Author Archives: Jeffrey A. Franklin, Esq.

About Jeffrey A. Franklin, Esq.

Jeffrey A. Franklin serves clients in ways that maximize their opportunity to achieve their goals. Jeff has more than 20 years of experience, primarily in the areas of electric, gas, telecommunication, alternative energy, transportation and water regulation. He also has extensive experience in technology, Internet and computer law and e-discovery issues.

The Dark Web: What you and your business need to know

ftcDuring a recent meeting at Prince Law Offices, P.C., we were discussing ransomware and the dark web.  The Federal Trade Commission (FTC) recently posted a helpful description of the dark web and how it may impact you and your business.

You probably have heard about the “dark web” and wondered how it affects businesses – including small businesses. That was one of the topics addressed at an FTC conference earlier this year on identity theft. Recent headlines about high-profile data breaches have added even more urgency to the discussion. So why should the dark web matter to your company? Unfortunately, when a business suffers a breach, the dark web is often the next stop that sensitive data makes after it’s been stolen.

What is the dark web?

It’s a term that describes places on the internet not indexed by traditional search engines. While not every site on the dark web engages in criminal activity, the dark web is where sites that illegally sell consumer data and other black market goods tend to congregate. For identity thieves, the dark web is a sophisticated marketplace providing one-stop shopping to get the tools to commit cybercrime – whether it’s malware kits, stolen account information, or “drop” or “cash-out” services to help monetize their crimes.

What’s the link between the dark web and a business that experiences a breach?

In many instances, data stolen from businesses ends up on the dark web where criminals buy and sell it to commit fraud, get fake identity documents, or fund their criminal organizations.

Dark web offerings often include but aren’t limited to stolen credit cards. Identity thieves also can get compromised bank accounts, health records, credentials, and forged documents. They can even buy entire wallets, complete with credit cards, driver’s licenses, and documents like Social Security numbers and birth certificates – everything a criminal needs to create a new identity.

 

 

How does the dark web impact small businesses?

With so much media focus on data breaches at companies that possess personal information about millions of consumers, some smaller businesses and organizations might think that cybercriminals wouldn’t target them. They would be wrong. First, the reality is that cybercriminals don’t always target a particular business. They often use automated tools to scope out vulnerabilities in any system, including small businesses. Second, as presenters noted at the FTC conference, information available for sale on the dark web is up to 20 times more likely to come from an entity whose breach wasn’t reported in the media. Many of these are smaller retailers, restaurant chains, medical practices, school districts, etc. In fact, most of the breaches the U.S. Secret Service investigates involve small businesses.

There’s another way that data breaches injure us all. Identity theft and fraud have become go-to methods for funding criminal activity in the U.S. and around the world.

And all of this data links back to a real person – your customer – whose life can be adversely affected. Turning their financial affairs into a Gordian Knot is just the start. Some people have had their licenses revoked, been pulled over and arrested, or had criminal warrants issued in their name because of identity theft. When their information is used to commit medical identity theft, even their health could be at risk. Criminals have been known to use stolen data to get medical care or prescription drugs in someone else’s name. When an identity theft victim’s medical records become commingled with a perpetrator’s health information, the consequences could be catastrophic.

What can you and your business do to reduce the risk that information you collect could find its way to the dark web?

It starts with security and continues with your commitment to stick with it. The FTC’s data security page has resources for businesses of any size and sector. If you have customers, employees, or friends who are victims of identity theft, encourage them to report it and get a customized recovery plan at IdentityTheft.gov.

If you or your business have legal questions or concerns regarding disaster preparedness, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Advertisements

Leave a comment

Filed under Business Law, Computer Law, Consumer Advocacy, Uncategorized

National Cyber Security Awareness Month

DHS logoOctober is National Cyber Security Awareness Month which is an annual campaign to raise awareness about the importance of cybersecurity. The Internet touches almost all aspects of everyone’s daily life. National Cyber Security Awareness Month (NCSAM) is designed to engage and educate partners through events and initiatives to raise awareness about the importance of cybersecurity, provide them with tools and resources needed to stay safe online, and increase the resiliency of the Nation in the event of a cyber incident.

More information is available from www.dhs.gov/national-cyber-security-awareness-month.  A free toolkit is available here: https://www.dhs.gov/stopthinkconnect-toolkit.

If you or your business have legal questions or concerns regarding disaster preparedness, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

FCC FILING DEADLINE FOR FORM 477 DATA IS NOW SEPTEMBER 1, 2017

FCCRulingThe Federal Communications Commission (FCC) FCC’s Form 477 filing interface, available online at https://apps2.fcc.gov/form477/login.xhtml, is now accepting data as of June 30, 2017.  The filing deadline for Form 477 data as of June 30, 2017 is September 1, 2017.

Information on how to file Form 477 is available on the FCC’s Form 477 Resources for Filers webpage at www.fcc.gov/form477.

Need more information or help filing Form 477?  Contact attorney Jeffrey A. Franklin at Prince Law Offices, P.C.

Leave a comment

Filed under Business Law, Communications Law

When the Lights Go Out – Black Sky Power Outage Mass Event – Preparedness

What would you do if you didn’t have power for an extended period of time? For one week? For one month? For six months? “EARTH EX” is designed to help you think through this scenario and increase your preparedness.

