- Vacancies New
- Covid-19 Guidance New
- Editor's Preface
- League Tables New
- Ukrainian Legal Market
Practice Areas and Industries Review
- Alternative Dispute Resolution
- Asset Recovery
- Banking & Finance
- Banking Disputes
- Banking Resolution
- Business Crime
- Business Process Solutions
- Business Relocation
- Cannabis Law
- Capital Markets
- Commodities Arbitration
- Competition Investigations
- Construction & Development
- Corporate Governance
- Corporate Security
- Counterfeiting and Piracy
- Criminal Process
- Cross-Border Insolvency
- Customs Law
- EMI (Electronic Money Institution)
- Enforcement of Foreign Proceedings
- Financial Services
- Free Trade Agreements
- Human Rights
- Industrial Parks
- Insolvency Disputes
- International Arbitration
- International Finance
- International Tax
- Islamic Finance
- IT Law
- Labor & Employment
- Maritime & Shipping
- Medicine & Healthcare
- Mergers & Acquisitions
- Natural Resources
- Personal Income Tax Compliance
- Ports & Marine Terminals
- Private Clients
- Procedural Actions
- Property Rights
- Public-Private Partnerships
- Real Estate
- Renewable Energy
- Role of Experts in International Arbitration
- State Aid
- Tax Controversy
- Trade Defense Remedies
- Unfair Competition
- Virtual Assets
Who Is Who Rankings
- Antitrust and Competition
- Banking & Finance, Capital Markets, Fintech
- Corporate and M&A
- Criminal Law/ White-Collar Crime
- Energy & Natural Resources
- Information Technologies, Telecommunications & Media
- Intellectual Property
- International Arbitration
- International Trade: Trade Remedies and WTO, Commodities, Commercial Contracts
- Labor & Employment
- Pharmaceuticals & Healthcare
- Private Clients: Wealth Management, Family Law
- Real Estate, Construction, Land
- Tax and Transfer Pricing
- Transport: Aviation, Maritime & Shipping
- Law Firms Profiles
- Lawyers Profiles
Counsel, Attorney, ADER HABER
Key specialization: white-collar crime, criminal law, business defense
How to Protect Business in 2021
Business security now has much broader meaning than just legal support. Modern threats and risks are increasing every day, and the main task is to be able to manage them effectively.
According to a report from the World Economic Forum, cyberattacks, as well as fraud and data theft, will be one of the main risks of the future.
One of the main products, at the present moment, is the audit of existing business processes for criminal and legal risks. Timely adjustment of processes enables avoidance of seizure of accounts, summoning for interrogation and subsequent criminal prosecution.
We highlight five main areas of security that can raise the level of protection of your business.
As a first step we suggest the conducting of an internal security audit and answers to the following questions: (1) who has access to data? (2) who and how does he/she work with data? (3) where is the most important/confidential data requiring a special approach stored and how can the necessary minimum necessary to it (e.g. where is the server, in whose name is it registered) be provided? (4) Who should have access to data? (5) What are the risks associated with redundant access?
It is natural for employees to leave important documents in front of everybody, on desktops, in a printer, etc. In order to discipline employees that this is unacceptable, we recommend the holding of surprise inspections of workplaces every third month, collection of all documents that are visible and then work on mistakes with explanations of what negative consequences this could cause.
A company’s information is often its main asset and many companies find it difficult to bring an employee to accountability who sells databases or shares commercial information with competitors.
If you know that employees are abusing their position and passing on information valuable to the company, we recommend you consider the following options: (1) a polygraph test (2) a fine (3) a reprimand or dismissal (4) criminal prosecution.
If the first three options are covered by an in-house lawyer, who should make sure that all these provisions are specified in the relevant employment contract, and the company’s security service, the last option in respect of criminal liability is a bit broader and more complicated.
There is responsibility for disclosure of commercial and banking secrets in Ukraine. And, one would think, if there is a regulation, then there is an opportunity to bring a culprit to liability, but it seems everything is not that simple.
To make it possible to bring an employee to criminal liability, it is required that you: (1) establish what is to be marked as commercial information (2) specify in official instructions that the employee has access to it due to his/her official duties and that disclosure, the passing of such information in any form, is prohibited without the owner’s consent. And in the process of providing proof, showing damage caused to the company and the fact of sale or transfer of such information is important.
Information protection methods: (1) cloud storage, (2) secure Internet and network connections, (3) data encryption, (4) restrictions of entry points for IP addresses, (5) separation in storing corporate and personal information on the mobile devices of employees, (6) implementation of software solutions ensuring information security like “DLP”, use of facilities ensuring information integrity (7) staff inspections.
An HR specialist is not only a human resources office at the company. Unfortunately, a formal approach to HR exists in most companies. A HR specialist is definitely undervalued, but it is also worth noting that many of them do not possess the relevant expertise.
To enable a HR specialist to work at full capacity, it is required that his/her work be organized correctly at the beginning and determine what functions he/she will have and whom he/she will report to.
Let’s talk about his/her functions. The recruitment of employees is one of the main ones. In Europe, many companies use interactive tests for stress tolerance, the risk of theft and the tendency of a future employee to lie.
If the company has a security service, a HR specialist should definitely work together with them. It is sometimes worth using a polygraph test during the application stage for a job, though everything depends on what information and responsibility you plan to delegate to a new employee.
