Tahir's Tips: How to Ensure Your Business is Cyber-Secure

The issue of cyber-security has been all over the news recently as it emerged that over 100 household names had been targeted by online thieves who had stolen personal photographs and videos from their iCloud accounts. Those reportedly targeted included Jennifer Lawrence, Kate Upton, Ariana Grande and Rihanna.

There are a number of legal issues involved here, including data protection, breach of privacy and theft. Most importantly this latest breach highlights the importance of securely storing sensitive information. This applies to commercially sensitive information (such as designs and prints) as well as personally sensitive information (such as private photographs). This week, I share some useful tips about how you can ensure that information that you have electronically stored is sufficiently protected.

 

Be aware of the iCloud

As the story about the leak of naked pictures broke earlier this week, it was initially suggested that a breach of Apple’s iCloud service was responsible for the theft (although this has now been dismissed). Consumers, whether they are celebrities or just ordinary people, are very vulnerable when mobile cloud services are offered by providers on a default basis, primarily because users have very little understanding of the risks associated with the systems. If you have sensitive information stored on your mobile, laptop or tablet it may be worth ensuring that any default cloud backup settings are switched off and that the information is backed up elsewhere, such as on an external hard drive.

 

Social media is never private

It goes without saying that sensitive information should never be posted on social media. This is particularly important for fashion designers both in terms of confidential agreements, clients or projects or when trying to protect unregistered intellectual property rights which the designer intends to register or which have a short time limit of protection starting from when they are made public. As has been covered in previous articles, the time limit for a design to be protected by unregistered community design rights is three years from the date on which the design was first “made available to the public” and social media is very public.

 

Ensure that when outsourcing IT support, proper agreements are in place

As fashion companies become bigger, the management of IT, e-commerce, web and mobile solutions will inevitably become too burdensome to control internally and will eventually have to be outsourced to specialist external companies. This means that the external IT contractor will now have access to company databases, confidential client records and employee data. It is therefore vital that any agreements with the external IT company and web developers contain watertight provisions relating to confidentiality and warranties stating that the IT company is responsible for putting measures in place to reduce the chances of breach (and that they take responsibility for any security breaches).

 

But I don’t store any sensitive data electronically

The obligation to protect data does not just relate to sensitive data. If you employ people and hold information about them on your computer hardware or web servers then you are likely to be a ‘data controller’ for the purposes of the Data Protection Act and you are under a legal obligation to put measures in place to keep that data secure. A security breach may not therefore just damage your reputation but new legislation coming into force in 2015 will see fines for serious data breaches rise from £500,000 to between 2-5% of annual worldwide turnover. For large fashion houses these fines could therefore be in the millions of pounds.

 

The maintenance of cyber-security measures and policies is therefore very important to ensure that sensitive information is kept private. Directors of fashion companies should also be aware of this as they may be personally liable for failing to discharge their duties as directors if such risks are not quantified, assessed and mitigating steps taken accordingly.

 

For more information on Industry  member, Tahir  visit his personal partner page on the Sheridans website. To contact him directly, visit The Industry Directory, email tbasheer@sheridans.co.uk or telephone 020 7079 0103.