If you are operating Internet-connected or otherwise remotely-accessible services or systems, cybersecurity will already be on your risk register. We can help guide you through your legal obligations, and support you in preventing, detecting and responding to cyberattacks.
Many lawyers claim to be "cybersecurity" experts — but how many have substantial real-world experience in this area?
Neil was the primary legal advisor to a major communications company’s technology security team, with experience advising on both strategic and operational risks, from network security planning and deployment and security testing strategies through to advice on dealing with in-progress cyberattacks and engaging with law enforcement.
In addition, Neil has acted as a specialist communications lawyer to a NATO cyberwarfare exercise, and he runs the Cybersecurity for Lawyers wiki (also as a Tor onion service).
What our clients say
Senior manager, tech-focussed healthcare company
“don’t know how you do it all! Your attention to detail and memory is fantastic.”
Managing Counsel, major energy company
"highly trusted ... [Neil] knows more about our organisation than you and I are every likely to"
Designing security frameworks
We can help you develop appropriate frameworks for preventing and mitigating cyberattacks, to satisfy or exceed your legal obligations, and enable you to demonstrate compliance to regulators.
We'll guide you through preparing incident handling protocols, including procedures for notifying regulators, either where required by law, or else where you consider that it would be useful to do so.
You may, of course, not want to limit your cybersecurity defences simply to the minimum level required by law, and we can help you understand where you go above and beyond, and to document this for future use.
Neil has also been involved in a number of security audits, including ISO 27001 and CAS-T, and has advised on cybersecurity information sharing.
Pen testing agreements
Chances are you'll want to conduct penetration testing of your systems, to see how good your defences really are.
You'll want to engage a reputable testing provider for this, and to ensure that the scope of work is agreed and documented, as well as thinking through various issues in terms of the networks and services which you aim to have tested.
We have experience advising on penetration testing and other network attack tests, combining expert legal advice with a solid understanding of the various technologies involved.
If you are offering penetration services, understanding the legal framework in which you operate is fundamental, to ensure that you protect yourself against claims — or, worse, charges — of computer misuse.
We can help you with a suitable testing agreement, documented scopes of work, and written authorities for the work you are doing, as well as broader issues.
Situational awareness and information sharing
Sharing information about potential threats and learning from the experiences of others can help build your situational awareness, and help you spend your security budget sensibly.
We have experience with information sharing agreements relating to cybersecurity and cyberattacks, with both public and private sector participants.
Whatever you invest in cybersecurity, there is a chance that you are going to have someone attacking your systems or services.
We can help you think through your response mechanisms in advance, to control confusion in the event of an attack, and enable you to focus on dealing with the issues at hand.
On hand if it happens
Sometimes you'll still want to have someone on hand to advise you on your proposed responses to an attack from a legal perspective, and we have experience advising in war rooms and high-pressure situations on detecting, mitigating and blocking cyberattacks in a manner consistent with obligations within privacy frameworks.
We can also help with liaison with law enforcement, regulators and the media.