fashion Insiders logo
Close this search box.

How to Ensure Your Business is Cyber-Secure

Technology is fantastic, but there are steps you should take to ensure your data is kept cyber-secure.

As a fashion business owner, there are more than just deals and a workspace to secure at the end of your working day. You also need to make sure that you are cyber-secure. Tahir Basheer of Sheridans law firm shares his advice on how to do so.

The issue of cyber-security is always a hot topic, especially after last year’s well-documented case of online thieves stealing personal data from iCloud accounts. Celebrities reportedly targeted included Jennifer Lawrence, Kate Upton, Ariana Grande, and Rihanna.

There are a number of legal issues involved with this kind of incident, including data protection, breach of privacy and theft. Securely storing sensitive information is really important: this applies to commercially sensitive information (such as designs and prints) and personally sensitive information (such as private photographs).

Here are some useful tips to ensure that information that you have electronically stored is sufficiently protected.

Be aware of the risks of using cloud storage

Consumers, whether they are celebrities or just ordinary people, are very vulnerable when mobile cloud services are offered by providers on a default basis, primarily because users have very little understanding of the risks associated with the systems.

If you have sensitive information stored on your mobile, laptop, or tablet, it may be worth ensuring that any default cloud backup settings are switched off and that the information is backed up elsewhere, such as on an external hard drive.

Related reading: These tools will give a non-tech you, some rest.

Social media is never private

It goes without saying that sensitive information should never be posted on social media. This is particularly important for fashion designers both in terms of confidential agreements, clients or projects or when trying to protect unregistered intellectual property rights which the designer intends to register or which have a short time limit of protection starting from when they are made public.

The time limit for a design to be protected by unregistered community design rights is three years from the date on which the design was first “made available to the public,” and social media is very public.

Ensure that when outsourcing IT support, proper agreements are in place

As fashion companies become bigger, the management of IT, e-commerce, web and mobile solutions will inevitably become too burdensome to control internally and will eventually have to be outsourced to specialist external companies.

This means that the external IT contractor will now have access to company databases, confidential client records and employee data. It is therefore vital that any agreements with the external IT company and web developers contain watertight provisions relating to confidentiality and warranties stating that the IT company is responsible for putting measures in place to reduce the chances of the breach (and that they take responsibility for any security breaches).

But I don’t store any sensitive data electronically

The obligation to protect data does not just relate to sensitive data. If you employ people and hold information about them on your computer hardware or web servers then you are likely to be a ‘data controller’ for the purposes of the Data Protection Act, and you are under a legal obligation to put measures in place to keep that data secure.

A security breach may not therefore just damage your reputation but new legislation coming into force in 2015 will see fines for serious data breaches rise from £500,000 to between 2-5% of annual worldwide turnover. For large fashion houses, these fines could, therefore, be in the millions of pounds.

The maintenance of cyber-security measures and policies is therefore very important to ensure that sensitive information is kept private. Directors of fashion companies should also be aware of this, as they may be personally liable for failing to discharge their duties as directors if such risks are not quantified, assessed and mitigating steps taken accordingly.


Do you have any other great tips to ensure that sensitive data is kept cyber-secure? Let us know in the comments below.