Reading time: 5 minutes

A brick and mortar store protects its premises with a burglar alarm, and you need to do the same for your online business. Therefore, you should know what a business cyber threat is, how you need to protect against them, and how that ties into your legal responsibilities to your customers. Indeed, when you operate online you will receive customers’ sensitive information, such as their credit card details. As such, when you collect this data, you need to implement adequate safeguards to protect it. Therefore, you need to identify what risks you may encounter in your online business. This article will identify potential cyber threats for your business and how you can meet your legal requirements for adequately protecting against them.

Cyber Threats to Your Business

When you operate your business online, this will require large volumes of data transmission and storage. Indeed, whilst this digital access makes business operations easier for you, it also increases the potential for online risk. Cyber threats can take many forms, whether they are deliberate or accidental. For example, potential threats to your business may include:

Cyber Attacks

Where a third party discovers weak points in your security/data systems and exploits them for their own gain. For example, malware or denial of service attacks.

Data Breaches

Where information leaks into an unsecured environment or an unauthorised person gains access to sensitive business data. Indeed, this can induce legal liability if the data leaked includes personal data. Therefore, a data breach can be accidental or deliberate.

Business Email Compromise

When a cyber-attack involves unauthorised access to your business’ email accounts and third parties then pretend to be your business.

Insider Threat

Someone with insider knowledge (such as physical access) of your data systems threatens your business.

The consequences of a successful attack or data breach can be devastating for your business. However, this depends on the nature of the compromised data. In some cases, you can incur legal liability if you do not implement adequate safeguards against such cyber threats, especially when they involve customer data.

Legal Responsibility for Online Security

When you deal with customers’ (and employees’) personal information, the law requires that you have reasonable safeguards in place according to the sensitivity of the data. For example, personal data that your online business collects may include:

  • customers’ names;
  • delivery addresses;
  • location data;
  • cookie data;
  • debit or credit card details; and
  • IP addresses.

For example, any kind of financial data lost to a cyber attack would have disastrous consequences for your customers, such as identity theft. Therefore, when you collect and store such personal data, you need to know about threats to that data and how to protect against those threats.

What qualifies as reasonable security measures will depend on:

  • the sensitivity of the personal data you collect;
  • what you use the data for;
  • what safeguards/software you have available; and
  • the consequences of the personal data not being secure.

If you fail to protect customers’ personal information adequately, they can complain to the Privacy Commission, who will then investigate. Further, if the case is severe enough, they can recommend it to the Human Rights Review Tribunal. Customers can also bring civil proceedings against your business if you do not protect their personal data appropriately.

Data Breaches at Your Business

If you do experience a cyber attack that leads to a data breach, you need to take appropriate steps to mitigate its consequences for you and your customers. Indeed, where such a breach involves personal information and is likely to cause serious harm, the law requires that you report the breach to both the:

  • Privacy Commission; and
  • any affected individual(s).

You will likely need to notify any third party contractors if the breach affects them. Further, this could have contractual consequences as well if the data breach affected any sensitive or confidential information.

This is why it is crucial to identify the indicators of a data breach and what preventative measures you can implement. 

For example, your business’ account access logs may indicate unusual logins from your staff. This could indicate unauthorised access in a data breach, so following up on any suspicious behaviour is important.

Protecting Against Cyber Threats

You cannot completely eliminate the risk of cyber threats to your online business, but you can take steps to lessen that risk. This means:

  • identifying weak points in your security and fixing them;
  • having a cybersecurity policy;
  • training your staff to recognise cyber threats;
  • strengthening passwords and login credentials;
  • limiting access to sensitive data; and
  • implementing appropriate cybersecurity software for your databases.

Key Takeaways

Running an online business is increasingly accessible now, but it has its own risks that you need to know about. If you do not adequately protect against cyber threats, you could face legal penalties as well as reputational loss. Customers trust you when they give you their personal data, so you need to take steps to reduce any risks to that data.

If you would like help or information about your legal liability online, contact LegalVision’s data, privacy, and IT lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

What is a cyber threat?

A cyber threat is anything that threatens your business using online channels or digital data. This can include cyber attacks, scams, or data breaches.

How can I protect my business against cyber threats?

You can protect your business against cyber threats by identifying weak points in your security systems and accounting for them. For example, you should encrypt any important business data, especially when it involves personal information.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

Our Awards
  • 2019 Top 25 Startups - LinkedIn 2019 Top 25 Startups - LinkedIn
  • 2020 Excellence in Technology & Innovation – Finalist – Australasian Law Awards 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice – Winner – Australasian Lawyer 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year - Australasian Law Awards 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards 2020 Law Firm of the Year Finalist - Australasian Law Awards