Articles Posted in Cybersecurity

Published on: | by

The smartphone has brought a world of possibility to the average consumer’s fingertips. Now, this has come to include mobile banking. With fast-paced lifestyles and long lines at the banks, mobile banking has emerged as a thrilling convenience. However, this convenience brings cybersecurity concerns. Therefore, consumers who have turned to mobile banking for their financial needs must protect their financial privacy from cybersecurity breaches.

What Is Mobile Banking?

Mobile banking allows customers to access their financial institutions and conduct transactions through their mobile devices. Initially, this began with SMS Banking, which allowed customers to conduct various financial transactions by sending and accepting SMS messages or “texts.” In its most basic form, mobile banking allows customers to access their bank accounts and check on financial transactions. However, as the systems have progressed, customers can now make bill payments, transfer funds, and monitor deposits. Indeed, customers can now manage their investment portfolios and rearrange their investments through a smartphone or tablet. This has certainly increased everyday conveniences. However, it has also contributed to the speed with which finances can shift. Although, customers can review and monitor their accounts faster and more regularly, this also means greater security threats for the underlying financial information. This expansive access may lead to greater unauthorized breaches.

Continue Reading ›

Published on: | by

In the aftermath of high profile cybersecurity breaches, businesses and consumers are alert to the real dangers of cyber vulnerability. In response, various government agencies have taken up efforts to protect against future breaches. Thus, consumers and businesses must continue to take steps to protect themselves and their private information. Accordingly, the office of California’s Attorney General has issued Cybersecurity Guidelines aimed at reducing the threat of electronic security leaks. Furthermore, these guidelines set the standard that businesses must meet to protect customer privacy.

What Are Attorney General’s Cybersecurity Guidelines?

The Attorney General outlined the basics steps to “minimize cyber vulnerability.”  First, anyone could be a target. Therefore, assume cybersecurity could affect you and take preemptive steps to protect your network.  Also, it is important to know where you store your data. The guidelines are directed towards small to medium-sized firms.  So, they focus on the importance for businesses to know which third parties hold company information. It is important to be familiar with these third-party security measures. If a data storage company is not taking proper steps to protect cybersecurity, it may be time to seek different storage options or take steps to counter the vulnerabilities. Alternatively, if your business stores information on the cloud, make sure to back up information, and store data only with secure entities. The overall point is that in the event of a breach, the level of preparedness will limit the consequences.  Next, encrypt your data as an added measure of security. It is also helpful to include firewall and antivirus protection on all devices.  Additionally, make sure to conduct banking and other financial transactions with reliable vendors.  Especially when dealing with third party financial information, the safety and security of those transactions are vital to ongoing business.  Finally, it is important to note that these guidelines are the minimum requirements. It is not a comprehensive list and companies must take care to implement personalized measures based on their cybersecurity needs.

Continue Reading ›

Published on: | by

The expansion of cyber consumerism—buying and selling products over the Internet, or engaging in business over the Internet—has called into the question whether international laws are equipped to protect consumers in their online transactions. Indeed, online business often takes place over several countries, implicating the legal standards in those countries. When such transactions involve a party that is more experienced than the other, there is the potential that the experienced party will take advantage of the disparity for financial gain. Accordingly, countries around the world have enacted and adopted legislation to combat the threat of unfair business practices. These provisions aim to protect online transactions to promote successful international business.

What Are Unfair Trading Practices?

Unfair trading practices include fraud, misrepresentations, and unconscionable business acts. Fraud is the act of providing false information in a transaction for personal financial gain at the expense of the other party. Misrepresentation involves providing misleading information about any part of a transaction—for example, the quality of the product in question. Finally, unconscionable acts deal with contract terms or negotiations that are overwhelmingly one-sided. These favor the party with greater bargaining power or business experience. The threat of these practices may arise in all sorts of business contexts—for example, insurance contracts, commercial and residential lease provisions, debt collection efforts, and general purchases.

Continue Reading ›

Published on: | by

Employees, in the course of their employment, will often have broad access to company files.  If employees are terminated or seek other employment, such access can become problematic.  Indeed, companies store sensitive and commercially valuable information on their servers. Employee misuse of these files can substantially weaken a company’s economic viability and threaten its progress.  In a recent court decision, the United States District Court for the Northern District of California held that a former employee who accessed an employer’s servers using his login information was not liable for unlawful hacking. The court explained that the employee had not violated the Computer Fraud and Abuse Act (“CFAA”) or the California Comprehensive Computer Data Access and Fraud Act (“CDAFA”).

