How to prevent cyber-crime in the workplace

Every so often, as a result of matters that gain media attention, debate rearises as to whether current legislation, mainly criminal legislation, is sufficient to combat what is known as “cyber-crime”. Cyber-crime is simply a sophisticated, or if I may use the expression, “digitalized” form of the classic offences already envisaged in the Criminal Code (fraud, criminal insults, threats, etc.) using all the tools made available by the information society. The truth is that, at present, the legislation in place is sufficient for this purpose and the problems faced are in actual fact purely procedural rather than deriving from the failure of Criminal Law to deal with the matter.

Although the law does cover the issue, it is true that fraud, insults or threats via the web, unauthorized access or hacking of IT systems or the closure of websites that systematically violate copyright of protected works, are offences that are frequently mentioned in the media. This is due to the social alarm they cause, not just because we are all potential victims but also due to the impunity and anonymity with which the perpetrators of these offences so often operate.

Following the recent reform of the Criminal Code in 2015, the legislature sought to go one step further and has made not just individuals, but also businesses, participants in cyber-crime prevention. The main aim is to establish measures so that managers and employees do not commit cyber-crime-related offences, by taking advantage of the structure and tools available within the company itself. That is, companies do not only have to protect themselves to avoid being hacked – powerful IT systems, control of portable and mobile devices, security on the web, encrypting information, antiviruses,  etc. – but they also have to avoid perpetrating cyber-crime themselves through a failure to put the appropriate measures in place.

Furthermore, the law obliges companies, through the relevant prevention protocols, to refrain from interfering in the free market through conduct such as accessing or damaging the IT systems of competitors. It also prohibits companies outright from using illegal software or software protected by copyright, from unlawfully selling products that are protected by intellectual or industrial property rights, and from laundering money, and it even prohibits access by unauthorized persons to the personal data or private details of employees.

Law and Science need each other and only by total coordination at every level, between individuals and the authorities and businesses too, together with the adequate training of lawyers, the police and judges, can progress be made in the fight against cyber-crime. It is necessary to eradicate the ignorance that often exists about the basic issues, since those that use the web to commit crimes move quicker than the response offered by legislation.

Julián Lozano Carrillo

Garrigues Criminal Law Department