Articles Posted in Cybersecurity

Published on: | by

In the past, to start a business you had to find a location, rent space, and open your doors to the public. Today, many entrepreneurs can do it all online by advertising, communicating with customers, and managing transactions using the web. Many entrepreneurs are interested in starting a new business with a strong online presence. There are several steps that one must take to start a business, plus additional considerations to comply with online business laws. Are you ready to create an online business? Are you unsure which laws you need to be aware of for your e-commerce website?  If so, then you need to know the process to start a business and the additional issues that apply to e-commerce.

How Do I Start An Online Business?

The Small Business Administration recommends a ten-step process to start a new business.  First, write a business plan.  This is your general outline as to the identity of your new company and the structure you are going to build to execute your plan.  Second, get the proper assistance and training. No one knows everything and connecting with mentors and experts can help you get off on the right foot.  Third, choose your location. If your company is 100% online, you still need to determine the types of customers you plan on attracting and to what areas you plan on making deliveries.  Fourth, finance your business. Whether you choose traditional financing from a commercial bank or more creative methods (e.g., crowdfunding), make sure to do your research and figure out what works for your company.  Fifth, determine the legal structure of your business. There are many types of entities you can create (e.g., LLC or Corporation). Each entity creates different levels of liability and tax obligations.  Sixth, register your business name with the proper state agency (e.g., Secretary of State).  Seventh, get a tax identification number (a/k/a EIN) by registering with the Internal Revenue Service.  Eighth, register with state and local tax agencies (e.g., Franchise Tax Board, a/k/a FTB). In general, each state has its own tax laws, so make sure you know the obligations within your state.  Ninth, obtain business licenses and permits.  You should keep in mind that state and federal agencies may require different licenses and permits. Finally, you may need to hire employees or independent contractors.

Continue Reading ›

Published on: | by

Today, most companies are dependent on technology and their computer systems, and there are entities whose primary focus is to hack into these systems. On the other hand, a company might experience an internal breach of its network system, which causes the unauthorized release of sensitive information. Any breach into or out of these systems could be catastrophic. The computer network for a company may contain important data, intellectual property, and consumer information. All industries are susceptible to a data breach. To help protect against these risks, companies must insure themselves with the correct policy. Traditional insurance policies may not be enough to cover all the risks. In recent years, insurance companies have begun to issue specific cybersecurity policies. What kinds of claims are covered under these cybersecurity insurance policies? How can an insurance company ensure that it is mitigating its own risks in underwriting a cyber policy? If you are concerned with these questions, then the effectiveness and scope of these cybersecurity policies is relevant to your company.

What Is Cybersecurity Insurance?

Cybersecurity insurance is an insurance policy that helps mitigate the risks posed by incidents such as “data breaches, business interruptions, and network damages.” The market for this kind of policy is still in development, and insurance companies and consumers are unsure how far reaching the policy protections are. Department of Homeland Security has stated that a more developed cybersecurity insurance market would lead to fewer successful cyber attacks—i.e., by implementing preventive measures in conjunction with policies and lowering premium prices based on the level self-protection. There are steps that companies and individuals can take to reduce their risk level to a cyber attack, and these steps may actually help prevent attacks. Preventive measures can at least lower the risk an insurance company must take in underwriting a cyber policy.

Continue Reading ›

Published on: | by

The smartphone has brought a world of possibility to the average consumer’s fingertips. Now, this has come to include mobile banking. With fast-paced lifestyles and long lines at the banks, mobile banking has emerged as a thrilling convenience. However, this convenience brings cybersecurity concerns. Therefore, consumers who have turned to mobile banking for their financial needs must protect their financial privacy from cybersecurity breaches.

What Is Mobile Banking?

Mobile banking allows customers to access their financial institutions and conduct transactions through their mobile devices. Initially, this began with SMS Banking, which allowed customers to conduct various financial transactions by sending and accepting SMS messages or “texts.” In its most basic form, mobile banking allows customers to access their bank accounts and check on financial transactions. However, as the systems have progressed, customers can now make bill payments, transfer funds, and monitor deposits. Indeed, customers can now manage their investment portfolios and rearrange their investments through a smartphone or tablet. This has certainly increased everyday conveniences. However, it has also contributed to the speed with which finances can shift. Although, customers can review and monitor their accounts faster and more regularly, this also means greater security threats for the underlying financial information. This expansive access may lead to greater unauthorized breaches.

