You are here: Home / 2019

2019

Standard

GDPR – The Myths and the Mess

When General Data Protection Regulation came into force in May 2018 there was much fuss and panic. The powers that be gave little practical advice. Packs of documents were advertised that were far more than a small business would need. IT people suddenly became experts in legal documents . Then of course there is the old faithful of documents being found on the internet.

The Result

Businesses say they have ‘done’ GDPR when it is generally a total mess. So where did it all go wrong ?

  1. GDPR is a new law . Being new there was little practical advice to go with it . As with any new law it needed explanation from people who understood law.
  2. Few businesses needed lots of documents and if they did they certainly needed someone with the expertise to use them.
  3. GDPR is based on certain principles and to comply you need to understand these as they apply to your business.
  4. GDPR documents also need to apply to your specific business and what you do . They need adapting as needed . It is not a question of putting the words in gaps in preprepared so called documents.
  5. GDPR is not just about documents. Proper compliance needs adjustments to your work practices and procedures. Staff need training. Employment contracts and staff handbooks will probably need amending.

So what is there to do apart from documents?

  1. Look at how your business works and ensure you are complying with the principles of GDPR. Understand what legal basis to process data applies to what you do- many do not.
  2. Adapt and amend your working procedures to ensure compliance
  3. Train your staff in the new procedures
  4. Upgrade your security especially online. Cyber-crime is rapidly increasing so does your chances of a data breach with all the problems that brings (including the GDPR ones)
  5. Register with the ICO if your business fits the criteria for registration.
  6. Make sure you and you staff know what to do if there is a breach or any GDPR issue.
  7. Do not sign any GDPR agreement sent to you by another business without fully understanding what you are committing to especially if they are a big powerful company.
  8. If you send data abroad make sure you have the right checks and documents in place.

So if you need a Review of what you have or to start from scratch please contact us info@barkleylegal.co.uk

Standard

Danger- Passwords-10 Tips

Passwords are supposed to ensure that only the correct person or people can access something. In a business context this is generally for a laptop or mobile phone. However in these days of sophisticated cyber criminals a good old password can offer little or no protection against a determined and skilled hacker. However too many businesses are far too laid back in their approach to this problem and putting their business at risk.

What must you consider :

  1. Avoid predictable Passwords- such a family or pet names and family birthdays . Hackers can see your social media and find out details about you.
  2. Avoid the most common Passwords . It is hard to believe that Password and 123456 are very common after all the warnings. Replacing letters with numbers Passw0rd fools no one.
  3. Change the manufacturers default passwords that devices are issued with before they are used. Someone hacked into those home cameras that tell you if you have a burglar because of a failure to do this.
  4. Use two factor authentication (2FA) for important websites such as banking and email . Monitor even this as the best hackers can get past even these.
  5. Make sure all laptops, MACS and PCs use encryption products that require a password of their own.
  6. When available use fingerprint recognition for a mobile devices.
  7. Use strong passwords . All should be longer than eight characters and include a mix of random , letters , number and symbols.
  8. Never reuse Passwords . Every account should have a unique password. Otherwise if a hacker obtains the password they can access every account you have.
  9. Change your Passwords from time to time. Do not have a quarterly cycle that is easily guessed e.g. change spring234 to summer234.
  10. Consider using a password manager . This will put all the passwords in one place and you have to remember one Master Password. The Master Password has to be very strong .

Make sure your staff are properly trained and appreciate the risks you are taking . If you lose your data it will affect everyone – and not in a good way.

