Monday, March 17, 2014

Looking for someone in the US

Search over 1 billion US records to find debtors, do due diligence and check backgrounds of new staff!

Posted by at No comments:

22 e-contract legal and security risks

A contract is the defining document for cementing the relationship between the business and customer. Not only does it establish the parties’ intentions and expectations on what goods and services have been offered and accepted, the contract should also set out the road map to resolve difficulties if something were to go wrong, for whatever reason.


It goes without saying that the contract must have integrity and be enforceable, if necessary.


This includes e-contracts.


e contract, electronic contract, e-contract, eradar, e radar, e-radar


E-contracts – contracts signed electronically- still have the same legal requirements (an offer, acceptable, consideration, intention… etc) as their paper cousins; they are simply a little bit more complicated to define because of the use of technology to create and deliver them.


So, if you are considering using e-contracts in your business here’s my top 22 legal and security risks you need to discuss with your board directors, project teams and lawyers.



Unenforceable e-contracts?


  • 1. The time that an e-contract has been formed may be uncertain;

  • 2. The place where an e-contract has been formed may be uncertain;

  • 3. The authority of an individual to enter into a contract on behalf of another person or entity may be uncertain.

  • 4. Electronic communications may not satisfy statutory requirements for certain contracts to be in writing;

  • 5. Electronic communications may not satisfy statutory requirements for certain contracts to be signed.

  • 6. Depending on the terms of a contract, it may be uncertain whether electronic communications are effective to amend the contract.

  • 7. Depending on the terms of a contract, it may be uncertain whether electronic notices are valid.

  • 8. Disruptions to the availability of a project collaboration system may cause interference with the project.

  • 9.Incompatible technology may be used by the various contracting parties.

  • 10. Disputes may arise between the provider of an online collaboration system and the contracting parties in relation to the use of the system.

  • 11. Disputes may arise between the contracting parties regarding the use of the system.

  • 12. Disputes may arise in relation to the ownership of intellectual property associated with the project.

  • 13. The confidentiality of electronic records may be compromised during communication or retention.

  • 14. Electronic records created and maintained by a system may not be admissible in court as evidence in the event of a dispute.

  • 15. Electronic records created and maintained by a system may not be given the same evidential weight as paper records.

  • 16. There may be difficulty proving the time at which an electronic record has been communicated.

  • 17. The identity of the contracting parties may not be able to be authenticated.

  • 18. The process of disclosing relevant documents in the event of a dispute may be unmanageable as a result of multiple communication and record-keeping methods.

  • 19. Parties may be in breach of their duty to preserve evidence if electronic records are not preserved.

  • 20. Parties may be in breach of their statutory obligations to maintain records if electronic records are not archived appropriately.

  • 21. Where a third party service provider is used, the contracting parties may not have access to electronic records after completion of the project.

  • 22. There is a risk that the statutory record-keeping obligations of government agencies may be breached by using an online collaboration system.


Want to find out more?


Subscribe to E RADAR to discover more resources on e-contracts. Or visit our E Adoption Risk Ladder page.



22 e-contract legal and security risks
Posted by at No comments:

Saturday, March 15, 2014

53 Essential IT Security Tips For Your Digital Business

As IT and the Internet matures we are all becoming much wiser about many of the online threats facing us personally and the organisations where we work.


However, cyber criminals are becoming cleverer and more sophisticated too! New threats, different ways of attacking network and information systems, and more sophisticated malware demand that we keep alert at all times.


Ongoing training for all members of staff across the organisation is your first line of defence. You need to keep them informed about the latest threats and what they should and shouldn’t do when working online.


Having policies in place to deal with staff use of business communications and the Internet whilst they are at work is also a priority. Staff policies should be linked to the contract of employment so that you can instigate disciplinary proceedings should a member of staff deliberately abuse the policy.


IT security tips


We’ve listed 53 essential IT security tips for you to consider. We can also provide general training courses in Information Security for staff throughout the year with our network of qualified IT security specialists.


it security


Threat  - virus and other software attacks


  • Tip 1 – Introduce virus-checking software.

  • Tip 2 – Use a properly-configured firewall between your systems and the Internet.

  • Tip 3 – Do not open suspect emails or attachments.

  • Tip 4 – Only enable preview panes once you have removed all suspect emails.

Threat – theft of laptops, personal devices and other hardware


  • Tip 5 – Maintain a list of your equipment (including serial numbers) and check your physical security.

  • Tip 6 – Control access to business premises and computer systems.

  • Tip 7 – Encrypt sensitive data.

  • Tip 8 – Password protect your hard drive and data.

  • Tip 9 – Mark your postcode on all hardware with an ultra-violet pen.

  • Tip 10 – Regularly back-up essential files and store copies in a secure place, away from the premises where the computers are used.

Threat – theft of Intellectual Property / copying of information


  • Tip 11 – Make safe your customer or prospect lists, ideas and designs, and correspondence.

  • Tip 12 – Check who has access to your systems and log usage.

  • Tip 13 – Check physical security of computers and back-up files.

  • Tip 14 – Make sure all your security staff are adequately vetted.

Threat – mishandling of personal information


  • Tip 16 – Ensure you understand the 8 Data Protection Principles.

  • Tip 17 – Don’t allow your computer screens to be viewed from the street.

Threat – financial fraud and theft on-line


  • Tip 18 – Understand the risks associated with different types of ‘card not present’ transactions, including cardholder not receiving goods, or goods sent to another address.

  • Tip 19 – Validate new customers and suppliers using published information from trusted sources.

  • Tip 20 – Obtain an online credit status report and electronic identity check.

  • Tip 21 – Report fraud or attempted fraud to your local Police.