What is the holding in Enki Corporation v. Freedman?

According to the record, Enki Corporation had entered into a contract with Zuora to provide certain consulting and information technology services. As part of these services, Enki installed a computer resource and performance monitor on Zuora’s network. Additionally, Enki contracted with Keith Freedman, a former employee, to provide consulting services for Zuora. Enki subsequently terminated its contract with Freedman when it discovered that Freedman was speaking negatively about Enki’s services. Freedman had also accessed the monitor Enki installed on Zuora’s network using his employee login to download Enki’s proprietary information (e.g., private company files and data) from the servers. The court held that this did not violate the CFAA because Enki had failed to show that Freedman accessed the computer system without authorization. Since the CFAA is aimed at regulated access to protected data, not the misuse of such data, where employers lawfully access servers, there is no CFAA violation. As for the CDAFA claims, the court also did not find a violation because Freedman did not have to “hack” into the system because he did not have to override a computer code. He simply logged in using his employee login information.

Continue Reading ›

Published on: | by

In recent years, there has been an increase in cyber-attacks directed towards usernames and passwords for online banking accounts.  Through these attacks, outside parties have been able to misuse banking information for fraudulent wire transfers.  Hackers have starting using foreign accounts because it is more difficult to recover funds when dealing with some foreign banks.  Online banking fraud has led to over $40 million in stolen funds from small and mid-size companies.  Recently, the nature of these attacks have become more complex as regulatory agencies, e.g., FDIC, and enforcing agencies, e.g., FBI, scramble to keep up with changing technologies.

How Have Online Cyber-Attacks Changed In Recent Years?

In recent years, online banking fraud has become dramatically more sophisticated.  Now, hackers have the capacity to infect not only small, local sites, but also high-volume webpages all across web.  These hackers infect popular websites with Trojan viruses, which latch onto users’ computers when they visit the website.  The virus then directs to online banking information, such as account numbers and login information, allowing the hackers to access these accounts and conduct fraudulent transactions.  The virus may even have the capacity to record and hold this information itself.  To carry through the cyber-attack, criminals only need to setup funds transfers without the respective bank noticing.  Banks learned to watch for transfer activity from unknown computers, so now hackers steal victims’ IP addresses to avoid detection.  With this information, the transfer looks like a typical transaction from the user’s computer.  The hackers may obtain the ability to take control of a computer and use it to conduct fraudulent transfers.

Continue Reading ›

Published on: | by

In general, both copyright and patent laws provide different levels of protection for computer software. Additionally, depending on the aspects of software that an owner wants to protect, these two areas of law will apply differently. Furthermore, securing a patent is a more rigorous process. However, a patent does provide a greater degree of protection. On the other hand, obtaining a copyright is less difficult, but it also provides a thinner veil of protection.

What Protection Does Copyright Law Provide For Computer Software?

The Copyright Act of 1976 is codified under 17 U.S.C. sections 101 et seq. Traditionally, copyright has been the common form of protection for computer software. However, copyrights only protect the expression of a work, and not its underlying idea. Copyrights have been instrumental in preventing software piracy and infringement of related works. The protection applies to software because the underlying computer code is similar to the types of writings the law protects. So, copyright holders can protect their software much like other literary works (e.g., books, scripts). Copyright protection essentially provides broad protections for software. It grants the typical copyright authority depending on the nature of the software. The courts have grouped software with other literary works and provided copyright protection accordingly. There also exist inconsistencies in court decisions applying the Copyright Act to software. This difficulty arises because the legal community often lacks the technical expertise necessary to properly classify software. For instance, where a judge cannot understand the program’s code, he or she cannot determine whether another infringing program’s code is substantially similar. It is necessary to establish substantial similarity to find copyright infringement. Therefore, the lack in technical background has led to unclear definitions as to what constitutes software copyright infringement.

Continue Reading ›

Published on: | by

In 2013, Edward Snowden, a former CIA employee, and National Security Agency (“NSA”) contractor, leaked top secret documents to the public. These documents detailed the NSA’s controversial electronic surveillance practices and procedures, sparking a debate about wiretapping and privacy laws. Snowden revealed that the government employed questionable electronic surveillance programs. The controversy circles around the potential privacy violations surrounding government agency practices to monitor communications. Since then, the Obama Administration has been under pressure to address individual privacy concerns. Last month, President Obama addressed the nation and introduced proposed changes to current electronic surveillance practices.

