·  Legal News, Analysis, & Commentary


Cybersecurity: the Dos, the Don’ts and the Legal Issues You Need to Understand

— September 17, 2020

These do’s and don’ts allow companies to appropriately secure their crucial business data alongside customers’ information.

Cybersecurity principles play a crucial role in safeguarding a company’s data, website, and web applications from cyber goons, including hackers, identity thieves, internet stalkers, etc. If we talk about banks and other financial institutions, the importance of cyber hygiene or cybersecurity practices grows to another level.

When companies are formulating cybersecurity strategies, they should understand their legal obligations carefully. Their legal obligations should align with their business objectives and cater to cybersecurity management requirements accordingly.

Cybersecurity: the Do’s and Don’ts

Here is the list that includes some critical do’s and don’ts companies should consider while developing their cybersecurity plans:

Make full use of available tools and resources

Organizations need to take proactive measures when it comes to securing their crucial data from the prying eyes of hackers, snoopers, and other cybercriminals. Currently, the cybersecurity industry is booming rapidly because all the stakeholders are investing millions of dollars that help them protect against various cyber threats.

Recently, hackers attacked New Zealand’s stock exchange through the DDoS attacks. Unfortunately, these attacks disrupted the share trading process for four (4) days consecutively. As a result, New Zealand’s government has decided to deploy its spy agency (GCSB) to work with NZX (New Zealand Stock Exchange) to secure the Stock Exchange’s financial infrastructure from such cyber threats.

Taking the above example into account, companies in New Zealand should not overlook the significance of using different tools like VPNs, antivirus software, firewalls, and others. They can consider installing a  free vpn service for New Zealand on their official systems and devices available at their workplaces.

By doing so, they can encrypt their entire business data and protect their devices from viruses or malware to a great extent.

Remove weak links in your system

Upclose shot of computer screen with the word “Security” and a hand-shaped cursor; image by Pixabay, via
Upclose shot of computer screen with the word “Security” and a hand-shaped cursor; image by Pixabay, via

You should educate your employees about using strong passwords and applying encryption techniques to secure all their devices such as laptops, cell phones, tablets, etc. Furthermore, they should not share their passwords at any cost. Similarly, unattended computers need to be locked after a certain number of minutes automatically.

Train employees about cybersecurity policies and procedures

Once you have formulated your cybersecurity strategy, discuss it with all your employees in detail. There is no harm in providing essential training to them. Besides, eliminate all the possible loopholes during the implementation time that can make your cybersecurity practices vulnerable.

Focus on suspicious activities

For example, when your employee receives a dubious call from an unknown person asking about your systems and devices’ digital health, he or she should report the matter to the concerned department at the earliest.

Likewise, if they receive emails from their customers, suggesting they have lost their personal belongings, it means their emails have been hacked. Therefore, contact the customers through landline or cellphone and discover the reality yourself.

Don’t keep cybersecurity a secret

Employers should not make cybersecurity a puzzle or mystery for their employees. They should discuss the general online privacy issues with their peers and provide possible solutions to them as and when required.

The same goes for employees as well. They can regularly come up with the suggestions and ideas related to cybersecurity improvement and regularly exchange their viewpoints with leadership or management.

Don’t assume cybersecurity is someone else’s problem

You should not think that cybersecurity is an IT issue only. The whole company is responsible for addressing cybersecurity risks and challenges timely. You should update your existing cybersecurity plans and procedures consistently.

Don’t think cybersecurity is a one-time exercise

Cybersecurity should be a part of your long term planning as it cannot be considered a one-time activity. To make your organization successful in the future privacy-wise, you have to follow cybersecurity practices correctly and for an extended period.

Legal Issues You Need to Understand

There is no denying cybersecurity is turning out to be a minefield of legal risk with each passing day. As far as MSPs (Managed Service Providers) and VARs (Value Added Resellers) go, they both live in this minefield.

As we know that all the US states have their data privacy laws including HIPAA, CCPA, and so on. Interestingly, these privacy laws have specific requirements for cybersecurity as well. Thus, Both MSPs and VARs have to understand the consequences of cybersecurity related legal issues since lawsuits are becoming more common these days due to the rise in data breach incidents.

Therefore, MSPs and VARs should avoid these legal issues as it will secure themselves from lawsuits in the future:

  • Breach of contract lawsuit
  • Negligence lawsuit

Breach of Contract Lawsuit

Breach of contract is the violation of an agreement or contract where one party fails to fulfill its promises as per the contract requirements. In the MSP case, the client is the primary sufferer of a data breach who has filed a lawsuit.

What to do?

The best way of avoiding this lawsuit is to make clear communication with your client at the beginning of your relationship. Moreover, your client should understand your responsibilities in terms of cybersecurity, and at the same time, you should thoroughly describe them their responsibilities.

All these responsibilities should be written in a formal agreement and signed by both parties i.e., MSP and client. You should include clauses such as limit your liability in the agreement that can safeguard your business survival in case of a lawsuit.

Negligence Lawsuit

When one party fails to use reasonable cautions while offering services and harms the plaintiff, it is called a negligence lawsuit. In short, an IT company or MSP has to abide by the term “Standard of Care. It means MSP is responsible for fulfilling its inherent responsibilities.

If your services fall short according to the “Standard of Care,” the plaintiff, which will be in this scenario, the client can take legal action against the MSP.

What to do?

You can take different precautionary measures such as network security to avoid negligence lawsuits in the future. If we talk about network security, it is about keeping your system and proprietary data secure. Therefore, you should hire an experienced IT staff to prevent your company from data breaches by protecting both your system and customers’ data accordingly.

Wrapping Up

Cybersecurity is indispensable for organizations’ digital existence because they cannot survive a single day without following proper cybersecurity practices. The above-mentioned do’s and don’ts allow companies to appropriately secure their crucial business data alongside customers’ information.

Apart from this, MSPs and VARs should also focus on cybersecurity-related legal problems as described-above in a proactive manner if they want to remain viable financially in the coming years.

Join the conversation!