Category Archives: Trade Secrets

Educate Your Employees on Spear Phishing Attacks Now

The latest victim….the White House.  That tells you all you need to know about just how effective spear phishing is as a tactic to infiltrate a computer system.  If the attack is effective against that target then you better believe it could happen to your business.  It happens to businesses across the country on a daily basis.  If you haven’t taken this matter seriously, now is the time to do so.  Educate your employees on how criminals employ the tactic.  Educate your employees on what to look for to avoid your business becoming a victim.  Take steps to protect your business before it becomes a victim.  And develop a plan of action to respond if it fails.

Why are Criminals Targeting Smaller Businesses for Spear Phishing Attacks?

Simple answer, they are easier targets.  Small companies tend to not have the same IT infrastructure and security that larger companies have in place.  They also tend to have less formal rules and restrictions on employee use of company computers.  This creates an easy target for criminals.

Small business have access to information that is just as valuable to hackers as larger companies.  Small businesses often provide services to government agencies or other larger public companies and as such, have valuable information in their possession or offer a pipeline into these more lucrative targets.

What is “spear phishing?”

Spear phishing is a specific type of cyber attack that appears to be from someone or some company you know.  The target receives an email, often with some information about the individual or business contained in the email such as a person’s name, the company’s phone system, or bank.  Where does that information come from?  The target’s online presence.  Think about how much information is readily available regarding your business and the people working for it.  Do you have a contact page on your website with names and email addresses?

This spear phishing email comes with a ZIP file attached or a camouflaged link to an automatic download.  Sometimes the ZIP file is described as a PDF or other harmless file type.  Click to open the attachment or the link and the target is caught.

What happens after your caught?

It depends.  Some attacks are passive, meaning the hackers are simply accessing your computer system to observe and acquire information.  There is at least one case where the hackers had access to a company’s system for over a year before anyone noticed! Hackers can monitor passwords and company activity.  This can affect individual employees accessing personal accounts from work as well as the company.  If the employee types in ID and password information to access a personal or business bank account, the hacker now has that information.  Think about the potential exposure of your company’s trade secrets too.

Some attacks are active, meaning the hackers are accessing your computer system in an attempt to gain control over some portion in order to further their goals.  The hackers then use that control to continue their efforts within your business or using your business as cover.  In the White House breach, for example, it is widely reported that the attack came after hackers infiltrated the State Department to gain control over a legitimate email address which they then used to hack into the White House system.

In other cases the hackers take control of your system and hold it hostage.  Once in your system, they take control of your company files then encrypt them and prevent your business from having access to them.  The next thing you receive is a ransom demand.  Pay up or lose the files forever.  You can read about some of these cases in an NPR story here.  It happens to police departments as well.  Even law firms have been victims.

How Much Could A Spear Phishing Attack Cost Your Business?

Smaller attacks are relatively cheap.  A few hundred dollars paid by the deadline will get you the encryption key to unlock your files in some cases.

In other cases, the potential financial exposure is much higher.  The attacks are becoming much more sophisticated.  More sophisticated programs will search out more valuable files. And if it locates them, guess what?  The price goes up.  The CAD designs for that $30 million dollar construction project are going to cost you a lot more to get back than the generic everyday company files.

Don’t forget the potential liability your company may have to third parties as well.  If your files are compromised and the information accessed by the hackers includes personal information protected under privacy laws, then your business may be in for some significant expenses.  Many states (including Texas) have breach notification laws.  Fail to comply with the breach notification laws and your company could face significant fines.  If the information is used by the attackers and a third party suffers a loss, your business could be subject to a law suit as well.

There is also lost business to consider.  If your client learns that its confidential information was lost because your company didn’t take adequate measures to protect it, then how long do you think you will have that client?

 

Starting a Business? Here Is What You Should Know About The Non-Compete Provision With Your Former Employer (or Partner)

Folks starting a new business are often doing so after working for an employer or after departing a previous venture with other partners.  Frequently these entrepreneurs have a non-compete provision tucked into some agreement from the previous relationship that they either did not know about or have not considered.  Look closely through all of your agreements and often enough  you will find one buried in a confidentiality agreement, non-disclosure agreement, company agreement or shareholder agreement restricting the activity of individuals that leave the company.

If you find one, here is what you should know about that non-compete provision:

What is the scope of the restricted activity and how long am I prohibited from engaging in it?

This is the threshold issue because it answers the single most important question for your new business: what activity(ies) am I prohibited from engaging in and for how long?  Your former partners or employers likely drafted a very broad scope of activity into the non-compete provision.  The key here is what activity would a court actually restrict you from engaging in.  For example, perhaps you worked in procurement for your former company but want to start a company that, while no doubt competing with your former company, would actually focus on the sales side.  If your non-compete includes a general prohibition from competition, would this include moving into a completely different role as a competitor?