What Are the Current Wiretapping Laws, Before President Obama’s Proposed Amendments?

Wiretapping has been possible since the invention of the telephone. The procedure gets its name from earlier methods, which required officials to physically place electrical taps on telephone lines. Wiretapping is a constitutional and legal practice. In most cases, officials must secure a warrant from a judge beforehand. However, federal intelligence agencies can apply to the Foreign Intelligence Surveillance Court (“FISA”), under secret proceedings, for court approval. In some circumstances, these agencies can proceed with approval from the United States Attorney General, without court approval. In the event that the agency does need to secure a warrant before wiretapping, courts typically apply a very strict standard of review before granting approval. For instance, the judge will look to ensure there are no other less intrusive methods to gather information. In general, the courts look at wiretapping as a last resort. Alternatively, if a party who is participating in a call, records the call and produces it to a government agency, the agency does not need prior court approval. The agency is then at liberty to use the contents of the recorded phone call for its purposes.

Continue Reading ›

Published on: | by

In recent years, online transactions, such as activities on social media networks, have exposed personal privacy to greater risks. With so much personal information available over the Internet, it is increasingly important to be aware of the applicable laws, so that your privacy is better enforced and protected. The risks can include identity theft, and data, medical, financial, or workplace breaches.

In the United States, there are overarching federal privacy laws that apply to the states. Also, each state has its own privacy laws. In general, the states can provide greater privacy protection than federal laws, but they cannot provide less protection. Privacy right violations can lead to both civil and criminal penalties, depending on the extent of the violation and the applicable laws.

What are the applicable privacy laws in California?

Continue Reading ›

Published on: | by

On December 19, 2013, Target issued a statement confirming a major security breach. According to the statement, approximately 40 million customers were at risk for identity theft because of the breach. Hackers had gained access to customer information, including their names, credit card numbers, debit card numbers, card expiration dates, and security codes. This incident brought light to the ongoing threat of identify theft for customers who use credit or debit cards to make purchases, either in stores or online. With this growing threat, consumers need to take care to protect themselves against potential attacks.

What Is the Extent of the Target Security Breach?

According to Target’s investigations, the hackers began accessing customer information from before Thanksgiving until mid-December. With the information they stole, which is stored on a card’s magnetic strip, the hackers could have made purchases all around the world. Indeed, hackers can also use this information to create new credit or debit cards. Although, there is no evidence the hackers also stole pin numbers, but if they had, they could have withdrawn money from customers’ bank accounts. The United States Secret Service is looking into this massive security breach. In the past, federal and state authorities have held companies liable, even issuing fines, if investigations reveal that a company did not take adequate steps to protect customer information. Analysts predict that here Target may have to spend over $100 million in legal costs to fix the security breach. Costs will increase even more if it’s forced to reimburse credit card companies for fraudulent purchases. However, in the meantime, Target’s first priority has been to act quickly to secure and protect customer information. Although, they have not reached any conclusions, initial investigations suggest the breach could have come entirely from outside hackers, or it could have been achieved with help from its employees. Either way, this level of a security breach suggests that it reached deep within the corporation.

Continue Reading ›

Published on: | by

Cyber criminals are very skilled in singling out vulnerable targets for online schemes. For instance, senior citizens are ideal candidates for cyber fraud or Internet fraud because they are more likely to have large amounts of money saved up, and they tend to have better credit, making schemes more profitable for criminals. If you are a senior citizen, or you know of an elder consumer who was a victim of Internet fraud, please contact us today to discuss available legal remedies and protections.

Why Are Senior Citizens Ideal Targets for Internet Fraud?

Older American citizens are often not familiar with the methods available to report fraud. Also, they are hesitant to report fraud because they are worried their relatives will decide they are no longer able to handle their own finances. Unfortunately, failure to report cyber crime immediately leads to a loss of evidence, and makes it very easy for cyber criminals to disappear without a trace. Furthermore, the more time that passes between the crime and prosecution, the more details and evidence are lost to memory. Cyber criminals depend on elder citizens’ weakened memory because the loss of evidence also prevents effective prosecution, and cyber criminals are able to walk away without punishment.

Continue Reading ›