How prepared is your business in the event of a cyber security breach?

How can cyber attacks affect my business?

As technology becomes more advanced cyber security is becoming something every business needs to consider. A successful cyber attack can have a major effect on your business reputation and the trust of your consumers.

How will my reputation be affected?

Trust from your consumers is essential when growing your business, however a cyber attack can significantly erode that trust and become counterproductive when building your brand. If this happens, this can lead to a loss of customers, a loss of sales, and a reduction in profits amounting from this. Furthermore, affected customers may even consider legal action against your business. Suppliers may also lose trust in your business, and it may even affect relationships within your business such as with other partners or investors.

What about financial loss?

Cyber attacks can result in substantial financial loss arising from:

  • Theft of financial information, such as bank details or payment card details
  • Theft of money held within the business
  • A disruption in trading due to the inability to carry out further online transactions

Furthermore, businesses who have suffered a breach in their cyber security may also incur further costs in repairing affected systems and devices. In the long-run, it is usually cheaper to hire a professional penetration tester to make sure your systems are secure, than it is to repair the damage from a breach!

cyber

What are the legal consequences of a cyber security breach?

Under the Data Protection Act you must manage the security of any personal data you hold. Any data that is either accidently or deliberately compromised due to not having appropriate security measures may result in fines and regulatory sanctions. The General Data Protection Regulation (GDPR) is a new regulation coming into force in May 2018 by European Parliament. The aim of this regulation is to give people control over their personal data. Any breach of this regulation can lead to receiving a warning (in cases of first and non-intentional non-compliance), periodic data protection audits, and fines.

How can I prevent cyber breaches?

First and foremost, make sure you invest in some anti-virus and anti-malware software. Make sure that this software remains updated and that you perform regular security scans. If you find anything on your systems that shouldn’t be there, uninstall it or quarantine it using your anti-virus software immediately.

Secondly, ensure that your employees are aware of any cyber security prevention procedures that are in place within the business. Educate them on how to keep their passwords safe (such as not keeping a piece of paper with their passwords at the desk), and not to speak to those outside the business about security. One of the easiest way to breach security is simply to obtain a password or information from an employee.

It may seem obvious, but make sure any passwords used within your business are strong. The easiest way to enter a secure website is to exploit a weak password. In order to create a strong password, make sure it is at least eight characters (or longer!) and includes a combination of numbers, letters and symbols. Try to avoid any words that may relate to you, such as names, dates or locations.

Make sure you take advantage of a two-step verification process for your business accounts. This will offer an extra layer of security as opposed to simply requiring a username and password. Banks are a perfect example of this in that they require a username, password, and often a security number in order to enter your account.

How can I minimise the impact of a cyber attack?

In order to minimise the aftermath of a cyber security breach you should have an incident response plan in place which will allow you to quickly and effectively deal with the breach.

First, contain the breach to mitigate any further damage to your business. In order to do this, make sure you assess how large the breach is and investigate all systems which may have been affected. You may need to reroute network traffic and block web attacks, and it may be necessary to suspend any compromised devices or networks.

Make sure you have personnel qualified to respond to the incident. This will usually comprise of technical employees to investigate the breach, a public relations expert to deal with any damage to your brand, and possibly a data protection expert if any held data has been compromised.

How prepared is your business in the event of a cyber security breach?

Melissa H

 

This blog post was written by Melissa Henderson. Melissa is a final year MLaw student at Northumbria University currently working in a business & commercial firm in the Student Law Office. After graduating she hopes to return to her volunteering role in South Africa before beginning her career. Her interests outside of law include animal rights and powerlifting.

 

Advertisements

Hello and welcome – from the 2017/2018 business & commercial firms!

It’s a new academic year, and the business & commercial firms are full with individuals who have a passion for this area of law and who cannot wait to get stuck into the Student Law Office.

Many of them, like myself, have been waiting for the opportunity to put into practice what we have been taught during the last three years here at Northumbria Law School and the Student Law Office is a fantastic place to do so.

Beth's firm EC2

Beth’s firm in the Student Law Office (L-R: Zeeshan, James, Stuart, Hyndie, Shauna, and Beth)

There will be many blogs posted after mine, like Stuart Blair who will be writing a piece about the commercial students getting to mingle with the Entrepreneurial Business Management students, so stay tuned for that and much more!

I’ll speak to you again soon!

Beth Carr2

 

This blog post was written by Bethany Carr, a final year MLaw student at Northumbria University. In her spare time, Beth likes to snuggle with her three cats and binge watch Netflix series.

Can we help you?

We are getting ready to welcome our new Year 4 MLaw students into the Student Law Office. This year, we will have four Business & Commercial firms. Each firm is typically comprised of six students.

