Cybercrime: Is your company legally protected against risks on the internet?

Cyber attacks, data loss, extortion: Hackers like to target small and medium-sized enterprises (SMEs), which tend to have less effective protection against cyber crime than large corporations. Many companies also forget that legal issues and disputes can arise in connection with internet crime. 

As companies, which criminals could we encounter in cyberspace and what is their aim?

Cyber crime ranges from phishing attacks and distributed denial-of-service attacks (DDoS attacks) to online fraud and industrial espionage. Sometimes it can also be about damaging the reputation of an individual or legal entity.

The computers at our start-up have been hacked and we're being blackmailed. What legal steps can I take against the perpetrators?

In this instance you should inform the criminal authorities immediately. They now have specialist units that deal with internet crime. 

Supposing my company has been hacked and confidential data stolen. Even if the perpetrator is caught, doesn't my data stay with third parties for a long time?

Digital data is volatile and can easily be copied. This means you must assume that your data has already been passed on. Good cyber security is therefore a necessity.

What are the penalties for cybercrime compared to other areas? 

The Swiss criminal authorities have specialist services, such as the Cybercrime Agency in Zurich. National and international cooperation works well, but one has to be realistic: Not all perpetrators on the World Wide Web are caught.

I read that cybercriminals are increasingly using social media to target individual employees who have access to confidential data and are hacking their computers. Can I ban my HR staff or CFO from being active on Instagram or Facebook? 

Yes you can. Under the authority to issue instructions, the employer may issue instructions on the use of social media. As a business owner, you can, for example, ban your staff from accessing social networks from their workplace computer. You are also permitted to specify how work equipment should be used. However, if you do not issue any instructions, staff may use their computers to a limited extent to access social media platforms.

I'm a restaurant owner. An employee was personally attacked and insulted on a ratings platform due to supposedly bad service. What legal steps can I take against this to protect my employee?

You should immediately take a screenshot of the entry on the social media platform as evidence. After that you can ask for the counterparty to delete the entry. In any event, you should also report the infringement to the platform so that it can delete the entry and block the perpetrator. In most instances this is the only option for deleting a comment if the author of the insult cannot be found.

You also have the opportunity of reporting the offense, as, according to the Swiss statute book, cyber bullies can be sued for abuse, libel and defamation.

You can find more information about this topic in our "Cyber Bullying" blog article.

What is the difference between cyber insurance for companies and "Privacy and internet legal protection" supplementary insurance?

AXA cyber insurance for companies protects you against the direct losses of a cyber attack and defends against compensation claims from other persons. For instance, if sensitive data has been stolen from your customers and they then decide to make a claim.

The "Privacy and internet legal protection" module in AXA's commercial legal protection insurance covers privacy violations on the internet and offers legal protection in the event of identity or credit card abuse as well as contracts regarding internet access and domains.

I have been asked by the lawyer from another company to change my internet domain: this company's trademark rights would be breached - and I'm supposed to sign a waiver. Do I have to do that? 

Trademark law is highly complex in the domain area and must be considered in detail in individual cases. But as a rule of thumb, the more similar the parties' business areas, the less similar their brand and/or domain names should be in order to avoid the risk of confusion.

Important: You should never sign a waiver without first contacting a legal expert.

An employee has given notice, but stole confidential customer data beforehand. He intends to start his own business with this data and entice customers away. What can I do?

The employee is breaching his duty of loyalty. If the employment relationship has not yet ended, summary dismissal without notice would be a possibility. You could also sue the employee for damages and disclosure of data.

The employee's behavior may also be relevant under criminal law. Possible offenses in this regard are unauthorized procurement of data, unauthorized access to a data processing system and breach of manufacturing or business secrecy. If your employee has committed one of these offenses, you may bring charges against him. 

My company keeps losing its internet connection even though I pay the bills on time. The loss of working hours for my employees costs me several thousand francs every month. What are my rights?

The main issue here is a contractual claim for damages, but the loss must be proven and this is not always easy. A complicating factor is that claims for damages can also be excluded in contracts with internet providers: In this instance, no damages can be enforced, even if you have the relevant proof. This means that a lawyer must decide on a case by case basis whether there is any prospect of proceeding against the internet provider.