Standard

Your Data-10 Important Tips

  1. Your website is under constant attack both within the UK and all around the world. Some nine out of ten login attempts to eCommerce websites are hacking attempts a speaker said recently.
  2. You must assume you will at some point be hacked however careful you are. Being careful obviously reduces the risk of this happening
  3. When you are hacked you need to have everything in place to get back up and running quickly. ie accessible up to date back ups.
  4. Losing data through hacking is a Data Breach that should be reported to the ICO. Repeated breaches would indicate to them you are not acting properly and lead to trouble.
  5. Businesses are tempted not to report breaches in spite of the legal obligation to do so. Employees are even less likely to report breaches they have caused to their employer.You must impress on Employees the importance of proper reporting or the consequences for your business could be very bad.
  6. Some businesses arrange for employees to change passwords every three months as recommended. However if they change in accordance with a four part connected sequence there is no point. Changing Winter24 to Spring24 and then Summer24 is pointless.
  7. Be careful what information you put on your social media. Serious hackers will look at this for a source of information to break passwords and find memorable information . Examples are your Mother’s maiden name ( see your uncles full names), your date of birth, your favourite football team, your pet’s name. Better to use random letters as passwords.
  8. The most used passwords are still 123456 and password- yes really.
  9. Employees can be the weakest link. Some will learn about security. A minority ,unless you are a dreadful employer, will be malicious and intentionally cause trouble especially if leaving. Make sure former employees are instantly deleted from the systems once they go. We often hear of people logging in months after they leave. The vast majority of employees have no bad intent but just get lazy or make a mistake such as clicking a dodgy link that has bad consequences . Training you employees is therefore key and then monitoring them afterwards so they do not slip into bad habits.
  10. Ensure that staff only have access to what data they need to do their work. In the past often everyone could access everything but the more people see more data the greater the risk of a breach. So work out what individual employees need to see then limit them to that. Most modern programmes enable employees access to be limited in this way.

If you need help with this and need advice and a way forward please contact us.

Standard

The Rise of Artificial Intelligence

Have you noticed how Artificial Intelligence has crept up on us all. If you saw Terminator 2 when it came out it all seemed so unreal and futuristic. Now so many aspects of our lives are governed by A.I.

This weekend the Sunday Times had a story about how you would no longer need to produce your passport at every stage at Heathrow. You would go onto a facial recognition system and then be identified at every stage. In the USA apparently you go onto a central system and pop up whenever you go flying. To think people objected to Identity Cards when they can now follow you without you even being aware of this.

In China the use of facial recognition technology is wisely used to keep trace of their citizens. The ‘Sharp Eyes’ system correlates security cameras in public and private places and a national database of faces. At KFC in Hangzhou customers can buy chicken nuggets by smiling at the camera. Chinese police use face recognition to spot suspects and monitor undesirables.

You will have seen the US TV series where people are identified in a moment by running their photo against a data base. Even in the UK police, especially in London ,are using the technology to scan crowds for people of interest. This use will only increase.

We are increasingly warned that many jobs will be lost and replaced by A.I. in the near future. Unlike the past these will include professional and highly trained jobs such as accountancy and legal positions. It is now standard to use A.I. to assess loan and mortgage applications according to set rules. You can be declined without your application ever seeing a human face.

There is increasing concern about the regulation of A.I. As with anything new it takes time for these things to catch up and there is a distinct lack of rules.

There is a tendency to assume that because A.I. is supposedly a mathematical objective process it is never wrong. Who is monitoring the decisions made? Further the decisions are often so complex that a mere human cannot check the decision one way or another.

Some efforts are being made to establish rules on these issues . Some A.I. procedures are covered by GDPR but there is some way to go.

Standard

Interesting facts you can learn at a Cyber Security Conference

The result of an adventure to Manchester:

  1. There are lots of businesses offering new services and products against problems and issues that most businesses do not realize exist let alone need services against. Cyber-crime is the fastest growing crime of all.
  2. The Police want you to report any cyber-crime to them at Action Fraud, They have been criticized for not doing anything but do need to have evidence and records of what is happening. You can do this online or by telephone.and also sign up for alerts. Contact details
    https://www.actionfraud.police.uk.
  3. If fraud causes you to lose money or there is some other loss it should be reported as a crime to the normal Police channels.
  4. It is highly likely that your user names and passwords are for sale on the Dark Web along with lots of other undesirable things. There are 2.2 billion stolen User names with passwords on there
  5. The volume of malicious attacks on your website from all over the world in any day is unbelievably high which is why you need maximum protection. Some 500,000 new malware appear every day of which 75% are only used once.
  6. You need to keep totally up to date with software updates. There can be a short delay when malware appears and the fix is issued but any damage is minimized. If you fall behind then disaster can strike.
  7. People are still too laid back about passwords. Still popular are the old favorites Password and 123456. Even Donald and Football make the top twenty. Passwords should not relate to any information about a person that can be found on the internet such as on Facebook as hackers know how we think and can work out these things. We are not as clever as we think we are.
  8. Businesses are developing new technology but not ensuring the software keeps up . Some CCTV cameras of the type heavily advertised on TV to protect your home were found to be vulnerable to the code being replaced so your feed could be stolen. You could find your self looking at someone else’s baby or front drive on your phone. You should also check how long support for your device will be available as this can be overlooked and once support ends the device can either cease working or be totally exposed

If you need any help with making your business secure please contact usanne@barkleylegal.co.uk

Standard

Asbestos in Commercial Properties- The Risks

Do you know if there is asbestos in your commercial property.? In the past it was a common building material and only recently have the dangers become apparent. It was only banned from buildings in 2000.