Leadership and staff from the Pennsylvania Public Utility Commission (PUC), Pennsylvania Emergency Management Agency (PEMA) and Pennsylvania Governor’s Office of Homeland Security today, August 23, 2017, joined with government agencies, utilities, emergency responders and other stakeholders around the world in a first-ever transnational exercise to test responses to a large-scale power outage event.

Today’s Pennsylvania involvement in EARTH EX 2017 is part of a continuing collaboration of public and private sector leaders to strengthen the state’s effort to prepare for “Black Sky” events – defined as extraordinary, wide-reaching events capable of producing power outages that last significantly longer than typical weather or operational outages.

Because of the large-scale nature of Black Sky events, they have the potential to impact not only electricity, but also other critical systems, such as natural gas, water, wastewater treatment, telecommunications and transportation services. These events could be caused by a cyber-attack on the electric grid, severe weather or physical attacks.

“Black Sky events have the potential to disrupt essential services across large areas, impacting the lives of millions of people,” said PUC Chairman Gladys M. Brown. “It is essential that we work collectively to address these threats, because it will require the work of government, private sector and not-for-profit organizations to better safeguard our critical systems, strengthen our response and enhance our ability to recover from Black Sky events.”

“This exercise gives us the opportunity to work with our partners in preparedness, response and recovery to identify ways we can work together more efficiently and effectively in the event of a Black Sky incident,” said PEMA Director Richard D. Flinn, Jr.

“Planning exercises like EARTH EX are a critical part of developing an effective, coordinated response to a Black Sky event,” said Marcus L. Brown, director of Pennsylvania’s Office of Homeland Security. “The lessons learned will help all of the participants prepare for, and recover from, a catastrophic disruption of electricity and other essential services.”

Pennsylvania’s first Black Sky exercise – one of the first in the country – was held in June 2016, hosted by the PUC and Gov. Tom Wolf. Since that time, the PUC, PEMA and the Governor’s Office of Homeland Security have continued to integrate Black Sky planning and practice into broader discussions about emergency response planning.

Today’s EARTH EX exercise, developed by the Electric Infrastructure Security Council (EIS Council), is the first phase of a nearly year-long series of international exercises intended to develop, test and enhance planning and preparation for Black Sky events. EIS Council hosts national and international collaborations on resilience and whole community restoration and response planning, addressing severe, national and global scale hazards to lifeline infrastructures.

If you or your business have legal questions or concerns regarding disaster preparedness, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices. Learn more about preparedness at EARTH EX 2017.  Tell us how you are preparing in the comments.

1 Comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy, Energy Law

Stick with Security – Part 1

stick_with_security_1When it comes to data security, what’s reasonable will depend on the size and nature of your business and the kind of data you deal with. But certain principles apply across the board: Don’t collect sensitive information you don’t need. Protect the information you maintain. And train your staff to carry out your policies.

The FTC’s Start with Security initiative was built on those fundamentals. Some helpful tips follow.

DON’T COLLECT PERSONAL INFORMATION YOU DON’T NEED.

It’s a simple proposition: If you don’t ask for sensitive data in the first place, you won’t have to take steps to protect it. Of course, there will be data you must maintain, but the old habit of collecting confidential information “just because” doesn’t hold water in the cyber era. Continue reading

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

Stick with Security: FTC Providing Insights on Data Security Practices

ftc_logo_430As part of its ongoing efforts to help businesses ensure they are taking reasonable steps to protect and secure consumer data, the Federal Trade Commission (FTC) is publishing a series of blog posts using hypothetical examples based on lessons from closed investigations, FTC law enforcement actions, and questions from businesses. These new posts will build on the FTC’s Start with Security guide for businesses.

FTC Acting Chairman Maureen K. Ohlhausen pledged earlier this year to be more transparent about the lessons learned from the FTC’s closed data security investigations and to provide additional information for businesses about practices that contribute to reasonable data security, culminating in this “Stick with Security” Initiative.

In the first blog post published July 21, 2017, the FTC highlights some of the themes that have emerged from an examination of closed FTC data security investigations. For example, while news reports might call attention to a data breach, they might not focus on the fact that the company that suffered the breach had encrypted the data, which substantially reduces the risk of consumer injury (and legal liability). Another lesson gleaned is that security researchers’ valuable work can alert us to new vulnerabilities, but sometimes the risk of a vulnerability being exploited to cause consumer injury is more theoretical than likely. Another key lesson is that in almost every closed case, the entities involved used the same common-sense security fundamentals outlined in the FTC’s Start with Security guide for businesses.

If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

Attorney Franklin Presents at Pennsylvania Bar Association Conference

 

PBA ConferencePrince Law Offices, P.C. Attorney Jeffrey A. Franklin was pleased to present two sessions at the Annual Pennsylvania Bar Association Solo and Small Practice Conference at Bedford Springs this week. Attorney Franklin spoke regarding Title 15 (new Pennsylvania business entity law Act 170) and Virtual Practice technology issues.

Mr. Franklin assists entrepreneurs to form new business entities, to improve existing businesses, and with mergers and acquisitions.  If you desire assistance regarding your business formation, agreements, intellectual property, trademarks, copyright, zoning, real estate law, cyber security, insurance, etc., contact attorney Jeffrey A. Franklin at Prince Law Offices, P.C.

1 Comment

Filed under Business Law, Computer Law, Real Estate, Trademark and Copyright