (or longer!) and includes a combination of numbers, letters and symbols. Try to avoid any words that may relate to you, such as names, dates or locations.

Make sure you take advantage of a two-step verification process for your business accounts. This will offer an extra layer of security as opposed to simply requiring a username and password. Banks are a perfect example of this in that they require a username, password, and often a security number in order to enter your account.

How can I minimise the impact of a cyber attack?

In order to minimise the aftermath of a cyber security breach you should have an incident response plan in place which will allow you to quickly and effectively deal with the breach.

First, contain the breach to mitigate any further damage to your business. In order to do this, make sure you assess how large the breach is and investigate all systems which may have been affected. You may need to reroute network traffic and block web attacks, and it may be necessary to suspend any compromised devices or networks.

Make sure you have personnel qualified to respond to the incident. This will usually comprise of technical employees to investigate the breach, a public relations expert to deal with any damage to your brand, and possibly a data protection expert if any held data has been compromised.

How prepared is your business in the event of a cyber security breach?

Melissa H


This blog post was written by Melissa Henderson. Melissa is a final year MLaw student at Northumbria University currently working in a business & commercial firm in the Student Law Office. After graduating she hopes to return to her volunteering role in South Africa before beginning her career. Her interests outside of law include animal rights and powerlifting.



Studying your reflection

Our students are encouraged to reflect on their experiences in Student Law Office. We believe that reflection is what turns experience into learning, and we are keen to develop our students as ‘reflective practitioners’. In this blog post, Katie reflects on her experience of reflection so far. 


As with any career, personal development is a key aspect of the legal profession.  Reflection allows lawyers to analyse their experiences and improve their practice.  Whilst students in the Student Law Office may find the prospect of writing formal reflections daunting, the benefits of doing so greatly outweigh temporary fears.

Whether it be spontaneous or retrospective, reflection allows us as lawyers to identify our strengths and weaknesses.  Once we start looking at everything we do with a contextual and critical eye, soon we are able to question what went wrong, what went right, or what could have been done to obtain a better outcome.  Did I not plan enough?  Was I unprepared and caught off-guard?  Did I plan too much? Was I inflexible and not adapting to the client’s needs?

Talking to others

Reflection does not have to be a sole activity, especially at the start of your legal career.  Whilst it is important to be able to analyse your own experiences, it is also beneficial to bounce ideas off your peers.  Have they done something that you did not? Would you have approached something differently?  How was their outcome different to yours?  Reflection is all about learning from a variety of situations so you can deal with and adapt to unfamiliar scenarios in the future.  Consulting with others simply broadens that pool of experience.

Reflecting as a group can also stretch the boundaries of your own beliefs.  Alternative  opinions will challenge your own thinking and values.  It can introduce you to methods of practice that you had never considered before and also promote tolerance and empathy.  For example, speaking to a peer about different experiences could provide insight into a client’s behaviour.  Where you might have thought a client was acting unreasonably, a colleague may be able to help you consider their position from a different perspective.  This is especially important in a time of constant cultural change.

How does it benefit our careers?

Reflection is something we will be expected to do all through our legal careers. Starting early in the Student Law Office means we are able to develop these skills and step into a firm ahead of the game.  Not only that, but by nurturing our ability to reflect we are able to take so much more away from university.  There are countless opportunities for self-improvement during higher education that would go unnoticed if we did not take time to reflect on them.  Being reflective practitioners teaches persistence and hones our ability to think on our feet.  Over time we establish strategies of dealing with the unexpected, utilising our range of legal skills, and evaluating alternative methods to produce better results.  Reflection is an ongoing process; a constant mission for self-improvement.  Working in the Student Law Office facilitates our personal growth and ensures that we are the choice candidates when seeking legal employment.

Photo by Ashim D’Silva on Unsplash

Katie HThis blog post was written by Katie Hutchinson, a final year MLaw student at Northumbria University.  After graduation, Katie hopes to secure a training contract in a commercial law firm and enjoys skiing, art and fashion in her spare time.

Entrepreneurial Business Management meets the Student Law Office

On Wednesday 1st November 2017, a select group (including myself) from the Student Law Office business & commercial firms were lucky enough to visit the Northern Design Centre to meet with a number of Entrepreneurial Business Management (EBM) students.

SLO Northern Design Centre

Business & Commercial firm students at the Northern Design Centre

Similar to the SLO, the EBM students take a real hands-on approach to their studies and even get to start up their own businesses as part of their degree! They work in teams, like the firms we have in the SLO, and have the opportunity to experiment with a number of projects under supervision. This provides them with valuable experience and allows them to hit the ground running when they go out into the working world, just like us.

