April 2017

Legendary bank robber Willie Sutton supposedly said that he robbed banks because that was where the money was. Many small business owners follow this logic when it comes to computer system security. They believe that people who rob with a mouse and a keyboard rather than a gun target large corporations, because those businesses have the most money.

This leads them to the misguided belief that cybercriminals will not bother them. In fact, the NACHA – The Electronic Payments Association – reports that Eastern European criminal syndicates have targeted small businesses precisely because they have allowed themselves to become easy marks.

Experts in the field estimate that one in five small businesses do not use antivirus software, 60% do not encrypt data on their wireless networks, and two-thirds lack a data security plan. This failure to take precautions makes a small business easy pickings for computer hackers.

However, there are several things business owners can do to protect themselves.

Use two-factor authentication. This is a mechanism that requires the user to do more than one thing for authentication. It ordinarily has two components — one thing the user knows (such as a password), the other a randomly generated number that the user must input. The number comes from an electronic token card, which generates a new number every few seconds. If the user enters a number that the system is expecting, the system will authenticate the user.

Inoculate systems against the Clampi Trojan virus. This virus resides on a computer, waiting for the user to long onto financial websites. It captures log-in and password information, relays it to servers run by the criminals, instructs the computer to send money to accounts that they control, or steals credit card information and uses it to make unauthorized purchases. The trojan monitors more than 4,500 finance-related websites.

Be on guard against “phishing” e-mails and pop-up messages. These messages purport to be from legitimate businesses with which the recipient does business. They ask the user to update or verify information, often threatening negative consequences if she fails to do so. Clicking on the links in the messages brings the user to an authentic looking Web site. However, it is actually bogus; the site collects personal information that the collector can use to steal the user’s identity. System users should ignore these messages.

Arrange for financial institutions to alert the business owner should they spot unusual activity involving the firm’s accounts.

Install firewalls and encryption technology to block uninvited visitors from uploading to or retrieving data from the firm’s servers and to protect data sent on public networks. Intrusion detection systems can inform the business owner of attempts to hack into the network.

Be cautious about opening attachments to e-mails, especially if the sender is someone unfamiliar to the user. Attachments may contain viruses or Trojan horses that can steal login information and passwords or corrupt a system.

Protect against intrusion by disgruntled former or current employees. Deactivate passwords for former employees, erect barriers to keep employees from accessing systems unrelated to their jobs, and implement sound accounting procedures for financial transactions.

In addition to these safeguards, small businesses may want to consider purchasing computer fraud and employee theft insurance. These policies will protect the business against those losses that still occur; insurance companies are likely to offer favorable pricing to businesses that take precautions against cybercrime.

One of our professional insurance agents can give advice on the appropriate types and amounts of coverage. Modern technology gives businesses unprecedented abilities, but it also presents significant risks. Every business owner must take steps to keep the cybercriminals out.

When discussing copyright protection, sooner or later someone’s going to suggest mailing your intellectual property to yourself as an easy way to protect what’s yours. The “Poor Man’s Copyright,” as it were. So, does this actually work, or is it just something that “sounds right,” so people love to share it?

The truth is that there aren’t really any advantages to mailing something to yourself. If you create something, be it a corporate logo, a blog post or a t-shirt design, you own it the minute you’re done creating it. These days the chain of evidence leading to the originator is incredibly strong, as there is an imprint of your work the minute you set out to write the first page of your novel or take a photo with your phone. It’s very difficult for IP thieves to claim the copyright on something that they did not create. If you’ve created something, then you probably have all the evidence you need to put a stop to anyone who would take it for themselves.

Registering your work is not an issue of protecting it so much as establishing your right to pursue damages should somebody else use your intellectual property for their own game. You’re not going to have an easy time pursuing statutory damages on, say, a screenplay, if it’s not registered with the Writer’s Guild of America. You may still be awarded your damages in court, but that’s going to cost you in legal fees that will ultimately outweigh the cost of registration.

Once upon a time, patent laws worked on a “first to invent” rule. So a long time ago, it made sense for a chemist or an engineer to mail themselves blueprints and schematics for whatever it was they were creating. It certainly would have saved Tesla a lot of trouble with Edison. But when it comes to patents in the modern day the rule is “first to file,” meaning that you do not have any patent protection without seeking, well, patent protection.

So, to make a long story short: Mailing intellectual property to yourself is a waste of a stamp. The protection that you think you’re getting when you do this is protection that you already have the minute you write your idea down in a memo pad, and any additional protections cannot be had without registration through a patent office or a guild of some sort.