What is the geographic area in which you are restricted from competing?

This is one common area where companies tend to overreach.  For example, if you only worked in one county in Texas but the agreement prohibits you from competing across the entire state then a court could view that geographic restriction as overly broad.   On the other hand, certain industries and businesses don’t lend themselves well to geographic restrictions so courts will look to other reasonable limitations such as specific clients.

What is the legitimate business interest that the provision is designed to protect?

Texas has a history of close scrutiny when it comes to enforcing non-competition provisions.  By law, these provisions can only be enforced to the extent necessary to protect the goodwill or other legitimate business interest of the company.  Identifying the interest your former employer is attempting to protect is a key inquiry in determining whether the restrictions contained in the agreement are reasonable and whether a court would ever enforce them.

What is “competing?”

This is something that is often overlooked.  Often these provisions include language such as “directly or indirectly competing with.”  That is a much broader restriction than most people realize when it comes to competition.  What is the difference?  Direct competition would be offering a similar product or service.  Indirect competition means fulfilling a customer or client’s same need as the previous company did, even if you are not offering a similar product or service.  Similarly, the language in the agreement is important because it may go further than simply restricting competition and actually define how you are restricted from competing.

5 Things Your Company Should Consider When Deciding Whether to Enforce a Covenant Not To Compete

Should your company enforce a non-compete provision when an employee leaves to work for a competitor?  I can’t really answer that question beyond saying in typical attorney fashion that, “It depends.”  What I can do is discuss some of the factors your company should consider when making that decision and some of the questions it should answer.

Importance of the Interest Your Company Seeks to Protect

This is the single most important factor.  The purpose of a covenant not to compete or any other restrictive covenant is to protect a legitimate business interest. The most common scenario involves preventing the disclosure of confidential or proprietary information.

So how important is the information your company is concerned about?  Is there a significant risk of exposure?  Did the former employee actually have access to the types of information your company seeks to protect?  Is that information included within the scope of the non-compete provision?

The Employee’s Position With and Value To His New Employer.

What is the former employee’s position at his new employer?  What are his duties in that position? Is there any connection between the types of information the employee had access to at your company and the duties or responsibilities of his new position?  Is there a likelihood that the former employee will use your company’s confidential information in performing his duties for his new employer?

And how valuable is the employee (and the position) to his new employer?  The answer to this question is important because it will provide some insight into how the new employer may respond to an attempt to enforce a non-compete agreement.  If the employee is critical to the company’s business then his new employer is more likely to defend his position.  On the other hand, some lower level positions may not be worth the effort and expense of litigation.

Effects of Not Enforcing the Non-Compete Agreement.

This is another important factor.  What happens if you do not enforce the non-compete agreement?  Employees gossip.  No doubt they will notice if an employee leaves to work for a competitor and your company does not enforce the non-compete agreement.  Not enforcing the non-compete provision may cause other employees to ignore it under the assumption that your company will not enforce it.

The decision to not enforce a non-compete may also come up in subsequent litigation.  If another employee with access to similar information leaves for a similar position with a new company, then your company may have difficulty enforcing the non-compete agreement if you did not try to enforce it the first time.  At the very least you will likely have to answer the question of why you chose not to enforce the non-compete in the first instance.

Impact of Litigation On Business Operations.

You should always consider the impact of potential litigation on your company.  Understand that the former employee’s managers and other high-level employees could become witnesses during the litigation.  Have you given thought about the disruption to your company’s business that would be caused by them having to take the time to prepare for and sit through depositions?  What about testifying at trial?  Have you considered the type of questions your managers and employees may have to answer during a deposition?  Could you end up exposing more information to the other party through litigation than you risk by not enforcing the non-compete provision?

History Between Your Company and the New Employer.

What about the history between your company and the new employer?  Have you hired any employees from the new employer recently?  Were they subject to a non-compete agreement at the time?  Are there any other pending disputes between the companies?

It is certainly worth considering whether an attempt to enforce this non-compete provision could lead to more complicated litigation.

This list is by no means exhaustive and every circumstance will require its own evaluation, but hopefully this provides you with some guidance on the factors your company should consider when deciding whether or not to enforce a non-compete agreement.

A Summary of the 2013 Texas Legislature’s Impact On Business Laws In Texas

The Texas legislature’s 2013 regular session produced a number of bills that amend or alter laws affecting businesses in Texas.  Below is a summary of key bills passed by this legislature that affect Texas businesses, some of which will be addressed in more detail in later posts.  There is also a list of other bills… Continue Reading