ARTICLE
18 July 2024

What cyber threats does my online business face?

L
LegalVision

Contributor

LegalVision logo
LegalVision, a commercial law firm founded in 2012, combines legal expertise, technology, and operational skills to revolutionize legal services in Australia, New Zealand, and the UK. Beginning as an online legal documents business, LegalVision transitioned to an incorporated legal practice in 2014, and in 2019 introduced a membership model offering unlimited access to lawyers. Expanding internationally in 2021 and 2022, LegalVision aims to provide cost-effective, quality legal services to businesses globally.
Explore
Potential cyber threats for your business and how you can meet your legal requirements for protecting against them.
New Zealand Privacy
Photo of Georgia MacKay
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

A brick-and-mortar store protects its premises with a burglar alarm, and you need to do the same for your online business. Therefore, you should know what business cyber threats are and how to protect yourself and your customers against them. Customers rely on businesses to store their personal and sensitive data securely against cyber-attacks. Therefore, you need to identify what risks you may encounter in your online business. This article will identify potential cyber threats for your business and how you can meet your legal requirements for adequately protecting against them.

Cyber Threats to Your Business

When you operate your business online, this will require large volumes of data transmission and storage. Indeed, whilst this digital access makes business operations easier for you, it also increases the potential for online risks to eventuate. These risks can expose you and your customers to data breaches. Cyber threats can take many forms, whether they are deliberate or accidental. For example, potential threats to your business may include:

  • Cyber attacks: when a third party discovers weak points in your security and data systems and exploits them for their own gain, such as malware or denial-of-service attacks.
  • Data breaches: where information leaks into an unsecured environment or unauthorised persons gain access to sensitive business data. If the data leaked includes personal or sensitive data, this can induce legal liability.
  • Business email compromises: where a third party has unauthorised access to your business' email accounts and then pretends to be your business.
  • Insider threats: where someone with insider knowledge of your data systems threatens your business.

The consequences of a successful attack or data breach can be devastating for your business. However, this depends on the nature of the compromised data. In some cases, you can incur legal liability if you do not implement adequate safeguards against such cyber threats, especially when they involve customer data.

Common Types of Cyber Attacks

Some of the most common cyber attacks businesses face include phishing scams, ransomware attacks, and distributed denial of service (DDoS) attacks.

Phishing scams involve tricking employees into revealing login credentials or other sensitive information through fraudulent emails or websites. The hackers can use this data to access sensitive information and wreak havoc on your business. Ransomware attacks encrypt a company's data and hold it for a ransom payment. DDoS attacks overwhelm a website or network with traffic, causing it to crash or become unusable.

These types of attacks can cripple business operations and lead to data breaches, financial losses, and reputational damage.

Importance of Cyber Security Training

One of the most effective ways to protect against cyber threats is through regular cyber security training for employees. Many successful attacks exploit human error or lack of awareness about cyber risks. By educating employees on topics like recognising phishing attempts, creating strong passwords, and handling sensitive data securely, businesses can significantly reduce their vulnerability to cyber-attacks. Regular training and testing should be a core part of any comprehensive cybersecurity strategy.

Legal Responsibility for Online Security

When you deal with customers' (and employees') personal information, the law requires that you have reasonable safeguards in place according to the sensitivity of the data. For example, personal data that your online business collects may include:

  • customers' names;
  • delivery addresses;
  • location data;
  • cookie data;
  • debit or credit card details; and
  • IP addresses.

For example, any kind of financial data lost to a cyber attack would have disastrous consequences for your customers, such as identity theft. Therefore, when you collect and store such personal data, you need to know about threats to that data and how to protect against those threats.

What qualifies as reasonable security measures will depend on:

  • the sensitivity of the personal data you collect;
  • what you use the data for;
  • what safeguards/software you have available; and
  • the consequences of the personal data not being secure.

If you fail to protect customers' personal information adequately, they can complain to the Privacy Commission, who will then investigate. Further, if the case is severe enough, they can recommend it to the Human Rights Review Tribunal. Customers can also bring civil proceedings against your business if you do not protect their personal data appropriately.

Data Breaches at Your Business

If you do experience a cyber attack that leads to a data breach, you need to take appropriate steps to mitigate its consequences for you and your customers. Indeed, where such a breach involves personal information and is likely to cause serious harm, the law requires that you report the breach to both the:

  • Privacy Commission; and
  • any affected individual(s).

You will likely need to notify any third-party contractors if the breach affects them. If the data breach affects sensitive or confidential information, this could also have contractual consequences. Therefore, it is crucial to identify the indicators of a data breach and what preventative measures you can implement.

For example, your business' account access logs may indicate unusual logins from your staff. This could indicate unauthorised access in a data breach, so following up on any suspicious behaviour is important.

Protecting Against Cyber Threats

You cannot completely eliminate the risk of cyber threats to your online business, but you can take steps to lessen that risk. This means:

  • identifying weak points in your security and fixing them;
  • having a cybersecurity policy;
  • training your staff to recognise cyber threats;
  • strengthening passwords and login credentials;
  • limiting access to sensitive data; and
  • implementing appropriate cybersecurity software for your databases.

Key Takeaways

Running an online business is increasingly accessible now, but it has its own risks that you need to know about. If you do not adequately protect against cyber threats, you could face legal penalties as well as reputational loss. Customers trust you when they give you their personal data, so you need to take steps to reduce any risks to that data.

If you need more information about your legal liability online, our experienced data and privacy lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Georgia MacKay
Georgia MacKay
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More