Continue Reading ›

Published on: | by

In the aftermath of high profile cybersecurity breaches, businesses and consumers are alert to the real dangers of cyber vulnerability. In response, various government agencies have taken up efforts to protect against future breaches. Thus, consumers and businesses must continue to take steps to protect themselves and their private information. Accordingly, the office of California’s Attorney General has issued Cybersecurity Guidelines aimed at reducing the threat of electronic security leaks. Furthermore, these guidelines set the standard that businesses must meet to protect customer privacy.

What Are Attorney General’s Cybersecurity Guidelines?

The Attorney General outlined the basics steps to “minimize cyber vulnerability.”  First, anyone could be a target. Therefore, assume cybersecurity could affect you and take preemptive steps to protect your network.  Also, it is important to know where you store your data. The guidelines are directed towards small to medium-sized firms.  So, they focus on the importance for businesses to know which third parties hold company information. It is important to be familiar with these third-party security measures. If a data storage company is not taking proper steps to protect cybersecurity, it may be time to seek different storage options or take steps to counter the vulnerabilities. Alternatively, if your business stores information on the cloud, make sure to back up information, and store data only with secure entities. The overall point is that in the event of a breach, the level of preparedness will limit the consequences.  Next, encrypt your data as an added measure of security. It is also helpful to include firewall and antivirus protection on all devices.  Additionally, make sure to conduct banking and other financial transactions with reliable vendors.  Especially when dealing with third party financial information, the safety and security of those transactions are vital to ongoing business.  Finally, it is important to note that these guidelines are the minimum requirements. It is not a comprehensive list and companies must take care to implement personalized measures based on their cybersecurity needs.

Continue Reading ›

Published on: | by

The expansion of cyber consumerism—buying and selling products over the Internet, or engaging in business over the Internet—has called into the question whether international laws are equipped to protect consumers in their online transactions. Indeed, online business often takes place over several countries, implicating the legal standards in those countries. When such transactions involve a party that is more experienced than the other, there is the potential that the experienced party will take advantage of the disparity for financial gain. Accordingly, countries around the world have enacted and adopted legislation to combat the threat of unfair business practices. These provisions aim to protect online transactions to promote successful international business.

What Are Unfair Trading Practices?

Unfair trading practices include fraud, misrepresentations, and unconscionable business acts. Fraud is the act of providing false information in a transaction for personal financial gain at the expense of the other party. Misrepresentation involves providing misleading information about any part of a transaction—for example, the quality of the product in question. Finally, unconscionable acts deal with contract terms or negotiations that are overwhelmingly one-sided. These favor the party with greater bargaining power or business experience. The threat of these practices may arise in all sorts of business contexts—for example, insurance contracts, commercial and residential lease provisions, debt collection efforts, and general purchases.

Continue Reading ›

Published on: | by

Employees, in the course of their employment, will often have broad access to company files.  If employees are terminated or seek other employment, such access can become problematic.  Indeed, companies store sensitive and commercially valuable information on their servers. Employee misuse of these files can substantially weaken a company’s economic viability and threaten its progress.  In a recent court decision, the United States District Court for the Northern District of California held that a former employee who accessed an employer’s servers using his login information was not liable for unlawful hacking. The court explained that the employee had not violated the Computer Fraud and Abuse Act (“CFAA”) or the California Comprehensive Computer Data Access and Fraud Act (“CDAFA”).

What is the holding in Enki Corporation v. Freedman?

According to the record, Enki Corporation had entered into a contract with Zuora to provide certain consulting and information technology services. As part of these services, Enki installed a computer resource and performance monitor on Zuora’s network. Additionally, Enki contracted with Keith Freedman, a former employee, to provide consulting services for Zuora. Enki subsequently terminated its contract with Freedman when it discovered that Freedman was speaking negatively about Enki’s services. Freedman had also accessed the monitor Enki installed on Zuora’s network using his employee login to download Enki’s proprietary information (e.g., private company files and data) from the servers. The court held that this did not violate the CFAA because Enki had failed to show that Freedman accessed the computer system without authorization. Since the CFAA is aimed at regulated access to protected data, not the misuse of such data, where employers lawfully access servers, there is no CFAA violation. As for the CDAFA claims, the court also did not find a violation because Freedman did not have to “hack” into the system because he did not have to override a computer code. He simply logged in using his employee login information.

Continue Reading ›

Published on: | by

In recent years, there has been an increase in cyber-attacks directed towards usernames and passwords for online banking accounts.  Through these attacks, outside parties have been able to misuse banking information for fraudulent wire transfers.  Hackers have starting using foreign accounts because it is more difficult to recover funds when dealing with some foreign banks.  Online banking fraud has led to over $40 million in stolen funds from small and mid-size companies.  Recently, the nature of these attacks have become more complex as regulatory agencies, e.g., FDIC, and enforcing agencies, e.g., FBI, scramble to keep up with changing technologies.