In the Student Law Office, our students are exposed to working with real clients under the supervision of qualified solicitors who are also full-time lecturers. Normally, our students are able to advise business owners, entrepreneurs, start-ups, and not-for-profits in relation to a range of issues, including the following:

  • Choosing an appropriate business structure: we can advise about the advantages and disadvantages of becoming a partnership or a limited company. We are also able to guide you through the process of incorporation.
  • Website health checks: we can ensure you are displaying appropriate disclaimers on your website. We may also be able to prepare terms of use, privacy policies and cookie policies for your website.
  • Intellectual Property: would you like to know more about copyright? Are you unsure whether to use your new logo? Have you received a worrying letter saying that you have infringed someone else’s IP? These are all issues which our students have advised clients about in the past.
  • Corporate governance: we can advise on directors’ and/or trustees’ duties, the rules and procedures that companies need to adhere to, and advice on Companies House filings.

We have also built a reputation for working with start-ups and early stage businesses. In particular, our students can make suggestions as some of the issues you may need to consider as you go forward with your business. For example, our students recently advised a start-up on their chosen brand, and prepared a non-disclosure agreement for use with external parties.

Of course, this list is not exhaustive and we are always interested in hearing from people who may require our assistance.

Our students will be starting in the office in October, so we will be taking new enquiries from the end of September. If you feel that you may benefit from the assistance of our students, please submit an enquiry by clicking here or alternatively by calling us on 0191 227 3909. Please note that we cannot guarantee that we will be able to provide you with advice, as this will depend on the nature, urgency, and complexity of your enquiry, and the capacity of our staff and students.

Do you have a PSC Register?

What is the PSC Register?

From April 2016 all private companies and LLPs have been required to maintain a Persons of Significant Control (PSC) Register. This is a record of the people who own or control the business which is available for public inspection. Notably, it does not replace the registers of directors and members, these must also be present and kept up to date.

A director or secretary will have to:

  • make sure the register identifies those with significant control over the company and details their information. This includes their name, date of birth and service address;
  • the register must include the nature and extent of the PSC’s control. For example, it must list the amount of shares the person holds;
  • provide this information to Companies House annually as part of Form CS01 (which has replaced the Annual Return);
  • update the register when it changes; and
  • make the register available for inspection at the company’s registered office.

Who is a PSC?

A PSC is an individual:

  1. who holds more than 25% of shares in the company (or more than 25% of the remaining assets if the LLP were to be wound up); or
  2. who holds more than 25% of voting rights; or
  3. who holds the right to appoint or remove the majority of the board of directors (or those involved with management if the business is an LLP); or
  4. who is otherwise able to exercise significant control over the company. This could include someone having the independent power to change the nature of the business; or.
  5. who holds the right to exercise or actually exercises significant control over a trust or company that meets any of the other 4 conditions.

Companies House has an excellent video explaining how to identify a PSC.

If a PSC refuses to give information this constitutes a criminal offence. Failure to take reasonable steps to ascertain who is a PSC is also a criminal offence.

If your business does not have a PSC, a register will still need to be kept and state the following: “The company knows or has reasonable cause to believe that there is no registrable person or registrable relevant legal entity in relation to the company.”

Why should your business have a PSC?

It makes the company transparent and promotes trust and accountability. As such, it could persuade potential investors to invest in the company. Without a PSC register it may be difficult to attract investors due to the lack of transparency.

In any event, it is compulsory and liability can arise for failure to comply to keep this register. Failure to comply carries an initial fine of £1,000 (or maximum 2 year prison sentence) and, until this is rectified, there is a £100 daily fine.

This blog post was written by Karl Lynch. Karl is a student working in the business firm within the Student Law Office. Karl has experience in a variety of industries but hopes to obtain a training contract at a local commercial law firm. He has a passion for business, in particular corporate governance.

Sky’s the limit for OpenWorks!

This year has been particularly exciting for students Elena and Dan who have been lucky enough to work with a group of British engineers who are set to take the security and counter terrorism markets by storm.

OpenWorks Engineering Ltd, founded in July 2015, has invented a system that offers security operators a ground-breaking alternative way to defeat nefarious drones. The company has now presented the official launch of their SkyWall100 drone defence system at the 2016 Home Office Security and Policing event and we can expect to see the first SkyWall100 systems in use before the end of the year.

SkyWall100 Front Shot

Chris Down, Managing Director of OpenWorks, said:

“Authorities around the world have been looking for a system like this and we are proud to continue the tradition of British innovation in the security industry.”

Providing OpenWorks with free legal advice and documentation at such an important stage has been a unique opportunity for Elena and Dan to develop their legal skills. Working with Roland Wilkinson, OpenWorks’ Financial Director, Elena and Dan drafted terms of use, a cookies policy and a privacy policy for the company website, and advised on general corporate governance issues. The work has provided a thrilling insight into the issues facing young businesses and the latest developments in the technology and engineering sector.

Elena and Dan said:

“Working with OpenWorks was a wonderful experience. Not only did this allow us to develop our legal skills with a commercial client, but, importantly, we were able to spend time really getting to know the business. We were inspired by their innovative personality, ambitious aims and strategic future plans and we are excited to work with other young businesses in the future.”

Elena and Dan headshots

Dan and Elena in the Student Law Office

Roland Wilkinson, Financial Director of OpenWorks, said:

“As a young start up, OpenWorks Engineering was looking for some legal guidance on website policies. The Student Law Office took on the whole process, delivering complete policies ready to publish with minimal input from myself. Elena and Daniel were professional and knowledgeable with prompt updates throughout. For appropriate legal counsel, I would thoroughly recommend the Student Law Office.”

