The Covid pandemic, and the sudden shift to home working, has caused organisations to reflect on, amongst other things, their cyber security posture and the extent to which they have appropriate policies, procedures and systems in place. Organisations have been forced to consider how, in these unusual times, they can demonstrate that they are on the one hand making sure that their employees are able to continue performing their roles efficiently, but on the other ensure that their data and confidential information is safeguarded.
It is, therefore, unsurprising that data transfers between organisations are likely being scrutinised more than before (particularly for the organisations which were not generally equipped for home working prior to the initial lockdown in March 2020). With that in mind, it is probable that many organisations will look to consider recognised certifications and standards (such as Cyber Essentials, Cyber Essentials Plus and IS027001). Whilst these certifications are not the complete answer, they point towards a culture of compliance and go some way to evidencing that genuine consideration and thought has been given to how data and confidential information is handled. It will be interesting to see the extent to which these standards, or other new and emerging standards, become the benchmark for organisations moving forward (and whether they continue to be requested by way of due diligence at the outset of new and developing business relationships). The pandemic, combined with the looming Brexit deadline will, therefore, likely provide those organisations that can offer services associated with the certifications and standards with opportunities from new and existing clients.
Considering the financial and reputational harm associated with a data breach or cyber security incident, it is now more important than ever (in a time where some organisations are perhaps more off guard, or less prepared) that organisations adapt and take appropriate advice from cyber security professionals who can guide them through their various options. That process will help to educate the organisation on their own cyber security posture, which will in turn inform the way in which they process and store data and confidential information. The question at that stage, therefore, is how can that be evidenced? This points back to the importance of the recognised certifications and standards (and associated policies, procedures and systems) which would be used to demonstrate that thought process and give comfort to employees and customers (and so as to have a reference point when compliance with those policies is being consistently monitored).
Chris Recker – Senior Associate
Chris is a Senior Associate solicitor specialising in commercial litigation and arbitration, with a particular emphasis on fraud and risk management. His experience includes resolving complex multi-jurisdictional disputes, freezing and tracing assets and carrying out internal investigations (including crisis/incident response). He has experience of both private practice and in-house roles, having spent time on secondment to a local authority and an international bus operator. He is also the author of a chapter in the book: ‘The Financial Crisis and White Collar Crime – Legislative and Policy Responses: A Critical Assessment.’
Chris has a particular interest in technology, cybercrime and cyber security issues. He has delivered seminars and training on fraud and cyber security issues, including the development of fraud risks relating to blockchain technology (at West Midlands Cyber Security Expo 2018), developments in legal technology (including artificial intelligence) and cryptocurrency related issues (at Midlands Fraud Forum). Chris is also a contributing author on a whitepaper which illustrates specific cyber security risks in the supply chain (including those related to blockchain and cryptocurrency) and is a part time visiting lecturer at BPP Law School (where he teaches on the undergraduate LLB and postgraduate LPC courses).
Trowers & Hamlins LLP
www.trowers.com
