Category Archives: Intellectual Property

Educate Your Employees on Spear Phishing Attacks Now

The latest victim….the White House.  That tells you all you need to know about just how effective spear phishing is as a tactic to infiltrate a computer system.  If the attack is effective against that target then you better believe it could happen to your business.  It happens to businesses across the country on a daily basis.  If you haven’t taken this matter seriously, now is the time to do so.  Educate your employees on how criminals employ the tactic.  Educate your employees on what to look for to avoid your business becoming a victim.  Take steps to protect your business before it becomes a victim.  And develop a plan of action to respond if it fails.

Why are Criminals Targeting Smaller Businesses for Spear Phishing Attacks?

Simple answer, they are easier targets.  Small companies tend to not have the same IT infrastructure and security that larger companies have in place.  They also tend to have less formal rules and restrictions on employee use of company computers.  This creates an easy target for criminals.

Small business have access to information that is just as valuable to hackers as larger companies.  Small businesses often provide services to government agencies or other larger public companies and as such, have valuable information in their possession or offer a pipeline into these more lucrative targets.

What is “spear phishing?”

Spear phishing is a specific type of cyber attack that appears to be from someone or some company you know.  The target receives an email, often with some information about the individual or business contained in the email such as a person’s name, the company’s phone system, or bank.  Where does that information come from?  The target’s online presence.  Think about how much information is readily available regarding your business and the people working for it.  Do you have a contact page on your website with names and email addresses?

This spear phishing email comes with a ZIP file attached or a camouflaged link to an automatic download.  Sometimes the ZIP file is described as a PDF or other harmless file type.  Click to open the attachment or the link and the target is caught.

What happens after your caught?

It depends.  Some attacks are passive, meaning the hackers are simply accessing your computer system to observe and acquire information.  There is at least one case where the hackers had access to a company’s system for over a year before anyone noticed! Hackers can monitor passwords and company activity.  This can affect individual employees accessing personal accounts from work as well as the company.  If the employee types in ID and password information to access a personal or business bank account, the hacker now has that information.  Think about the potential exposure of your company’s trade secrets too.

Some attacks are active, meaning the hackers are accessing your computer system in an attempt to gain control over some portion in order to further their goals.  The hackers then use that control to continue their efforts within your business or using your business as cover.  In the White House breach, for example, it is widely reported that the attack came after hackers infiltrated the State Department to gain control over a legitimate email address which they then used to hack into the White House system.

In other cases the hackers take control of your system and hold it hostage.  Once in your system, they take control of your company files then encrypt them and prevent your business from having access to them.  The next thing you receive is a ransom demand.  Pay up or lose the files forever.  You can read about some of these cases in an NPR story here.  It happens to police departments as well.  Even law firms have been victims.

How Much Could A Spear Phishing Attack Cost Your Business?

Smaller attacks are relatively cheap.  A few hundred dollars paid by the deadline will get you the encryption key to unlock your files in some cases.

In other cases, the potential financial exposure is much higher.  The attacks are becoming much more sophisticated.  More sophisticated programs will search out more valuable files. And if it locates them, guess what?  The price goes up.  The CAD designs for that $30 million dollar construction project are going to cost you a lot more to get back than the generic everyday company files.

Don’t forget the potential liability your company may have to third parties as well.  If your files are compromised and the information accessed by the hackers includes personal information protected under privacy laws, then your business may be in for some significant expenses.  Many states (including Texas) have breach notification laws.  Fail to comply with the breach notification laws and your company could face significant fines.  If the information is used by the attackers and a third party suffers a loss, your business could be subject to a law suit as well.

There is also lost business to consider.  If your client learns that its confidential information was lost because your company didn’t take adequate measures to protect it, then how long do you think you will have that client?


A Summary of the 2013 Texas Legislature’s Impact On Business Laws In Texas

The Texas legislature’s 2013 regular session produced a number of bills that amend or alter laws affecting businesses in Texas.  Below is a summary of key bills passed by this legislature that affect Texas businesses, some of which will be addressed in more detail in later posts.  There is also a list of other bills of interest at the end of the discussion.

Senate Bill 847: Amendments to the Texas Business Organization Code

SB 847 takes effect September 1, 2013, and made a number of amendments to the Business Organizations Code.  Below is a list of amendments in this bill:

  1. Removed the requirement that restated certificates of formation that make amendments identify by reference or description each added, altered, or deleted provision.
  2. Clarified that partnerships, limited partnerships, and limited liability companies have the right to limit or eliminate the liability of a governing person of the organization to the same extent as a corporation.
  3. Added a requirement that limited partnerships send written notice of the winding up to each known claimant against the entity during the winding up process.
  4. Added the authority for a limited liability company to grant rights to a person, including a person who is not a party to the agreement, in the company agreement.
  5. Added the authority for a partnership to grant rights to a person, including a person who is not a party to the agreement, in the partnership agreement.
  6. Clarified a number of rights for series LLC’s including:
    1. the right of a series to acquire and sell title to assets;
    2. exercise any power or privilege appropriate to the conduct of the activities of the series;
    3. the rights and powers of the governing persons and officers of a series; and
    4. specified that a series is not a separate domestic entity or organization.


Senate Bill 849: Social Purpose Corporations

SB 849 takes effect September 1, 2013, and authorizes for-profit corporations to include a social purpose in its certificate of formation.  The bill also states that directors and officers are entitled to consider social purposes identified in the certificate of formation when making business decisions.

Previously for-profit corporations and their directors were (presumably) required to make business decisions with the primary goal of increasing profit and shareholder value.  This bill follows a growing national trend that recognizes corporations can play an important role in promoting and supporting social issues that are not necessarily in contravention of their for-profit purposes.  It also recognizes that there is a growing social entrepreneurship trend through which entrepreneur’s attempt to affect change in a social purpose through business.

The permitted social purposes include promoting one or more positive impacts on society or the environment or minimizing or or more adverse impacts on society or the environment.


Senate Bill 953: Uniform Trade Secrets Act

SB 953 represents a significant addition to Texas law protecting trade secrets and is effective September 1, 2013.  This is a significant bill that will be addressed in detail in a later post here, but below is a summary of the bill.  Texas has not had a central law governing the protection of trade secrets prior to enactment of this bill.

SB 953 adopts a modified version of the Uniform Trade Secrets Act to provide consistent and predictable statutory language for trade secret protection.  The bill updates the definition of “trade secret” to reflect current business practices and technologies and also clarifies that certain business practices do not constitute misappropriation of trade secrets.  It provides easily applied standards for injunctive relief along with an avenue for recovering attorney’s fees against willful and malicious misappropriators.


Senate Bill 699: Modification to Assumed Name Certificate Requirements

SB 699, effective September 1, 2013, eliminates the requirement that an assumed name certificate include the registered office information for the filing entity because that information is included in the information on the original filing certificate.  The bill also clarifies the information required on the assumed name certificate regarding an entity’s principal office.


House Bill 1624: Naming Series LLC

HB 1624 provides that an assumed name certificate be filed for each series in a series LLC under the assumed name statutory framework.  This bill is effective September 1, 2013.


Other Bills of Interest

HB 194: Adds disabled veterans to the definition of economically disadvantaged persons in determining whether a business is a historically underutilized business for purposes of state contracting.  The bill also includes a requirement for the Comptroller to provide goals for increasing awards to qualifying disabled veteran-owned businesses.

HB 500:  Provides small business franchise tax exemption levels, across the board franchise tax reductions for 2014 and 2015 (with Comptroller’s certification), as well as a number of industry specific exemptions.  The bill also provides for a deduction of relocation costs for businesses moving to Texas. Effective January 1, 2014.

HB 1979: This bill addresses the right of a creditor and obligor to define the method of computing annual interest and the use of compound interest or payment-in-kind interest in commercial loan transactions.  Effective September 1, 2013.

HB 2918: Amends the current durable power of attorney form to change it from an opt-out type form to an opt-in type form.  Effective January 1, 2014.

HB 3714: Establishes the Office of Small Business Assistance Advisory Task Force to advise and assist the Governor, Lieutenant Governor, and Speak of the House by providing information in plain language to the public on issues related to small businesses. The bill also establishes reporting requirements.

SB 230: Addresses and modifies certain fund transfers that were removed from UCC 4A because of changes to definitions in the Electronic Fund Transfer Act made by the Dodd-Frank Wall Street Reform and Consumer Protection Act.  Effective September 1, 2013.

SB 474: Modifies information required in financing statements and other secured transaction records to comply with changes to forms approved by the International Association of Commercial Administrators.  Effective July 1, 2013.