Media reporting on
the so-called Panama Papers has focused on the tax affairs of wealthy
individuals and international organisations, but the hacking of client files at
Panamanian law firm Mossack Fonseca has implications for every business.
The largest leak in history, with some 2.6
terabytes of data involved, the shockwaves of the Panama incident have been
felt around the globe, and the hacking is a wake-up call to companies that
don’t already treat their cyber-security with the same stringency as their legal,
regulatory, financial or operational risks.
“This was a major world-wide incident, involving
many high profile individuals and global organisations, but the lesson is one
that any business should relate to, however small they may be,” said commercial expert expert Glyn Morrice Evans of Gamlins
Law;
“Protecting company data from attack is not just
about keeping client data safe, it’s just as much about protecting your
reputation, your employees and your future competitive edge, as well as keeping
inside the law. And it’s not just
protection from outside criminals, the risk is
just as likely to come from current or previous employees or competitors.”
Last year a UK manufacturing company had design blueprints
stolen and shared with a competitor.
They launched an investigation when the competitor released equipment
which was extremely similar to their own, and established that they had been
subject to a targeted cyber-attack, and that the stolen blueprints had been sold
to Chinese-owned companies. The
infiltration was achieved when hackers targeted a job-seeking chief design
engineer, who unwittingly downloaded malware through an email, after responding
to a fake online recruitment profile designed specifically to trap him.
And Morrisons supermarket is being sued under a
group litigation order involving more than 5000 of its employees, after
personal and financial details were posted online by a disgruntled
ex-employee.
“It’s a really big issue for every business, large or small,” added Glyn.
“Electronic data is a hugely valuable commodity and that value can be
encashed when it falls into the wrong hands, so business leaders must make it a
top priority.”
Company directors need to ensure
they are meeting the requirements of the Data Protection Act and the
Communications Act in the UK, and those will shortly be joined by the EU Data
Protection Regulation and EU Cybersecurity Directive. Alongside, directors have
a duty to be informed on any issues that are relevant to the proper running of
the company under the Companies Act 2006.
A new London-headquartered National Cyber Security
Centre is expected to begin operations in October 2016, bringing all the UK's
cyber expertise into one place to address current problems with the digital
defences of companies and organisations.
Web site content note:
This is not legal advice; it is intended to provide information of
general interest about current legal issues.
No comments:
Post a Comment