Team control is also an important function of a HR specialist. If the company has both managers and junior employees, a HR specialist should arrange regular meetings or tests to identify the mental condition of an employee. This is because many employees can become toxic and not only destroy a company from the inside, but also harm customers on the external market and pass commercial information to competitors.
A HR specialist should help with financial investigations in the company that require cooperation with the security service, have expertise in psychology and know as much as possible about all employees.
Now let’s move on to the second important component, whom a HR specialist should report to. The HR specialist should report directly to the business owner, as he should have authority, independence, respect and quite wide-ranging powers. Also, one should not forget that directors are usually hired employees. It is always important to set clear objectives to HR, to define their functions, and the best way to find them is to look among psychologists.
Methods of HR’s effective work: (1) training workshops for employees (2) regular meetings with employees, preparation of mental condition assessment within the team (3) polygraph tests (if necessary) (4) system of mutual coordination with the security service (5) development of recruitment policy.
Why does a company need physical security? In Ukraine, one in every three companies is involved in criminal proceedings. This means that your business could potentially be faced with searches and unexpected visits from law-enforcement agencies or unauthorized attacks by third parties.
First of all, you have to determine what type of property you have and what should be noted.
You should pay attention to who signs the documents with the owner of the building and where these documents are stored. In the event of an illegal takeover, due to the lack of control over these matters, documents may be re-signed by the dishonest “new owners” and your access may be restricted. Therefore, we recommend you to be always in touch with the building’s owner and to have additional methods of identification and protection.
The documents should be stored in a place that is known to a few people, it is also important to appoint a dedicated person in the lease agreement who will be authorized to sign any documents in respect of the lease agreement or have the power to terminate the agreement.
Security control. You need to establish a communication and control system in respect of security operation.
As to control over video recordings, we recommend that you agree initially with the owners that you have the right to access the recordings of surveillance cameras situated on your floor.
Your Own Office
You need to have the both originals and copies of title documents.
Install video surveillance around the office’s perimeter, including the street.
Install durable doors with multiple levels of protection.
It is also important to install outdoor lighting that will help you to react to possible threats as quickly as possible.
Choosing an Access Control System
You can use one of three types of access: passwords, smart cards, fingerprints, retina scanning, hand geometry, signature, etc.
Ways of ensuring the company’s physical protection: (1) surveillance cameras. It is very important that such cameras are difficult to access for turning off and that there is a backup server for storing video content (2) pass entry system (PIN-code system), if your office is located in a business center we recommend that you not give out guest passes but that you pick up a guest yourself and accompany him/her to the office (3) double or triple exterior doors (if construction permits this) (4) security service availability (5) lightning.
What does legal security consist of? When should we involve an external counsel, and when will an in-house be enough?
The majority of issues should be addressed by an in-house counsel. It is cheaper, easier to manage and more sufficient. However, in our opinion, you should always have external counsels on the safe side and sign contracts with them.
An in-house counsel should have expertise in (1) contract work (2) dispute resolution (3) development and implementation of human resources documents (4) experience of negotiating.
However, every company has a moment when it faces some secondary issues. For example, commencement of criminal proceedings, summons for interrogations, seizures of documents, etc.
Methods of legal protection: (1) due diligence at least once a year (2) audit of business processes for criminal and legal risks (3) setting up a budget needed for legal fees (4) selection of an external counsel on narrow-profile issues, signing of an agreement with them (5) a verification system for contractors.
It is impossible to cover everything about economic security in this article. However, I would like to focus your attention on a few issues.
A good accountant. This is probably the second most important person in the company following the director, and maybe even higher. You need to trust, but verify him/her, conduct an internal audit every six months or once a year. This will discipline the accountant and give you the true picture. If you announce these rules as common corporate rules, he/she will consider them as a working rule, but not as a lack of confidence in their person.
Proper communication with banks. Good communication with bank managers will enable you to solve problems that arise in the course of work much more promptly and to prevent the loss of money in the event of pressure from regulatory and law-enforcement agencies. Do not neglect their birthdays and other holidays, when you can reintroduce yourself and please an employee responsible for the financial health of the company, and there will be a pleasant bonus if the company’s owner visits the bank’s management with his or her personal congratulations.
Management of accounts payable; you should have a system in place for monitoring existing debts and a responsible person who will provide a statement of affairs, preferably once a month.
The Conducting of Two Types of Audit is Recommended
(1) Financial crime due diligence is carrying out a preliminary check of all contractors. Your impeccable business may, via a chain of financial and economic activities, face problems of a criminal nature. They can take the form of seizure of funds, or the summoning of your employees for questioning.
Conducting “Financial crime due diligence” will help you to understand whether or not it is worth working with new contractors, even if this contractor has been recommended to you, and whether the risks stated by law-enforcement agencies are real.
(2) Audit of business processes for criminal and legal risks. Many business processes can include hidden risks that can cause further criminal prosecution or attachment over a company’s accounts or property. Therefore, we recommend that you adjust your processes in a timely manner and minimize the risks borne for your company.
To sum up, please note that only the complex nature of the protection tools mentioned above will guarantee peace of mind for a business owner. One should remember that there are some more important components.
In addition, since the majority of them are expensive, their implementation should also be financially grounded, because each business risk also has its own price.