How Have Online Cyber-Attacks Changed In Recent Years?

In recent years, online banking fraud has become dramatically more sophisticated.  Now, hackers have the capacity to infect not only small, local sites, but also high-volume webpages all across web.  These hackers infect popular websites with Trojan viruses, which latch onto users’ computers when they visit the website.  The virus then directs to online banking information, such as account numbers and login information, allowing the hackers to access these accounts and conduct fraudulent transactions.  The virus may even have the capacity to record and hold this information itself.  To carry through the cyber-attack, criminals only need to setup funds transfers without the respective bank noticing.  Banks learned to watch for transfer activity from unknown computers, so now hackers steal victims’ IP addresses to avoid detection.  With this information, the transfer looks like a typical transaction from the user’s computer.  The hackers may obtain the ability to take control of a computer and use it to conduct fraudulent transfers.

Continue Reading ›

Published on: | by

In general, both copyright and patent laws provide different levels of protection for computer software. Additionally, depending on the aspects of software that an owner wants to protect, these two areas of law will apply differently. Furthermore, securing a patent is a more rigorous process. However, a patent does provide a greater degree of protection. On the other hand, obtaining a copyright is less difficult, but it also provides a thinner veil of protection.

What Protection Does Copyright Law Provide For Computer Software?

The Copyright Act of 1976 is codified under 17 U.S.C. sections 101 et seq. Traditionally, copyright has been the common form of protection for computer software. However, copyrights only protect the expression of a work, and not its underlying idea. Copyrights have been instrumental in preventing software piracy and infringement of related works. The protection applies to software because the underlying computer code is similar to the types of writings the law protects. So, copyright holders can protect their software much like other literary works (e.g., books, scripts). Copyright protection essentially provides broad protections for software. It grants the typical copyright authority depending on the nature of the software. The courts have grouped software with other literary works and provided copyright protection accordingly. There also exist inconsistencies in court decisions applying the Copyright Act to software. This difficulty arises because the legal community often lacks the technical expertise necessary to properly classify software. For instance, where a judge cannot understand the program’s code, he or she cannot determine whether another infringing program’s code is substantially similar. It is necessary to establish substantial similarity to find copyright infringement. Therefore, the lack in technical background has led to unclear definitions as to what constitutes software copyright infringement.

Continue Reading ›

Published on: | by

In 2013, Edward Snowden, a former CIA employee, and National Security Agency (“NSA”) contractor, leaked top secret documents to the public. These documents detailed the NSA’s controversial electronic surveillance practices and procedures, sparking a debate about wiretapping and privacy laws. Snowden revealed that the government employed questionable electronic surveillance programs. The controversy circles around the potential privacy violations surrounding government agency practices to monitor communications. Since then, the Obama Administration has been under pressure to address individual privacy concerns. Last month, President Obama addressed the nation and introduced proposed changes to current electronic surveillance practices.

What Are the Current Wiretapping Laws, Before President Obama’s Proposed Amendments?

Wiretapping has been possible since the invention of the telephone. The procedure gets its name from earlier methods, which required officials to physically place electrical taps on telephone lines. Wiretapping is a constitutional and legal practice. In most cases, officials must secure a warrant from a judge beforehand. However, federal intelligence agencies can apply to the Foreign Intelligence Surveillance Court (“FISA”), under secret proceedings, for court approval. In some circumstances, these agencies can proceed with approval from the United States Attorney General, without court approval. In the event that the agency does need to secure a warrant before wiretapping, courts typically apply a very strict standard of review before granting approval. For instance, the judge will look to ensure there are no other less intrusive methods to gather information. In general, the courts look at wiretapping as a last resort. Alternatively, if a party who is participating in a call, records the call and produces it to a government agency, the agency does not need prior court approval. The agency is then at liberty to use the contents of the recorded phone call for its purposes.

Continue Reading ›

Published on: | by

In recent years, online transactions, such as activities on social media networks, have exposed personal privacy to greater risks. With so much personal information available over the Internet, it is increasingly important to be aware of the applicable laws, so that your privacy is better enforced and protected. The risks can include identity theft, and data, medical, financial, or workplace breaches.

In the United States, there are overarching federal privacy laws that apply to the states. Also, each state has its own privacy laws. In general, the states can provide greater privacy protection than federal laws, but they cannot provide less protection. Privacy right violations can lead to both civil and criminal penalties, depending on the extent of the violation and the applicable laws.

What are the applicable privacy laws in California?

Continue Reading ›