In the 1970s Artexed ceilings were all the rage and seen everywhere. Much Artex contained asbestos .If moved or damaged it is dangerous. It was also often used in the construction of buildings due to its insulation effects.

Many taking on a Commercial Lease are not aware of the risks. If they are responsible for repairs and maintenance they are also responsible for any asbestos on the property.

The Law -Control of Asbestos Regulations 2012

These set out rules on how a commercial property should deal with any asbestos. The penalty for non compliance include a fine of up to £20,000 and up to 12 months in prison. If anyone’s health is affected they could sue for far more than this.

Medical Risk – Inhaling fibres causes asbestosis a serious lung disease and lung cancer

What you should do if you have a property built before 2000

  1. Check if asbestos is present
  2. Work out who is responsible for it -you or the landlord -most probably you.
  3. Have any potential asbestos surveyed by someone suitably qualified
  4. Have any potential asbestos analysed properly
  5. Put together a Plan for management of the asbestos.

Tell People – Most important tell anyone who may be affected . This includes your staff and most importantly any tradesmen who may come along and drill holes or attempt to move asbestos material.

Moving asbestos should always be done by a suitably qualified contractor.

The Potential Cost -All this can get very expensive so check what you are taking on before you sign anything.

Do not be tempted to turn a blind eye to any risks. It is dangerous for you and anyone who comes into the property who you will be liable for.

If you are thinking of taking on a commercial property then speak to us for advice.

Standard

Using your own Laptop, Tablets and Smart Phones at Work

Working out of the Office is becoming more and more common .Employers encourage it as it saves them the expense of providing office space for all its employees.

This can be working on the go, working at home or just working from different locations. Many employees use their own equipment for this.

Third Party Contractors are increasingly used and will need access to all the data to do their work properly.However it brings a whole range of risks. Security and confidentiality are essential.

The Advantages of this Include

  1. Employers are saved the cost of supplying the equipment
  2. Employees can use the machine they want eg. with Windows or a Mac
  3. Employees may be more careful with their own equipment
  4. Flexibility to work on the go

Disadvantages

  1. Security and Confidentiality Risks
  2. Good Policies are needed and compliance enforced
  3. Good management required

Important Steps to Take

1.Ensure good password management with training and enforcement

2. Regularly back up systems

3. User to keep systems up to date as no IT department

4. Agree a list of approved apps and services that can be installed as business data must be protected

5. Arrange for any device to be swiped when an employee leaves the business.

So get organised. Contact ainfo@barkleylegal.co.uk

Standard

Doing Business with Big Names- What you should know

If you had the opportunity to do business with a well known name what would you do? These are businesses with large marketing budgets to develop a Brand where you like and trust them. However if you are entering a Business contract with them how far should you trust them?

Points to remember:

  1. Their image of trust is developed for their Consumers not you
  2. They will know that you are unlikely to pay someone to properly check over any documentation you are sent.
  3. They will have standard contracts drafted by skilled lawyers that are very much biased in their favour.
  4. They are highly unlikely to have any sense of being even handed. This is business and they are much bigger and more successful than you are.

There are obviously exceptions to the above but you would be wise to assume the worst and then be delightfully surprised.

I have seen many contracts from large businesses that are on the edge of being legal. They are often resistant to any amendments because ‘that is their contract’. The last such person I argued with had less knowledge and understanding of their own contract than I did because going through it was not what they did.

What to check for:

1. Who the party to the Contract is. Do not assume anything

2. What are the payment terms ? The time for you to be paid will probably be 60 days . The time for you to pay them will be less . Can your business survive such a long delay for payment ?

3. What are the penalties if you are late paying. Most businesses will charge you interest of 8% above base rate once you are late. Large companies will add compensation and costs which if you are finding it hard to pay the original bill make it all even harder.

