How prepared is your business in the event of a cyber security breach?

How can cyber attacks affect my business?

As technology becomes more advanced cyber security is becoming something every business needs to consider. A successful cyber attack can have a major effect on your business reputation and the trust of your consumers.

How will my reputation be affected?

Trust from your consumers is essential when growing your business, however a cyber attack can significantly erode that trust and become counterproductive when building your brand. If this happens, this can lead to a loss of customers, a loss of sales, and a reduction in profits amounting from this. Furthermore, affected customers may even consider legal action against your business. Suppliers may also lose trust in your business, and it may even affect relationships within your business such as with other partners or investors.

What about financial loss?

Cyber attacks can result in substantial financial loss arising from:

  • Theft of financial information, such as bank details or payment card details
  • Theft of money held within the business
  • A disruption in trading due to the inability to carry out further online transactions

Furthermore, businesses who have suffered a breach in their cyber security may also incur further costs in repairing affected systems and devices. In the long-run, it is usually cheaper to hire a professional penetration tester to make sure your systems are secure, than it is to repair the damage from a breach!


What are the legal consequences of a cyber security breach?

Under the Data Protection Act you must manage the security of any personal data you hold. Any data that is either accidently or deliberately compromised due to not having appropriate security measures may result in fines and regulatory sanctions. The General Data Protection Regulation (GDPR) is a new regulation coming into force in May 2018 by European Parliament. The aim of this regulation is to give people control over their personal data. Any breach of this regulation can lead to receiving a warning (in cases of first and non-intentional non-compliance), periodic data protection audits, and fines.

How can I prevent cyber breaches?

First and foremost, make sure you invest in some anti-virus and anti-malware software. Make sure that this software remains updated and that you perform regular security scans. If you find anything on your systems that shouldn’t be there, uninstall it or quarantine it using your anti-virus software immediately.

Secondly, ensure that your employees are aware of any cyber security prevention procedures that are in place within the business. Educate them on how to keep their passwords safe (such as not keeping a piece of paper with their passwords at the desk), and not to speak to those outside the business about security. One of the easiest way to breach security is simply to obtain a password or information from an employee.

It may seem obvious, but make sure any passwords used within your business are strong. The easiest way to enter a secure website is to exploit a weak password. In order to create a strong password, make sure it is at least eight characters (or longer!) and includes a combination of numbers, letters and symbols. Try to avoid any words that may relate to you, such as names, dates or locations.

Make sure you take advantage of a two-step verification process for your business accounts. This will offer an extra layer of security as opposed to simply requiring a username and password. Banks are a perfect example of this in that they require a username, password, and often a security number in order to enter your account.

How can I minimise the impact of a cyber attack?

In order to minimise the aftermath of a cyber security breach you should have an incident response plan in place which will allow you to quickly and effectively deal with the breach.

First, contain the breach to mitigate any further damage to your business. In order to do this, make sure you assess how large the breach is and investigate all systems which may have been affected. You may need to reroute network traffic and block web attacks, and it may be necessary to suspend any compromised devices or networks.

Make sure you have personnel qualified to respond to the incident. This will usually comprise of technical employees to investigate the breach, a public relations expert to deal with any damage to your brand, and possibly a data protection expert if any held data has been compromised.

How prepared is your business in the event of a cyber security breach?

Melissa H


This blog post was written by Melissa Henderson. Melissa is a final year MLaw student at Northumbria University currently working in a business & commercial firm in the Student Law Office. After graduating she hopes to return to her volunteering role in South Africa before beginning her career. Her interests outside of law include animal rights and powerlifting.



How is Artificial Intelligence affecting the legal sector?

As technology is becoming more advanced with the introduction of smartphone apps providing a wide variety of services, how long will it be before you can get legal advice from your smartphone? It may be closer than you think.

In 2016 a second-year student at Stanford University created “the world’s first robot lawyer”, called DoNotPay, which has helped to overturn over 160,000 parking tickets. The creator of DoNotPay, Joshua Browder, told that he is also going to use the programme to help people with HIV understand their legal rights and to collect compensation for people whose flights were delayed beyond four hours.

Although at an early stage, the advancement of technology into the legal sector is evident. There are a number of examples, including NextLaw Labs  – a global collaborative group focused on developing new technologies to transform the practice of law around the world.

One start-up that has been helped by Next Law Labs is Ross Intelligence. Ross Intelligence has developed an artificial researcher, which uses a legal databases, such as Westlaw and LexisNexis, to find information based on questions that you can input into the programme. This may significantly reduce a client’s bill. If the artificial intelligence is doing  most of the research then the solicitor doesn’t have to – less time spent  leads to lower bills for the client.

Many other areas are being heavily influenced by technology – take self-service apps for the taxi industry,  for example. So the case for a cheaper way of accessing legal information is understandable. The legal sector has historically been seen as a very high end area of expertise, and therefore the price reflects the amount of work and skill that goes into the job.

The question then is:  should there be an influx of artificial intelligence which is capable of doing a majority of the preliminary research needed for a case. And where do the trainees fit into any new system?

One of the main jobs a trainee will do is to draft documents and undertake research to be passed onto a supervisor. Should the use of artificial intelligence increase, and these jobs taken by artificial researchers, the need for trainees may slow down somewhat. The legal profession is already very competitive – the Law Society reported that from August 2013 to July 2014, there were only 5,001 training contracts available, for the 16,116 students who graduated with a law degree during the same period.

The need for trainees will always be essential to a large and expanding law firm, however as a law firm is a business, smaller firms may see it as more cost effective to use artificial researchers rather than hire trainees in the future. It will be interesting to see how this develops. Of course, there is still a need for a personal approach to tailor the services to the client’s business, so it is unlikely that we will see practicing robot lawyers any time soon.


This blog post was written by Reece Trammer. Reece is a final year student studying at Northumbria University in a business firm in the Student Law Office. Upon graduating, he will be looking for a Training Contract or Paralegal work in a commercial law firm. His interests outside of law include football, rugby and snooker. 


Stay ahead of the game and think digital!

It is becoming ever more apparent that businesses need to keep up with the newest technology and IT systems available, in order to ensure work is completed in an efficient manner and to beat off fierce competition for work.

I was lucky enough to be chosen to attend the event “Upload: LIVE” at Barclays HQ in Canary Wharf, London. The event was hosted by Barclays Digital Eagles and Free Formers, who describe themselves as a ‘digital transformation company’ and run workshops all over the UK for all ages to help develop their digital skills.

The day was split into four interactive workshops:

  1. Social
  2. Code
  3. Lab
  4. Security

Here are some of the insights I gained from the day that I feel will be useful for anyone running a small business.


  • Personal brand

The social session gave key insight into developing a personal brand, and showed me how to link my various social media pages together in order to create a bigger picture of who I am and how I work. Emphasis was placed on using online platforms to showcase a more human and humorous side to oneself.

  • Networking

We also undertook a 5 minute networking activity, based on a game of bingo. Everyone had a card and tasks were written on each square. The aim was to chat to as many people as possible to find out who fulfilled the criteria in each square. For example, one of the squares read: “Find a person who has more than 500 twitter followers”. In those 5 minutes, I must have spoken to more than 30 people, and got their social media page information so we could remain in touch after the event. This simple group activity showed me the effectiveness of networking and how it is a skill all of its own. Indeed, it often appears that the most effective tool for a small business to attain new clients is through recommendation by other people.


  • Free resources for businesses

I was surprised to find just how many free resources there are online which teach coding, and that there are plenty of templates to give you a head start, which you can adopt and adapt for your own website for your business. If you have the time to devote to learning the skill of coding, this would be a fantastic way of saving money rather than paying a website designer.

  • Html coding

This was completely alien to me at the beginning, having never done any html scripting before. I managed to learn, in a very intense hour and a half, how to create a web page. I really took confidence from this session and it showed me that truly anyone can learn to code, and you should not underestimate your digital skills, as they can easily be shaped and developed with a little time, enthusiasm and persistence.


  • Creativity

I learned how to design and create an app, something I had never before imagined myself doing. The opportunity to be as creative as possible, and the challenge to come up with something a little obscure, brand new and perhaps controversial, was very inspiring for me.

  • Making an app for small businesses

This would be a fantastic step forward in putting your product out into people’s everyday lives. An app sits on your phone and once downloaded, the consumer will see the logo hundreds of times a day, and they can receive information instantaneously about updates to your product or services. Getting the image and brand of the business into the back of people’s minds is a great tool for marketing, as consumers are more likely to be a product or a service, from a company or individual who are familiar and comfortable in their minds.


  • Think like a hacker!

The security session was packed full of tips to keep safe on the internet. There were warnings of phishing emails and identity theft, and how to recognise a secure website where information is safely encrypted, compared to a fake and insecure page. We were advised to look for the https:// at the start of a web page to ensure it is secure, and to look out for the green padlock symbol just above the address box, as this too is a symbol of a secure site. In order to remain safe online, we must think like hackers and be aware just how public information is once we put it online, as well as being selective about the information we give out to people we do not know.

I thoroughly enjoyed the Upload:LIVE event and would highly recommend the Free Formers team. In a world of quickly moving digital technology, it is important to stay one step ahead of your competition and think digital!

Details on booking a digital transformation course with Free Formers and more information on the company can be found here. Free online training guides and resources from Barclays Digital Eagles are also fantastic and can be found here.

This blog post was written by Juliet Gough. Juliet is an MLaw student working in a business and commercial firm at Northumbria Law School. On graduation she hopes to secure a training contract with a reputable commercial firm. She plans to undertake paralegal work in the meantime to broaden her experience and further develop the key skills she will use in practice.