The Student Law Office would like to wish OpenWorks every success in the future and we look forward to following their progress with SkyWall100.

This blog post was written by Elena Cross and Dan Watson. Elena graduated from Northumbria University this summer. Elena has secured a training contract with Bond Dickinson LLP in Newcastle for September 2016 and is excited to get started! In the meantime, Elena will continue to work as a bridal consultant in a wedding dress shop and enjoys spending her free time cooking and socialising. Dan also graduated from Northumbria University this summer. He has aspirations to become a commercial lawyer and outside of work has passion for playing and watching sport.

Trade Marks 101: Part 2

In this two part series, Perri Byrne and Liam Faulkner are taking us on a whistle stop tour of trade marks. In Part 1, Perri explained what a trade mark is and the benefits of registration. Here, in Part 2, Liam looks at how to register a trade mark.

In the highly competitive business world that we live in, the well known phrase “dog eat dog” is an understatement to say the least. If it wasn’t hard enough having to fiercely compete with other businesses that aim to conquer the market, there are new businesses popping up round every corner who also have the burning desire to succeed. However, there are tools available to all business owners which can potentially propel them to flourish in even the most cutthroat business environments! You need to look no further. One essential tool that is readily available to you is the registration of your trade mark. If you’ve had the tenacity to create such a creative brand, then why not make sure it was protected?

How can I make my application to register a trade mark?

You may have imagined the registration process entailing a damp old office down a corridor of your local town hall where you are presented with stacks upon stacks of dusty books containing previous trade marks, in which you have to tediously sort through to only find out that someone had registered the same trade mark ten years before you. Thanks to the 21st Century, this is not the case at all.

You will make your application to the UK Intellectual Property Office (click here for more about the IPO).

There are three methods available when applying to register a trade mark. Whichever method you choose, you will need to identify the “class” or “classes” that you wish to register it under. This is essentially the field/fields your trade mark will have protection in, for example “education” or “advertising”.

1)           Firstly, there is the standard paper service (post) which costs £200 (for one class of goods/services). There is a fee of £50 for each additional class.

2)            The second method is an online application, which costs £170 for one class, with a further £50 fee for each additional class.

3)            The final method is the ‘Right Start’ scheme which costs £200 (for one class) and is also an online service. You will pay only half of the fee with your application (for instance, if applying to register under one class, this would be £100). If the report is successful you may then proceed with the registration and the remainder of the fee will then be payable.

With each of these methods the Intellectual Property Office will email/post the examination report to you within 20 working days.

What happens after the application?

If the examiner has no objections to the registration of the mark, you will be published online in the Trade Marks Journal for a period of 2 months. This is open to public inspection in which, interested parties may oppose the registration. As long as no objections arise during that period, then the trade mark will be registered and a registration certificate will be issued to you. Consequently, you will now be the happy owner of a registered trade mark!

laimThis blog post was written by Liam Faulkner. Having studied intellectual property previously he has found it very interesting to apply this knowledge to real life scenarios. In his spare time he enjoys playing football, and after graduating he hopes to either secure a training contract or work as a paralegal.

Trade marks 101: Part 1

In this two part series, Perri Byrne and Liam Faulkner are going to take us on a whistle stop tour of trade marks. Here, in Part 1, Perri outlines what a trade mark is. She then goes on to explore the benefits of registration. In Part 2, Liam will explain how to register a trade mark.

What is a trade mark?

A trade mark is defined under s.1(1) Trade Marks Act 1994 as ‘any sign capable of being represented graphically which is capable of distinguishing goods or services of one undertaking from those of another’. In other words, a trade mark enables consumers to identify goods or services as originating from a particular company or relating to a certain product or service. Trade marks typically take the form of words or logos, though it is possible to protect more unusual forms of trade marks such as colours, slogans, shapes of products or packaging, sounds and even smells.

Trade marks may be registered or unregistered. Registering trade marks usually offers the best protection but unregistered trade marks can be enforced in certain circumstances under the law of passing off.

It is important to distinguish trade marks from other types of registration such as domain names or company names. Registering a company name at Companies House does not provide trade mark protection for that name. If a person registering a company name wishes to prevent third parties from using an identical or confusingly similar name in the course of trade, it is important to file a separate trade mark registration to better protect the name.

What are the benefits of owning a registered trade mark?

If your register your trade mark, you are entitled to:

  • sell and license the brand
  • take legal action against anyone who uses the brand without permission, including counterfeits
  • use the ® symbol next to the brand – to alert others that it is a registered mark and warn anyone against using it.

For more information about trade marks, we recommend you visit the Intellectual Property Office website.

 

PerriThis blog post is written by Perri Byrne. Perri is a MLaw student working in a business & commercial firm within the Student Law Office at Northumbria University. Upon graduation she hopes to obtain a training contract within a commercial law firm. Meanwhile, she plans to carry on her work at the Citizens Advice Bureau and to undertake a paralegal position in order to enhance the skills which she has developed.