4. What are delivery terms? When does risk pass? Make sure it is when you receive the goods not before.

5. What Warranty is given? If you deal with Private Individuals you will have to give a warranty whatever to them so make sure the supplier gives you one. If you sell to other businesses they will not be impressed if you cannot give them some warranty about your product.

6. Be careful about them reserving the right to make changes without notice to their Terms of Business- you may not like them and be stuck with them.

Make sure you have all documentation carefully checked by someone who fully understands what it all means. Do not rush to sign . Get your facts then make a measured decision if the contract is right for you and your business. Do not be dazzled by big names.They have power and will use it.

Barkley Legal are happy to go through any documentation and explain it all to you in straightforward language. Please contact us

Standard

What Happens if you are the victim of Fraud?

The answer is not much except your money is probably gone for good.

1. The Police Response

The Police are short of money. Unfortunately this has meant that as fraud and cyber-crime increase the numbers of specialist cyber-crime investigators are being cut. North Wales and Suffolk police have none but rely on adjoining forces and non specialist officers.

Many bank frauds reported to the police are never seen by a living person. Over 800,000 such frauds were registered over the last three years. However of these over half were solely assessed by the police computer algorithm. The computers look for patterns and if enough people are touched by the same fraud they may be referred to a person for investigation. Otherwise nothing is done unless the fraud is unusually large. Unfortunately even low sums can have life changing effects on the victim.

Some £500 million was lost to fraud in the first six months of 2018. Criminals are becoming increasingly more sophisticated. Of this £145 million was where someone sends money to a criminal believing they are taking instructions from their bank or the police.

2. The Bank Response

Is often not what the victim wants. If the fraud is detected quickly and the recipient bank can freeze the funds the victim should get their money back. However often funds can be moved through ten accounts in ten minutes . The chances of being fast enough to freeze the funds is fairly remote.

A bank that receives the funds will often refuse to speak to the victim if they are not a customer which is not helpful.

The police believe that bank’s should take more care regarding opening accounts . Those used for fraud are often opened with fraudulent papers.

3. Current Frauds

These include emails saying there is a problem with your direct debit for your TV Licence and must pay immediately to them

Another is using parking meters in London to swallow bank cards that can be retrieved and misused by the fraudster.

Have you sat back and counted where you are exposed to hackers and fraudsters? You would be surprised how many they are. Let us guide you through all this.

Standard

Cybercrime

Cyber-crime is on the increase.

The ability to respond is poor. It is something that businesses should take all possible steps to avoid . However the list of large businesses ,with all the resources available to them, that have been hacked just keeps growing. Victims or those who have been careless depending on how you look at it, include such famous names as British Airways, Quora, Vision Direct, Marriott Hotels, Cathay Pacific and the Carphone Warehouse.

In Surveys some two thirds of people will not do business with an organisation after it has suffered a data  breach relating to financial or sensitive information.

 Basic steps any business can take includes :

  1. Train staff about being careful and not falling for phishing.
  2. Have a system to regularly change Passwords.
  3. Help staff use proper Passwords that stand a chance of staying unbreakable.
  4. Keep Software up to date.

In the year to April 2018 some 4 in 10 businesses had been subject to a cyber attack or breach , For larger businesses the figure rose to 72%. Bear in mind that large businesses are deemed more likely to identify a cyber attack than a small business so the figure of those attacked is probably higher. Even two in ten charities were attacked.

The Most Common Cyber Attacks

  1. Fraudulent Emails– these intended to induce the recipient to reveal their Password or financial information or get a dodgy attachment opened
  2. Cyber criminals impersonating an organisation online . This could include your bank or an eCommerce site where you enter all your card details. TV licensing is currently popular.
  3. Malware and viruses

Cyber Security needs to be high priority for senior management due to the potential commercial and reputational damage that a cyber attack could do to a business. Would you continue to do business with an organisation that could hand over your details however unwittingly. Many would not and do not.

GDPR and Cyber-crime

These go together. Under GDPR a business must keep an individual’s personal data safe . It must provide appropriate security including ‘ against unauthorized or unlawful processing and against accidental loss, destruction or damage’

If such Data is lost due to Cyber-crime the Business must prove it had ‘appropriate security’ or it will be fined for  a breach under GDPR. It is accepted that no system is 100% safe and that cyber criminals will always find another way to attack and obtain information. However the business must show it took reasonable steps to provide security otherwise they will be facing a fine in addition to the commercial consequences.

For advice contact us now.anne@barkleylegal.co.uk