It’s no secret that digitalisation in the world of work, especially within businesses, has increased operational efficiency. Remote working, swift email responses with the use of a phone or access to a database on a laptop are all contributing factors that, in one way or another, have shaped the operating system of companies and their employees. Nonetheless, despite the benefits of the digital world, digitalisation poses numerous risks and liabilities – as most are well aware of. Data hacking and cybercrime are a reality in the modern world, especially since the onset of the pandemic, and if not properly catered for, can negatively impact a business, including breaking clients’ trust.

WhosWho.mt spoke to Ian Gauci, Managing Partner of GTG Advocates. Dr Gauci oversees the business development of the firm, as well as the Technology, Media and Telecommunications practice, Legal Futures, Innovation and Legaltech sectors. Dr Gauci explains that businesses, regardless of size, must invest in the protection and preservation of data - whether its client data or sensitive commercial data - as well as preparing itself against potential cyberattacks in the future.

“When a person intends on starting a business, the first step would be to draft a business plan. In this case, the person should also draft another plan to ensure that in the future, all data, network systems and technological apparatus being used is safeguarded,” Dr Gauci remarks. This includes, anticipating all the means of communication and data storage in use, such as databases and network devices, among others.

He asserts that a company has an obligation to analyse its risks, whether this comes from a targeted cyber-attack, physical access to mobile devices, or employees’ lack of awareness. Expanding further on the employees’ responsibilities, Dr Gauci states that companies need to provide basic training to their workers. “Although not everything falls under the scope of their responsibilities, such as GDPR in some instances, it is still important for employees to have knowledge on these factors to always be prepared for the unthinkable.”

In addition, he notes that other foreign competent authorities already provide certification with regards to cybersecurity for small business. Nowadays, he explains, the laws being drafted within the financial services and cyber security domain ensure that companies have proper certification and accountability. “Now, this, is becoming more embedded in corporate governance and moreover entrenched in obligation and liability.”

In Dr Gauci’s view, it is unacceptable for a business owner to react and institute protective measures against data breaches and cyberattacks, when hit. “One might say that they were not aware of certain systems or practices. That is not acceptable, every business has a responsibility and obligation in protecting themselves, in the most transparent way possible.” He further adds that, on a positive note, when a business provides this level of security, it inherently gains an advantage over market competitors “as clients and employees recognise that the business is preserving its value and are distinguishing itself apart by mitigating risk.”

Asked what other measures need to be taken to ensure security, Dr Gauci highlights the need for a contingency plan at all times. “In the legal fora we use the Roman concept of ‘bonus pater familias’. Although historically it is centred towards the male figure, if interpreted in this context it refers to a reasonable and transparent approach being taken by the ‘head’ of the family. In this case, it refers to those who are heading a business.”

He also adds that even if an employee simply loses access to an email or a laptop, there needs to be a plan or a backup to ensure a seamless return to normalcy. “If one invested to gain profit, the same interest and effort needs to be taken to ensure security,” Dr Gauci stated.