New Leaf Advisory can provide a wide range of operational and legal services to assist organisations of any size. Our team of experts includes technical and regulatory specialists, as well as QCs and barristers who are pivotal in monitoring and signing-off our tailored programmes.
From helping clients to assess their network and data security prior to an incident, to dealing with the aftermath of an attack, our cybersecurity team, in conjunction with our specialist partners, has deep experience in assisting clients with all aspects of addressing cyber risks. Our capabilities include defending against and deterring attacks, responding to incidents, and helping clients to mitigate associated risk and loss. We aim to ensure that our clients manage cybersecurity through a combination of best practice processes and on-going technology review and implementation, alongside continuing training and education. Our own operational efficiencies mean we can deliver legal and regulatory solutions in the most cost-effective manner, helping to optimise clients’ shareholder value.
The details of data protection law are something of a minefield for the non-specialist. This is the case not only under the current Data Protection Act 1998 (DPA) in the UK, but also under the forthcoming, and ground changing, General Data Protection Regulation of the EU (GDPR), which – Brexit notwithstanding – is likely to become law in some form or other in the UK in May, 2018. The penalties for contravening data protection law are becoming more and more severe. The need, therefore, for Board members and senior management to take ownership of ensuring timely compliance, whilst also having a thorough understanding of the challenges and complexity involved in putting robust strategies in place, is paramount.
No organisation can ignore cybersecurity, and all are at risk. The current DPA already mandates adequate information security measures to ensure that personal data is properly secured against unauthorised access and that its integrity and availability is maintained. The GDPR builds on this, and information security forms a considerable proportion of the new legislation.
Some organisations may have additional security controls required by a regulator or other body. Nevertheless, there is a basic minimum cybersecurity environment, which any organisation should maintain.
Personal data should be encrypted – when stored and/or transmitted. You should have the ability to ensure the on-going confidentiality and integrity of systems and services that process personal data. You will always need to ensure adequate business continuity measures, such that you are able to restore availability and access to data in a timely manner in the event of a physical or technical incident.
All of these controls and measures need to be regularly tested for evaluation of their effectiveness. Needless to say, it is vital to get suitable measures in place now, to mitigate a data breach.
The loss or theft of information – whether deliberate or accidental – may expose you to the risk of action by regulators, clients, or other involved parties. When attacks disrupt operations, organisations may fail to meet contractual obligations. At the very least, you are likely to suffer considerable reputational loss and public embarrassment. This in itself can be more damaging than all other losses put together. Where you can demonstrate that appropriate measures are in place, you are far less likely to suffer such incidents.
Advisory & Mandatory Controls
The UK is among many countries whose governments and regulators have introduced schemes – some advisory, some mandatory – to improve the information security environment of both public and private sector businesses, as well as those in the not-for-profit sector. Many organisations implement such controls in a disorganised and fragmented way, rather than considering a fully co-ordinated approach. The latter is not only likely to be less expensive, but also more manageable.
If you have suffered – or even suspect – that a fraud has taken place within your IT systems, it is vital to act properly without delay.
The wrong reaction can immediately ruin chances of detection and, where appropriate, prosecution of the culprit. Conversely, the correct response to an incident of fraud, espionage, sabotage, or information theft is highly likely to minimise losses and lead to the apprehending of the perpetrator.
We have access to highly qualified personnel, experienced in digital examination of IT equipment in such occurrences, as well as in performing forensic reviews of spreadsheets and similar. Our team can also assist, where necessary, in gathering evidence, case preparation and provision of Expert Witnesses, alongside our legal professionals.
Contract Negotiation and Review
It is, of course, common practice for, say, a contract to outsource some process or department, to be handed over to the legal department or preferred external legal advisor
for their once-over. They should certainly be able provide guidance on the ins-and-outs of this or that clause. However, they are probably not conversant with the market value of the contracted services, nor the operational and/or regulatory risks and requirements that should be included.
That’s where our team can bring huge value – we can assist you in negotiating contracts which are not only cost-effective and appropriate for your requirements both now and in the foreseeable future, but also do not tie you in to unfavourable provisions that catch you out after signing.
Where you are engaging the services of a third party, be it for a particular project, or to outsource operations in whole or in part, we can additionally ensure that the proper due diligence covers the provider’s information security environment, as well as their financial status. This is particularly important, and frequently overlooked where mergers and acquisitions are concerned.
New Leaf Advisory has a team that specialises in, and maintains up to date knowledge of, all aspects of financial regulation, compliance, banking and crime. We provide advice on all aspects of the current and forthcoming regulatory and compliance regimes, litigation and arbitration support services and, in conjunction with our team of market experts, we can uniquely provide a turnkey solution that supports the needs of your organisation in these key areas.
Our widely experienced team, including specialist partners, also cover all aspects of cybersecurity, plus fraud in revenue, commercial, financial services, tax (including EU duty fraud), public and charity sectors as well as sanctions, money laundering and corruption (both local and overseas).
With an increasing legislative focus on information security, we can review and advise on your controls – including policies and procedures – for adequacy and effectiveness in this regard. We are familiar with all related legal and regulatory requirements, including those of data protection, payment card security, and so forth.
The level of review will depend on, and be tailored to, your circumstances, and we would assess and advise as appropriate to your situation. Our team of highly accredited technical experts will look at all relevant control areas within your organisation. Together with our legal team we can then advise on what you may need to implement or improve, and provide you with an informed view on both legal and cyber risk to which you may be exposed.
We pride ourselves on taking a holistic view, which encompasses all requirements relevant to our clients (even those they may not have considered), rather than an over-restricted approach to just one particular aspect.
Our advisors and consultants can ensure that you are securely and legally well placed for current and future legislation. We can confirm that your current policies and procedures are adequate, or define improvements where required. This covers everything from your legal basis for processing personal data, to minimising your liability when sharing such data with, or outsourcing to, third parties. We can liaise with the Information Commissioner’s Office, the Financial Conduct Authority, or other regulators on your behalf. For those that operate internationally, our data protection specialists can advise on requirements globally.
New Leaf Advisory will assess the measures you have in place to provide assurance that your security environment is optimal for both your current circumstances and what may be coming down the track!
New Leaf Advisory will welcome your call and offer a free, no obligation, introductory discussion to scope your requirements and provide a tailored programme addressing such.
How Can New Leaf Advisory Help?
At New Leaf Advisory we help our clients navigate through the challenges facing their business. We recognise that different organisations have very different needs in both the quantity and style of requirements. New Leaf Advisory’s tailored Programmes and Solutions can help your organisation achieve a level of flexibility that can be critical in effectively dealing with a range of operational issues, whilst at the same time ensuring best practice methodology.
For further details and a no-obligation consultation, please contact us.