On April 20, 2011, someone hacked the Sony Playstation Network. They found an opening in the online video gaming network’s password-reset system and penetrated the security protecting its customer database. Days later, the company admitted that the hackers had obtained personal information on 70 million or more subscribers.

The hackers got names, physical and email addresses, birthdates, and other identifying information, and it’s possible that they got credit card numbers. Sony took the network offline to reinforce it, but within days of it coming back online, hackers broke in again.

Playstation Network is a high-profile target with tens of millions of subscribers, making it attractive to criminals. However, even small businesses that do business over the Internet are vulnerable to the same kinds of intrusions. The federal Internet Crime Complaint Center referred more than 146,000 complaints to local, state and federal law enforcement agencies in 2009, 22 percent more than the year before. One out of every three of those complaints was for identity theft, credit card fraud and computer fraud. The Ponemon Institute has reported that the average data breach costs businesses $7.2 million.

What could happen to a business’s data?

Over a seven-year period, a Georgia man stole 675,000 credit card numbers and associated information. He racked up thousands of fraudulent transactions and bills exceeding $36 million. A Texas man received a 110-month prison sentence for hacking into 14 computers in the hospital where he worked as a security guard. He disabled network security systems, installed malicious software, infiltrated a nursing station computer containing patient medical records, and gained remote access to temperature-control systems.

The FBI caught a North Carolina man in the act of attempting to access an ATM in 2010. The man had planned to hack into 35 ATM’s located around Houston, Texas in the hope of pocketing more than $200,000.

When consumers and business owners give their credit card numbers and other personal information to a business or organization, they expect that this information will stay confidential. They will hold the organization responsible if they suffer financial harm because their information fell into the wrong hands. The organizations that lost the data face the potential for large jury awards or out-of-court settlements. To protect themselves, they should consider buying cyber liability insurance. One insurance company advertises a Cyber Liability policy that provides coverage for expenses such as:

• Damages to third parties caused by a network security breach
• Loss resulting from administrative or operational mistakes made by the business’s own employees or by outside vendors
• Expenses resulting from a breach of consumer protection laws, such as HIPAA or the Fair Credit Reporting Act
• Costs of notifying customers of a breach
• Public rel

ations expenses necessary to repair the business’s reputation.

Nearly 30 insurance companies currently offer Cyber Liability policies. If an organization’s insurance broker does not have direct access to a company that offers the coverage, they might be able to obtain it through a specialty broker.

To prevent or reduce losses and to make themselves more attractive to insurance companies, businesses should implement strong network security systems, and continually monitor and update them as needed. Develop plans for responding to any network intrusion events that do occur. A sound plan identifies who should be involved in the response, has procedures for notifying affected customers and authorities, and has a public relations strategy for keeping the public informed.

The majority of businesses and organizations operating today are vulnerable to unauthorized intrusions into their computer networks. The potential costs are more than most organizations can fund on their own. Cyber Liability insurance is a smart investment that can literally save a company. Call our office today!

It’s not uncommon for a celebrity or other high profile figure to post something incendiary on Twitter, only to claim, an hour later, that their account was hacked. But if we’re being honest, how likely is it that they just regretted posting it, and wanted to pretend they had nothing to do with it?

Twitter and Facebook accounts do get hacked, but it’s not a major concern for a number of reasons:

• There’s really no accessing anything else through your social media

If someone cracks your email password, they have a treasure trove of sensitive information. If they break into your Twitter account, what can they really do? If you use the same password for everything, then they can figure out how to go from Twitter to Gmail and so on, but this assumes that they know the email you’re using for business in the first place.

• It’s easy to keep people out with regular password changes

If you’re a major figure you may find people trying to break into your social media on a regular basis, but this generally means people with a public reputation that can be embarrassed. People are always trying to guess Donald Trump’s password, for instance… and so far, they haven’t pulled it off. In other words, there’s really only a slim risk of this happening, and that’s if you’re rich and famous.

There is one area of risk to consider: You may wind up becoming your own liability through social media. It’s not unusual for someone to post, for instance, their driver’s license to show off how bad the picture is, only for someone to take all of the data featured on the ID and put it to work. If you’re a constant Instagrammer you might wind up broadcasting from a meeting where you were supposed to have a confidentiality agreement, and putting sensitive information out there for the public.

You can’t afford to be careless when using social media. You should be careful about any photo or post that features anything from credit cards and license plates to plane schedules and street addresses involving yourself, clients and colleagues. The right piece of information can become a skeleton key in a hacker’s hands, so the less you have out there, the better. Here’s a basic rule to keep you from getting into trouble with your social media pics: If the photo contains any numbers, and if it features anyone who’s not posing for the camera, ask yourself if it might put someone in a compromising position.