Category Archives: Communications Law

Stick with Security – Part 1

stick_with_security_1When it comes to data security, what’s reasonable will depend on the size and nature of your business and the kind of data you deal with. But certain principles apply across the board: Don’t collect sensitive information you don’t need. Protect the information you maintain. And train your staff to carry out your policies.

The FTC’s Start with Security initiative was built on those fundamentals. Some helpful tips follow.

DON’T COLLECT PERSONAL INFORMATION YOU DON’T NEED.

It’s a simple proposition: If you don’t ask for sensitive data in the first place, you won’t have to take steps to protect it. Of course, there will be data you must maintain, but the old habit of collecting confidential information “just because” doesn’t hold water in the cyber era. Continue reading

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

Stick with Security: FTC Providing Insights on Data Security Practices

ftc_logo_430As part of its ongoing efforts to help businesses ensure they are taking reasonable steps to protect and secure consumer data, the Federal Trade Commission (FTC) is publishing a series of blog posts using hypothetical examples based on lessons from closed investigations, FTC law enforcement actions, and questions from businesses. These new posts will build on the FTC’s Start with Security guide for businesses.

FTC Acting Chairman Maureen K. Ohlhausen pledged earlier this year to be more transparent about the lessons learned from the FTC’s closed data security investigations and to provide additional information for businesses about practices that contribute to reasonable data security, culminating in this “Stick with Security” Initiative.

In the first blog post published July 21, 2017, the FTC highlights some of the themes that have emerged from an examination of closed FTC data security investigations. For example, while news reports might call attention to a data breach, they might not focus on the fact that the company that suffered the breach had encrypted the data, which substantially reduces the risk of consumer injury (and legal liability). Another lesson gleaned is that security researchers’ valuable work can alert us to new vulnerabilities, but sometimes the risk of a vulnerability being exploited to cause consumer injury is more theoretical than likely. Another key lesson is that in almost every closed case, the entities involved used the same common-sense security fundamentals outlined in the FTC’s Start with Security guide for businesses.

If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

FTC Cybersecurity Roundtables with Small Businesses

The Federal Trade Commission (FTC) is hosting small business owners in a series of public roundtables across the United States to discuss the most pressing challenges small businesses face in protecting the security of their computers and networks.

Engage, connect, protect - small business & data security roundtablesThe Engage, Connect, and Protect Initiative: Small Business and Data Security Roundtables are part of an ongoing initiative by Acting FTC Chairman Maureen K. Ohlhausen aimed at helping small businesses, which included the launch of a new website in May focused on helping small business owners avoid scams and protect their computers and networks from cyberattacks. There are more than 28 million small businesses nationwide, employing nearly 57 million people, according to the Small Business Administration (SBA).

“The FTC has been a leader in guiding businesses of all sizes on how to protect the data in their care,” Acting Chairman Ohlhausen said. “Companies with only a few employees face unique challenges when it comes to cybersecurity. We’ll use what we learn in the roundtables to tailor our practical resource materials for small businesses.”

The first roundtable event will take place July 25 in Portland, Oregon, in partnership with the National Cyber Security Alliance (NCSA), the SBA, and other organizations. This event will be followed by a roundtable discussion in Cleveland, Ohio, on September 6, hosted by the FTC and the Council of Smaller Enterprises and in collaboration with the SBA. Another roundtable event will take place later in September in Des Moines, Iowa, sponsored by the NCSA.

The roundtables will bring together FTC staff along with the SBA and other federal partners, industry associations, and the small business community. The comments and feedback generated by the roundtables will be used to help the FTC and its partners provide additional education and guidance for small business owners on cybersecurity issues.

If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy, Energy Law

Central PA Residents & Businesses Switching to 10-Digit Dialing in ‘717’ Area Code in August

puc_sealThe Pennsylvania Public Utility Commission (PUC) today reminded residents and businesses across Central Pennsylvania served by the 717 area code of the upcoming switch to 10-digit dialing for all local calls – in preparation for the activation of a new “overlay” area code, which will serve the entire region.

According to the implementation schedule for the “223” overlay area code, mandatory 10-digit dialing for all local calls will begin on Aug. 26, 2017. Starting on that date, if callers only dial a seven-digit number, they will reach a recorded announcement instructing them to hang up and redial the number using the area code plus the seven-digit number.

For the past several months, telephone callers in the 16-county 717 service area have been encouraged to voluntarily use 10-digit dialing (717 + the full local telephone number). The new 223 overlay area was approved based on forecasts that the remaining supply of available telephone numbers in the 717 area code was close to exhaustion.

According to Neustar, Inc., the neutral third party area code relief planner for Pennsylvania, the dialing plan for the 717/223 area code is as follows:

  • Local & Toll calls from the 717/223 area to other numbers inside the 717/223 area:
    Dial 10-digits (717 or 223 + XXX-XXXX)
  • Local & Toll Calls from the 717/223 area to numbers in another area code:
    Dial 1 + 10-Digits (1 + XXX-XXX-XXXX)
  • Operator Services (Credit card, collect, third party):
    Dial 0 + 10-digit (0 + XXX-XXX-XXXX)

The PUC’s Order approving the overlay plan specifies that any new numbers for the 223 overlay area code shall not be released until Sept. 26, 2017, and that requests for numbers in the 717 area code will continue to be honored as long as resources are available.

To learn how Prince Law Offices, P.C. can assist you or your business with telecommunications law and PUC matters, contact attorney Jeffrey A. Franklin at Prince Law Offices, P.C.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy, Energy Law

Someone Stole your Phone?