I spoke with a number of first years who had only just started the programme and was very impressed by the knowledge and business acumen they’d already gained through the process. Everyone had an idea for a business and many were in the process of bringing those ideas to life, a pressure which I could imagine to be very daunting. Yet the EBM students were calm and excited by the whole idea. I got the impression this was due to the fact they receive great guidance and support at all times. A luxury which the SLO students also have with their supervisors.


EBM and SLO students working together

Like the students in the SLO they were all very passionate and driven. They had a clear mindset about what they wanted to achieve. The business ideas ranged from starting a clothing line to selling confectionaries.

In terms of what we brought to the table, we offered a lawyer’s perspective on some of the opportunities and challenges business owners can experience. We spoke for some time about the type of legal advice the business & commercial firms can offer.

We’re fortunate enough to have the opportunity to visit the EBM students again in February 2018. I look forward to see how they have progressed with those great ideas and hopefully they can notice the development in me and the other SLO students.

Let’s hope this is the start of a fruitful relationship.


This blog post was written by Stuart Blair. Stuart is a final year MLaw student at Northumbria University. Stuart has a Newcastle United season ticket and “enjoys” going to watch them play with his Dad and Brother.

Hello and welcome – from the 2017/2018 business & commercial firms!

It’s a new academic year, and the business & commercial firms are full with individuals who have a passion for this area of law and who cannot wait to get stuck into the Student Law Office.

Many of them, like myself, have been waiting for the opportunity to put into practice what we have been taught during the last three years here at Northumbria Law School and the Student Law Office is a fantastic place to do so.

Beth's firm EC2

Beth’s firm in the Student Law Office (L-R: Zeeshan, James, Stuart, Hyndie, Shauna, and Beth)

There will be many blogs posted after mine, like Stuart Blair who will be writing a piece about the commercial students getting to mingle with the Entrepreneurial Business Management students, so stay tuned for that and much more!

I’ll speak to you again soon!

Beth Carr2


This blog post was written by Bethany Carr, a final year MLaw student at Northumbria University. In her spare time, Beth likes to snuggle with her three cats and binge watch Netflix series.

Can we help you?

We are getting ready to welcome our new Year 4 MLaw students into the Student Law Office. This year, we will have four Business & Commercial firms. Each firm is typically comprised of six students.

In the Student Law Office, our students are exposed to working with real clients under the supervision of qualified solicitors who are also full-time lecturers. Normally, our students are able to advise business owners, entrepreneurs, start-ups, and not-for-profits in relation to a range of issues, including the following:

  • Choosing an appropriate business structure: we can advise about the advantages and disadvantages of becoming a partnership or a limited company. We are also able to guide you through the process of incorporation.
  • Website health checks: we can ensure you are displaying appropriate disclaimers on your website. We may also be able to prepare terms of use, privacy policies and cookie policies for your website.
  • Intellectual Property: would you like to know more about copyright? Are you unsure whether to use your new logo? Have you received a worrying letter saying that you have infringed someone else’s IP? These are all issues which our students have advised clients about in the past.
  • Corporate governance: we can advise on directors’ and/or trustees’ duties, the rules and procedures that companies need to adhere to, and advice on Companies House filings.

We have also built a reputation for working with start-ups and early stage businesses. In particular, our students can make suggestions as some of the issues you may need to consider as you go forward with your business. For example, our students recently advised a start-up on their chosen brand, and prepared a non-disclosure agreement for use with external parties.

Of course, this list is not exhaustive and we are always interested in hearing from people who may require our assistance.

Our students will be starting in the office in October, so we will be taking new enquiries from the end of September. If you feel that you may benefit from the assistance of our students, please submit an enquiry by clicking here or alternatively by calling us on 0191 227 3909. Please note that we cannot guarantee that we will be able to provide you with advice, as this will depend on the nature, urgency, and complexity of your enquiry, and the capacity of our staff and students.

Do law students need to network?

The phrase ‘It’s not what you know, it’s who you know’ is something which I have heard many times throughout my education. Yet I am not sure if I ever really understood the importance behind the meaning, until I began to think about my career prospects.

Networking should not be overlooked in any industry and as law firms are becoming increasingly business orientated, having links is a necessity in order to open doors in a competitive market.

So what is networking?

Networking is best described as making a collection of associates and keeping this connection active. This can be achieved by regular communication and is for the mutual benefit of all parties involved. Networking is not based on what you can get but how you can help.

For many, networking is not considered to be one of the most important attributes when preparing for a job and a lot of prospective employees will put their experience and qualifications necessary, above the power of knowing people in the industry. However, being acquainted with people in that industry could set you apart from everyone else.

Over 60% of jobs are being filled in a ‘hidden market’. This means that, unless you know someone in that company, you will not see a job advertisement anywhere.

However, networking is not just for people who are looking for a job, it is applicable to all professionals who want to expand their links and ultimately stay in a competitive industry. According to Lexis Nexis, networking can allow you to:

  • Enhance your profile in the industry;
  • Share and gain information and thoughts;
  • Get insight into other opinions so that you can take those on board and make changes.

Who should I network with?

It is not just about networking with people in Law. Networking can also be applied to people in professions other than your own. It can be helpful to know people in areas such as accountancy or business in case you need to refer clients to different people and, in turn, those connections can refer clients to you.

As a student what should I be doing?

Whether you are a fourth year student or a first year student or even a post-grad, it is never too late to begin networking. Networking events are running all of the time, you could volunteer at an organisation or join a student society and there are plenty of law firm networking opportunities. For example, Ward Hadaway recently hosted a networking charity quiz night. This is a perfect opportunity to make some links with a top law firm.

So what should you do before you turn up to a networking event?

In order to avoid awkward silences you should do some research beforehand. Try to find out who will be attending and prepare some questions which are relevant to their field. Questions are a really important part of networking as people enjoy talking about what they do and it shows you are interested in their personal careers.

How can I catch people’s attention at an event?

Preparing a short pitch can help you keep other people’s attention. Your pitch should include who you are, what you’re studying and what you want to do after university.

Business cards

A business card is a useful tool, but do not hand these out unless somebody asks for it! However, if a professional gives you their business card, use this to search them on social media and send a follow up email or tweet.

Good luck!

Charlotte P

This blog post was written by Charlotte Padgett. Charlotte is a final year MLaw student at Northumbria University currently working in a business and commercial firm in the Student Law Office. In September, Charlotte is planning on working and volunteering in Australia for one year. Her interest outside of law include animal welfare and travelling.

Do you have a PSC Register?

What is the PSC Register?

From April 2016 all private companies and LLPs have been required to maintain a Persons of Significant Control (PSC) Register. This is a record of the people who own or control the business which is available for public inspection. Notably, it does not replace the registers of directors and members, these must also be present and kept up to date.

A director or secretary will have to:

  • make sure the register identifies those with significant control over the company and details their information. This includes their name, date of birth and service address;
  • the register must include the nature and extent of the PSC’s control. For example, it must list the amount of shares the person holds;
  • provide this information to Companies House annually as part of Form CS01 (which has replaced the Annual Return);
  • update the register when it changes; and
  • make the register available for inspection at the company’s registered office.

Who is a PSC?

A PSC is an individual:

  1. who holds more than 25% of shares in the company (or more than 25% of the remaining assets if the LLP were to be wound up); or
  2. who holds more than 25% of voting rights; or
  3. who holds the right to appoint or remove the majority of the board of directors (or those involved with management if the business is an LLP); or
  4. who is otherwise able to exercise significant control over the company. This could include someone having the independent power to change the nature of the business; or.
  5. who holds the right to exercise or actually exercises significant control over a trust or company that meets any of the other 4 conditions.

Companies House has an excellent video explaining how to identify a PSC.

If a PSC refuses to give information this constitutes a criminal offence. Failure to take reasonable steps to ascertain who is a PSC is also a criminal offence.

If your business does not have a PSC, a register will still need to be kept and state the following: “The company knows or has reasonable cause to believe that there is no registrable person or registrable relevant legal entity in relation to the company.”

Why should your business have a PSC?

It makes the company transparent and promotes trust and accountability. As such, it could persuade potential investors to invest in the company. Without a PSC register it may be difficult to attract investors due to the lack of transparency.

In any event, it is compulsory and liability can arise for failure to comply to keep this register. Failure to comply carries an initial fine of £1,000 (or maximum 2 year prison sentence) and, until this is rectified, there is a £100 daily fine.

This blog post was written by Karl Lynch. Karl is a student working in the business firm within the Student Law Office. Karl has experience in a variety of industries but hopes to obtain a training contract at a local commercial law firm. He has a passion for business, in particular corporate governance.