If you are operating Internet-connected or otherwise remotely-accessible services or systems, cybersecurity will already be on your risk register. We can help guide you through your legal obligations, and support you in preventing, detecting and responding to cyberattacks.
Many lawyers claim to be "cybersecurity" experts — but how many have substantial real-world experience in this area?
Neil was the primary legal advisor to a major communications company’s technology security team, with experience advising on both strategic and operational risks, from network security planning and deployment and security testing strategies through to advice on dealing with in-progress cyberattacks and engaging with law enforcement.
In addition, Neil has acted as a specialist communications lawyer to a NATO cyberwarfare exercise, and he runs the Cybersecurity for Lawyers" wiki (also as a Tor onion service).
“don’t know how you do it all! Your attention to detail and memory is fantastic.”
Senior manager, tech-focussed healthcare company
"highly trusted ... [Neil] knows more about our organisation than you and I are every likely to"
Managing Counsel, major energy company
We can help you develop appropriate frameworks for preventing and mitigating cyberattacks, to satisfy or exceed your legal obligations, and enable you to demonstrate compliance to regulators.
We'll guide you through preparing incident handling protocols, including procedures for notifying regulators, either where required by law, or else where you consider that it would be useful to do so.
You may, of course, not want to limit your cybersecurity defences simply to the minimum level required by law, and we can help you understand where you go above and beyond, and to document this for future use.
Neil has also been involved in a number of security audits, including ISO 27001 and CAS-T, and has advised on cybersecurity information sharing.
Chances are you'll want to conduct penetration testing of your systems, to see how good your defences really are.
You'll want to engage a reputable testing provider for this, and to ensure that the scope of work is agreed and documented, as well as thinking through various issues in terms of the networks and services which you aim to have tested.
We have experience advising on penetration testing and other network attack tests, combining expert legal advice with a solid understanding of the various technologies involved.
If you are offering penetration services, understanding the legal framework in which you operate is fundamental, to ensure that you protect yourself against claims — or, worse, charges — of computer misuse.
We can help you with a suitable testing agreement, documented scopes of work, and written authorities for the work you are doing, as well as broader issues.
Sharing information about potential threats and learning from the experiences of others can help build your situational awareness, and help you spend your security budget sensibly.
We have experience with information sharing agreements relating to cybersecurity and cyberattacks, with both public and private sector participants.
Whatever you invest in cybersecurity, there is a chance that you are going to have someone attacking your systems or services.
We can help you think through your response mechanisms in advance, to control confusion in the event of an attack, and enable you to focus on dealing with the issues at hand.
Sometimes you'll still want to have someone on hand to advise you on your proposed responses to an attack from a legal perspective, and we have experience advising in war rooms and high-pressure situations on detecting, mitigating and blocking cyberattacks in a manner consistent with obligations within privacy frameworks.
We can also help with liaison with law enforcement, regulators and the media.
Please contact us via email:
Please encrypt it end-to-end, if you can. Here is our PGP/GPG key. You can also find our keys on keys.openpgp.org, and via Web Key Directory.
Drop us an email telling us a bit about you and what help you need. If we're likely to be a good fit for you, we're more than happy to take it from there by audio or video call.
We offer "normal" phone calls, unencrypted SIP, and encrypted audio/video call.
We record calls.
We'll never spam you or sell your information. Ever. More info here.
decoded.legal is: