Essentially Commercial.

Meet our team

Using Law, Technology & Governance to Tackle Your Business Digital Risk Management

It’s time for business leaders to invest in business digital risk management – but what is it exactly? Sophie Newbould, Managing Director of Newboulds Solicitors, explains

Something’s off. You know it, I know it. What’s it called? The Internet.

Despite the myriad benefits and functions that we all know and love, the Internet has started to lose its allure, worn down by the sheer number of threats and exposures which have made it a rather dangerous place to operate.

The ease with which hostile actors can search, find and enter the domains of law firms, banks and health providers – to name but three – should make everyone realise that whatever the pledges of our Internet Service Provider, we are not safe. Far from it.

And that’s why the biggest threat to business today is cyber crime.

But it doesn’t have to be that way. Instead of blaming the criminal for entering their unprotected digital environment, leaders should instead examine the risk management of their business and ask whether it is sufficient. More often than not they will realise there is much more still to do.

Protecting the lifeblood of business: Data

What do SolarWinds, LastPass, CTS, MOVEit and Salesforce have in common? All of them have suffered serious cyber assaults in recent years. Such events have underscored the critical need for comprehensive due diligence, including the Managed Service Provider (MSP) or tech provider which businesses employ to safeguard their data.

So how should they do this? Here is a six-point strategic checklist for leaders to deploy:

  1. Scrutinise the Security Infrastructure

Conduct a meticulous examination of the MSP’s or Tech Provider's security framework to ensure it aligns with industry best practices and has robust firewalls, encryption protocols, and intrusion detection systems in place. Confirm their continuous monitoring and immediate response mechanisms before agreeing licensing arrangements and data transfers.

  1. Thorough Network Analysis

Rigorously assess the network architecture where the business data will reside.  Confirm the implementation of secure Internet Assets, logins, protocols, segregated access controls, and regular vulnerability assessments. An airtight network is non-negotiable in safeguarding against external threats.

  1. DNS Records and Domain Security

Do not underestimate the significance of Domain Name System (DNS) security. Businesses should verify DNSSEC implementation to prevent domain hijacking and validate the integrity of their, and by default, its online presence. Oversight here can completely expose an organisation to acute vulnerabilities.

  1. Comprehensive Contractual Agreements

It is crucial for draft contracts to transcend mere formalities and specify stringent security standards, incident response protocols and the provider's liability in the event of a security and/or data breach. Embed clauses for periodic security audits to ensure ongoing compliance.

  1. Ongoing Security Commitment

A company’s board and C-Suite leaders should recognise that cyber security is an ongoing commitment and resource it accordingly. Clear lines of communication should be in place for promptly reporting and addressing security concerns. The business and security provider should understand that a shared responsibility for maintaining a secure environment is essential when there is a dispute to manage.

  1. Legal Safeguards

It is prudent to consult legal experts to model business risks online and draft agreements that validate and align with prevailing data protection regulations and third-party liabilities. Include clauses regarding regulatory fines, breach notification obligations and the potential for class-action suits should a security incident occur and be proven to be the MSP’s or Tech Provider’s negligence.

Case for the Defence

When it comes to digital collaboration, the importance of security cannot be overstated. Contracts reflecting robust security measures and a commitment to ongoing scrutiny are not mere formalities; they are the linchpin of a resilient defence against the rising tide of cyber threats.

Given that the consequences of laxity are colossal, due diligence becomes the ultimate shield for protecting invaluable data assets. Full due diligence assessments before and during contracts will avoid confusion, exposures and exploitation by unwanted third parties. Training staff and/or ensuring businesses have the right external expertise to support their digital infrastructure cyber resilience is essential.

Effectively managing business digital risk will be the difference between a business succeeding or failing. Yes, this means increased investment costs but lowering risk means increasing success. Business digital risk management is the next big thing.  Newboulds is ready to serve.

What Next?  Get in touch with Sophie 07919 118823 sophie@newbouldslaw.com or book an appointment

    Close

    Get in touch