Threat – unauthorised email access/misuse/abuse


  • Tip 22 – Protect email systems against accidental misuse.

  • Tip 23 – Ensure workers know about policies on sending or publishing illegal or offensive materials via email or on a website.

  • Tip 24 – Check that the policies are lawful and enforceable.

  • Tip 25 – Always ‘inform’ users that you may monitor their communications.

Threat – unauthorised Internet browsing


  • Tip 26 – Protect website against accidental misuse.

  • Tip 27 – Ensure workers know about policies on viewing non-work related websites or visiting offensive or illegal websites.

  • Tip 28 – Check that the policies are lawful and enforceable.

  • Tip 29 – Always ‘inform’ users that you may monitor their communications.

Threat – sabotage of data


  • Tip 30 – Protect against unauthorised amendment or deletion of records to disrupt the business or for financial gain.

  • Tip 31 – Ensure that regular back-up copies are securely stored.

  • Tip 32 – Check data regularly for changes in nature or size.

  • Tip 33 – Adopt vetting procedures for workers doing tasks deemed higher risk.

Threat – identity theft


  • Tip 34 – Protect against impersonation and developed identities.

  • Tip 35 – Do not provide personal information without validating the identity of the organisation making the request.

  • Tip 36 – Implement security measures to prevent theft of business records for use in identity theft.

  • Tip 37 – Use identity authentication and credit status checking services.

Threat – spoofing attacks/passing off


  • Tip 38 – Protect against impersonation of the business.

  • Tip 39 – Forward email to sender’s ISP for action and adjust your filters to block unwanted email.

Threat – denial of service attack


  • Tip 40 – Protect against attempts to prevent legitimate users of a service from accessing or using the service, including ‘flooding’ a network with mass e-mail and disrupting connections between machines.

  • Tip 41 – Contact your ISP if you suspect an attack.

Regularly practice restoring files onto your systems


  • Tip 42 – Draw up a set of comprehensive computer/information security policies for yourself and your staff.

  • Tip 43 – Maintain a list of your equipment (including serial numbers) and check your physical security.

  • Tip 44 – Introduce virus-checking software.

  • Tip 45 – Use a properly configured firewall between your systems and the internet.

  • Tip 46 – Do not open suspect emails or attachments.

  • Tip 47 – Only enable preview panes once you have removed all suspected emails.

  • Tip 48 – Control access to business premises and computer systems.

  • Tip 49 – Password protect your hard drive and data.

  • Tip 50 – Mark your postcode on all hardware with an ultra-violet pen.

You’ll notice that some of these tips are repeats. It’s deliberate in order to get you into the regular cycle of IT security management: Plan Do Check Act, Plan Do Check Act, Plan Do…. you know what I’m saying.


And for those of you who were expecting 53 tips instead of just 50… for the time it took you to read to the end of this article 3 more people in the UK became victims of identity theft.


Just goes to show that 3 is a magic number!


Related articles



53 Essential IT Security Tips For Your Digital Business
Posted by at No comments:

Friday, March 14, 2014

European Parliament approves Network Information Security Directive

The European Parliament has approved the Network and Information Security Directive which aims to improve the security of information communications and technology systems across the EU.


According to EU Commissioner Neelie Kroes, MEPs will now work with the EU Council on a final text for the directive, with the aim of reaching agreement by end-2014.


The European Commission published its original proposals for a directive on Network Information Security on 7th February 2013. The Directive intends to boost trust and smooth the functioning of the European internal market. Regulatory obligations would create a level playing field and close existing legislative loopholes.


The Directive promotes robust network and information security for all critical national infrastructure. Its objectives include establishing national authorities to collate and share information regarding threats and attacks; introducing mandatory reporting of significant breaches, which may be made public at the discretion of the national authority; and imposing sanctions for failure to meet required standards.


The Directive has proven controversial. Stakeholders have challenged its scope and overlap with existing regulation, sought greater clarity on which breaches must be reported and resisted the principle of mandatory reporting and the risk of subsequent publicity.


Network Information Security Directive – key proposals


Network Information Security Directive



  • Member States will have to put in place a minimum level of national capabilities by establishing NIS national competent authorities, by setting up well-functioning Computer Emergency Response Teams (CERTs), and by adopting national NIS strategies and national NIS cooperation plans;

  • NIS national competent authorities will have to exchange information and to cooperate so as to counter NIS threats and incidents;

  • operators of critical infrastructure (such as energy, transport, banking, stock exchange, healthcare), key Internet enablers (e-commerce platforms, social networks, etc) and public administrations will be required to assess the risks they face and to adopt appropriate and proportionate measures to ensure NIS. These entities will also be required to report to competent authorities incidents with a significant impact on core services provided.

EU Parliamentary revisions


The European Parliament‘s revisions to the Network Information Security Directive included to:


  • focus the Directive’s scope on infrastructure operators, including certain financial institutions, and removing ‘key internet enablers’ such as social media and e-commerce platforms;

  • propose greater clarity for when a cyber incident would be sufficiently ‘significant’ to trigger an obligation to report it to a designated national authority; and

  • propose some degree of comfort for companies that do report an incident by limiting the circumstances in which they would be subject to a legal penalty.

Following approval of the Network Information Security Directive on 13th March 2014, Commission Kroes said


“Now we must all engage closely with the Member States, make sure that they realise the importance of this issue, and aim for a final agreement by the end of 2014.


But speed should not be at the expense of substance. People need to regain trust in technology, with the legal safeguards that protect their interests.


My ambition is to make Europe the world’s safest online space. I hope that the European Parliament and national Governments share this ambition.”



Further information




European Parliament approves Network Information Security Directive
Posted by at No comments:
Subscribe to: Posts (Atom)