Identity theft can happen to anyone. Last week the Federal Trade Commission (FTC) published an article based on a true story from one if its fraud investigators who had her phone stolen.

She provided tips you can take to protect your digital identity:

Smart Phone:

  • Lock your phone. Use at least a 6-digit passcode on your device, or use the pattern lock or fingerprint scanner. Set the device to lock when not in use. This is especially important if you use a mobile wallet or money transfer apps.
  • Update it and back it up. Back up your device regularly and make sure automatic updates are turned on. Backing up your phone regularly and automatically makes sure that you’ll still have your stuff – if it disappears.
  • Get help finding your phone. Install and turn on Find My iPhone (iOS) or Find My Device (Android). These apps could help you locate your device if you lose it. If your phone is stolen, these apps also let you remotely issue a command to erase your device .
  • Alert your wireless provider if your phone is missing. Make the call as soon as you know your device is missing after you have used the Find My Phone/Device feature. They can permanently or temporarily disable the SIM card to stop someone from using the device on the cell network.

Accounts:

  • Turn on two-factor authentication. That means you’ll give your password and a second way to prove that you’re you. This extra layer of security makes it much harder for thieves to get into your accounts and lock you out. Many providers give several options to authenticate your identity, so be sure you have a backup method (like one-time use codes or a backup email address) in case you don’t have access to your device to receive texts or phone calls.
  • Know which devices have access to your accounts. Many social media sites and email providers, and some phone operating systems, let you view the logins for your devices from the settings menu. You can remove devices from the account, and log out of the site remotely using a computer or another device. That’s handy if ever you lose your phone, tablet, or laptop.
  • Check your log-in and account notifications. Many email and social media accounts can notify you if a new device connects to your account, or if someone tried to change your passwords.
  • When in doubt, change your passwords. If you’ve lost your device, change your passwords. Many of us set our devices to remember passwords – which could mean that someone who gets your phone could get access to your accounts and personal information. So: if you lose your phone, change your email, social media, online banking, shopping, and other passwords right away.

For more tips on what to do to protect yourself from identity thieves, check out ftc.gov/idtheft.

Need further help?  If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

Is Computer Tech Support Really Calling to Help You?

Does the thought of losing everything on your computer leave you queasy? That’s the anxiety fraudsters attempt to exploit with tech support scams – and it’s conduct the Federal Trade Commission (FTC) and law enforcement partners are challenging through 16 civil and criminal (yes, criminal) actions announced as part of Operation Tech Trap.

Tech support scammers’ modus operandi is to run ads that resemble pop-up security alerts from Microsoft, Apple, or other companies. Consumers are warned that their computers are infected with viruses or are under hack attack. Some pop-ups even feature a countdown clock, supposedly showing the time remaining before the hard drive will be fried – unless the consumer calls a toll-free number supposedly affiliated with one of those big-name companies.

Once operators have consumers on the phone, the real theatrics begin. Operators claim to need remote access to consumers’ computers so they can run “diagnostic tests.” Those tests purport to reveal grave problems that can only be solved by one of their “certified technicians” – for a hefty fee, of course. Companies use high-pressure tactics to strong-arm consumers into paying hundreds of dollars for unnecessary repairs, anti-virus protection or software, and other products and services. (Here’s an example of a pitch in action from the FTC.)

 

In settling a case against Click4Support LLC and others, the FTC and AGs from Connecticut and Pennsylvania announced that the defendants are banned from marketing technical support services, will pay a total of more than $554,000, and will forfeit an additional $1.3 million held by the court-appointed receiver. A federal judge in Philadelphia also entered a $27 million default judgment against a related party.

But that’s not all. There have been several other similar cases brought by the FTC.

How does this boil down for you or your business?

  • Consumers get caught in tech support scammers’ web, but so do small businesses and people who work from home. The FTC has updated its advice on what you can do to protect yourself. Also, the FTC will be hosting a roundtable this summer for law enforcement agencies leading the charge against this kind of fraud and for businesses affected by tech support scams, including companies whose names have been misused by con artists. Looking for tips on spotting other B2B scams? The FTC’s new Protecting Small Businesses site is designed with you in mind.
  • People who participate in tech support scams aren’t just risking their assets and future livelihoods. They could face criminal prosecution.

If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, including assistance with policies, prevention or recovery from a ransomware attack and cybersecurity insurance or insurance claims, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

Cybersecurity Strengthened with Executive Order

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTUREwh_logo_seal

President Donald Trump on May 11, 2017 signed an executive order (EO) on cybersecurity that requires agency heads to enhance the security of their networks, systems, and data, as well as requires their adoption of the National Institute of Standards and Technology’s (NIST) cybersecurity risk framework of best security practices.

The EO has been in the works for a while and revised a few times.  Among the key elements is a call for modernizing and consolidating government network technologies and infrastructures; a report on the technology supply chain risks to the US Department of Defense; support for security of critical infrastructure; an assessment of cyberattack and disruption of the nation’s power grid; and a call for skilled cybersecurity talent.

“Effective immediately, each agency head shall use The Framework for Improving Critical Infrastructure Cybersecurity (the Framework) developed by the National Institute of Standards and Technology, or any successor document, to manage the agency’s cybersecurity risk.  Each agency head shall provide a risk management report to the Secretary of Homeland Security and the Director of the Office of Management and Budget (OMB) within 90 days of the date of this order,” according to the EO.

If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, including assistance with policies, prevention or recovery from a ransomware attack and cybersecurity insurance or insurance claims, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy, Energy Law