Thursday, May 14, 2009

White Paper Warns About Cyber Crime, Recommends Cyber Security Practices

This posting was written by John W. Arden.

The dangers of cyber crime and the measures that can be taken to protect cyber property are the subjects of a new report issued by Wolters Kluwer Law & Business.

Cyber Crime and Cyber Security: A White Paper for Franchisors, Licensors, and Others explains how malicious and well-organized hackers pose serious threats to firms’ intellectual property, confidential data, and collections of customers’ personal and financial information.

“As they say in the cyber security world, there are only two kinds of computer systems: those that have been hacked and those that will be hacked,” write authors Bruce S. Schaeffer, Henfree Chan, Henry Chan, and Susan Ogulnick.

Vulnerabilities, Liability

Practically any business and any person can be vulnerable. Despite a “hacker safe” notification from McAfee ScanAlert on its website, online retailer was the victim of a cyber attack that accessed customer credit card numbers and other personal information. Even Deborah Platt Majoras, Chairman of the Federal Trade Commission from 2004 to 2008, was the victim of identity theft.

Cyber attacks can come from internal networks, the Internet, or other private or public systems, according to the authors. Major liability may follow in the form of individual and class litigation, regulatory action, contract disputes, customer loss, damage to reputation, cyber-extortion, and fraud.

Policies, Crisis Management Plans

Companies are advised to have policies in place for data protection, data retention, data destruction, privacy, and disclaimers to customers. If a security breach occurs, a company should be prepared for a regulatory investigation and implement a crisis management plan.

Security monitoring or surveillance is necessary to protect information assets. Access controls should be placed on employees to ensure that user privileges are appropriate to particular job functions.

Best Practices for Employees

While the human factor can be the weakest link in any security program, businesses can adopt “best practices” for use by employees. These include warning employees not to share or write down pass phrases, click on links or attachments from unknown sources, or send sensitive business files to personal e-mail addresses. Employees should be encouraged to report suspicious or malicious activity and to secure their mobile devices when traveling.

The White Paper—which includes an appendix to articles on cyber crime and a glossary of cyber security terms—is available for free download here.

About the Authors

Bruce S. Schaeffer, co-author of CCH Franchise Regulation and Damages and author of the BNA Tax Management Portfolio on Franchising, is an attorney in private practice with out 30 years’ experience and offices in New York City. Mr. Schaeffer holds a Master of Laws (in Taxation) from New York University School of Law and a Juris Doctor degree from Brooklyn Law School. He is the founder and president of Franchise Valuations, Ltd. (, which provides expert testimony on damages and valuations in franchise disputes, performs lender due diligence, and resolves succession and estate planning problems for the franchise community.

Henfree Chan, a co-founder of Franchise Technology Risk Management, is a Senior Information Security Professional with 10 years’ experience in the financial services industry.

Henry Chan, a co-founder of Franchise Technology Risk Management, is also found and president of H2 IT Management, Inc., a New York City network consulting firms that specializes in end-to-end Internet and technology solutions.

Susan Ogulnick is Vice President of Research and Operations for Franchise Valuations, Ltd. She has moer than 20 years of experience in the information industry and is a recognized authority in acquiring information about hard-to-value entities.

No comments: