Cybersecurity

How we can help you

If you are operating Internet-connected or otherwise remotely-accessible services or systems, cybersecurity will already be on your risk register. We can help guide you through your legal obligations, and support you in preventing, detecting and responding to cyberattacks.

Many lawyers claim to be "cybersecurity" experts — but how many have substantial real-world experience in this area?

Neil was the primary legal advisor to a major communications company’s technology security team, with experience advising on both strategic and operational risks, from network security planning and deployment and security testing strategies through to advice on dealing with in-progress cyberattacks and engaging with law enforcement.

In addition, Neil has acted as a specialist communications lawyer to a NATO cyberwarfare exercise, and he runs the Cybersecurity for Lawyers" wiki (also as a Tor onion service).

What our clients say

“don’t know how you do it all! Your attention to detail and memory is fantastic.”

Senior manager, tech-focussed healthcare company

"highly trusted ... [Neil] knows more about our organisation than you and I are every likely to"

Managing Counsel, major energy company

Designing security frameworks

We can help you develop appropriate frameworks for preventing and mitigating cyberattacks, to satisfy or exceed your legal obligations, and enable you to demonstrate compliance to regulators.

We'll guide you through preparing incident handling protocols, including procedures for notifying regulators, either where required by law, or else where you consider that it would be useful to do so.

You may, of course, not want to limit your cybersecurity defences simply to the minimum level required by law, and we can help you understand where you go above and beyond, and to document this for future use.

Audits

Neil has also been involved in a number of security audits, including ISO 27001 and CAS-T, and has advised on cybersecurity information sharing.

Data processing agreements

Chances are you'll want to conduct penetration testing of your systems, to see how good your defences really are.

You'll want to engage a reputable testing provider for this, and to ensure that the scope of work is agreed and documented, as well as thinking through various issues in terms of the networks and services which you aim to have tested.

We have experience advising on penetration testing and other network attack tests, combining expert legal advice with a solid understanding of the various technologies involved.

If you are offering penetration services, understanding the legal framework in which you operate is fundamental, to ensure that you protect yourself against claims — or, worse, charges — of computer misuse.

We can help you with a suitable testing agreement, documented scopes of work, and written authorities for the work you are doing, as well as broader issues.

Situational awareness and information sharing

Sharing information about potential threats and learning from the experiences of others can help build your situational awareness, and help you spend your security budget sensibly.

We have experience with information sharing agreements relating to cybersecurity and cyberattacks, with both public and private sector participants.

Response preparation

Whatever you invest in cybersecurity, there is a chance that you are going to have someone attacking your systems or services.

We can help you think through your response mechanisms in advance, to control confusion in the event of an attack, and enable you to focus on dealing with the issues at hand.

On hand if it happens

Sometimes you'll still want to have someone on hand to advise you on your proposed responses to an attack from a legal perspective, and we have experience advising in war rooms and high-pressure situations on detecting, mitigating and blocking cyberattacks in a manner consistent with obligations within privacy frameworks.

We can also help with liaison with law enforcement, regulators and the media.

Get in touch

email  Email

Please contact us via email:

contact@decoded.legal

Please encrypt it, if you can. Here is our PGP/GPG key. You can also find our keys on keys.openpgp.org, and via Web Key Directory.

phone Voice & video

Please email and arrange a time to speak.

We offer "normal" phone calls, SIP, and encrypted audio/video calls.

We record calls.

We'll never spam you or sell your information. Ever. More info here.

Authorised Law Firm badge

View our Authorised Law Firm digital badge here. The badge is hosted by a third party (which purports to act as a processor of the Solicitors Regulation Authority), and they automatically load Google Analytics. Only view our badge if you are willing to send your IP address to them, and for them to load Google Analytics on your device. Here is their privacy notice.

Other bits

decoded.legal is:

  • authorised and regulated by the Solicitors Regulation Authority (626329)
  • subject to the SRA's code of conduct
  • a company registered in England and Wales (9856909) with a registered office address of 48A Dene Way, Donnington, Newbury, Berkshire, RG14 2JW
  • registered as a data controller with the Information Commissioner's Office (ZA152364)
  • registered for VAT in England and Wales (229 6427 86)