Tag Archives: FTC

FTC Cybersecurity Roundtables with Small Businesses

The Federal Trade Commission (FTC) is hosting small business owners in a series of public roundtables across the United States to discuss the most pressing challenges small businesses face in protecting the security of their computers and networks.

Engage, connect, protect - small business & data security roundtablesThe Engage, Connect, and Protect Initiative: Small Business and Data Security Roundtables are part of an ongoing initiative by Acting FTC Chairman Maureen K. Ohlhausen aimed at helping small businesses, which included the launch of a new website in May focused on helping small business owners avoid scams and protect their computers and networks from cyberattacks. There are more than 28 million small businesses nationwide, employing nearly 57 million people, according to the Small Business Administration (SBA).

“The FTC has been a leader in guiding businesses of all sizes on how to protect the data in their care,” Acting Chairman Ohlhausen said. “Companies with only a few employees face unique challenges when it comes to cybersecurity. We’ll use what we learn in the roundtables to tailor our practical resource materials for small businesses.”

The first roundtable event will take place July 25 in Portland, Oregon, in partnership with the National Cyber Security Alliance (NCSA), the SBA, and other organizations. This event will be followed by a roundtable discussion in Cleveland, Ohio, on September 6, hosted by the FTC and the Council of Smaller Enterprises and in collaboration with the SBA. Another roundtable event will take place later in September in Des Moines, Iowa, sponsored by the NCSA.

The roundtables will bring together FTC staff along with the SBA and other federal partners, industry associations, and the small business community. The comments and feedback generated by the roundtables will be used to help the FTC and its partners provide additional education and guidance for small business owners on cybersecurity issues.

If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy, Energy Law

Is the USPTO really contacting your company? Maybe not.

ftc_logo_430If your business has taken steps to protect your intellectual property with patents or trademarks, you’ve probably had correspondence or communications with the U.S. Patent and Trademark Office (USPTO). But some businesses report receiving letters or emails that look to be from the USPTO, but really aren’t.

Prince Law Offices, P.C., the Federal Trade Commission (FTC) and the USPTO want you to know there are companies that contact patent and trademark holders asking for fees for “services” like renewing your trademark registration, signing you up for trademark monitoring services, recording your trademarks with government agencies, or listing them on a private “registry.” The names, emblems, and wording may seem official and the correspondence may even include USPTO application serial numbers, filing dates, or other publicly-available information. But the solicitations aren’t from the USPTO and some may offer services that are overpriced, unnecessary, or downright deceptive. Patent or trademark holders have paid companies hundreds or even thousands of dollars, mistakenly thinking they were paying fees to the USPTO – or paying fees the USPTO requires – to maintain and protect their patents and trademarks.

Our advice and that of the FTC to businesses: Read any notice about your patents or trademarks very carefully. Official mail from the USPTO will come from the “United States Patent and Trademark Office” in Alexandria, VA. If it comes via e-mail, the domain will be “@uspto.gov.”

The USPTO has more information about commercial solicitations that resemble official USPTO communications including a local example Patent & Trademark Bureau (Philadelphia, PA).

If you receive questionable patent- or trademark-related correspondence, report it to the FTC and email the USPTO at TMFeedback@USPTO.gov.

Prince Law Offices, P.C. clients that have completed trademark registrations with us often contact us when they receive such suspicious documents.  Desire more specific assistance regarding your business formation, agreements, intellectual property, trademarks, copyright, zoning, real estate law, cyber security, insurance, etc., contact attorney Jeffrey A. Franklin at Prince Law Offices, P.C.

Leave a comment

Filed under Business Law, Computer Law, Consumer Advocacy, Trademark and Copyright

Someone Stole your Phone?

Identity theft can happen to anyone. Last week the Federal Trade Commission (FTC) published an article based on a true story from one if its fraud investigators who had her phone stolen.

She provided tips you can take to protect your digital identity:

Smart Phone:

  • Lock your phone. Use at least a 6-digit passcode on your device, or use the pattern lock or fingerprint scanner. Set the device to lock when not in use. This is especially important if you use a mobile wallet or money transfer apps.
  • Update it and back it up. Back up your device regularly and make sure automatic updates are turned on. Backing up your phone regularly and automatically makes sure that you’ll still have your stuff – if it disappears.
  • Get help finding your phone. Install and turn on Find My iPhone (iOS) or Find My Device (Android). These apps could help you locate your device if you lose it. If your phone is stolen, these apps also let you remotely issue a command to erase your device .
  • Alert your wireless provider if your phone is missing. Make the call as soon as you know your device is missing after you have used the Find My Phone/Device feature. They can permanently or temporarily disable the SIM card to stop someone from using the device on the cell network.

Accounts:

  • Turn on two-factor authentication. That means you’ll give your password and a second way to prove that you’re you. This extra layer of security makes it much harder for thieves to get into your accounts and lock you out. Many providers give several options to authenticate your identity, so be sure you have a backup method (like one-time use codes or a backup email address) in case you don’t have access to your device to receive texts or phone calls.
  • Know which devices have access to your accounts. Many social media sites and email providers, and some phone operating systems, let you view the logins for your devices from the settings menu. You can remove devices from the account, and log out of the site remotely using a computer or another device. That’s handy if ever you lose your phone, tablet, or laptop.
  • Check your log-in and account notifications. Many email and social media accounts can notify you if a new device connects to your account, or if someone tried to change your passwords.
  • When in doubt, change your passwords. If you’ve lost your device, change your passwords. Many of us set our devices to remember passwords – which could mean that someone who gets your phone could get access to your accounts and personal information. So: if you lose your phone, change your email, social media, online banking, shopping, and other passwords right away.

For more tips on what to do to protect yourself from identity thieves, check out ftc.gov/idtheft.

Need further help?  If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

Is Computer Tech Support Really Calling to Help You?

Does the thought of losing everything on your computer leave you queasy? That’s the anxiety fraudsters attempt to exploit with tech support scams – and it’s conduct the Federal Trade Commission (FTC) and law enforcement partners are challenging through 16 civil and criminal (yes, criminal) actions announced as part of Operation Tech Trap.

Tech support scammers’ modus operandi is to run ads that resemble pop-up security alerts from Microsoft, Apple, or other companies. Consumers are warned that their computers are infected with viruses or are under hack attack. Some pop-ups even feature a countdown clock, supposedly showing the time remaining before the hard drive will be fried – unless the consumer calls a toll-free number supposedly affiliated with one of those big-name companies.

Once operators have consumers on the phone, the real theatrics begin. Operators claim to need remote access to consumers’ computers so they can run “diagnostic tests.” Those tests purport to reveal grave problems that can only be solved by one of their “certified technicians” – for a hefty fee, of course. Companies use high-pressure tactics to strong-arm consumers into paying hundreds of dollars for unnecessary repairs, anti-virus protection or software, and other products and services. (Here’s an example of a pitch in action from the FTC.)

 

In settling a case against Click4Support LLC and others, the FTC and AGs from Connecticut and Pennsylvania announced that the defendants are banned from marketing technical support services, will pay a total of more than $554,000, and will forfeit an additional $1.3 million held by the court-appointed receiver. A federal judge in Philadelphia also entered a $27 million default judgment against a related party.

But that’s not all. There have been several other similar cases brought by the FTC.

How does this boil down for you or your business?

  • Consumers get caught in tech support scammers’ web, but so do small businesses and people who work from home. The FTC has updated its advice on what you can do to protect yourself. Also, the FTC will be hosting a roundtable this summer for law enforcement agencies leading the charge against this kind of fraud and for businesses affected by tech support scams, including companies whose names have been misused by con artists. Looking for tips on spotting other B2B scams? The FTC’s new Protecting Small Businesses site is designed with you in mind.
  • People who participate in tech support scams aren’t just risking their assets and future livelihoods. They could face criminal prosecution.

If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, including assistance with policies, prevention or recovery from a ransomware attack and cybersecurity insurance or insurance claims, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

New FTC Website Helps Small Businesses Avoid Scams and Cyber Attacks

Attacks can be especially devastating to small businesses; FTC provides information on how businesses can protect themselvesftc

At the direction of Acting Chairman Maureen Ohlhausen, the Federal Trade Commission (FTC) has launched a new website – ftc.gov/SmallBusiness – with articles, videos, and other information aimed at helping small business owners avoid scams and protect their computers and networks from cyberattacks and other threats.

“Small businesses are critical to our economic strength, building America’s future, and helping the United States compete in today’s global marketplace,” Acting Chairman Ohlhausen said. “This innovative new website is a one-stop shop where small businesses can find information to protect themselves from scammers and hackers, as well as resources they can use if they are hit with a cyberattack.”

According to the U.S. Small Business Administration (SBA), there are more than 28 million small businesses nationwide, employing nearly 57 million people. Scammers frequently target small businesses with deceptive tactics designed to get them to pay for supplies they didn’t order, donate to fake charities or trick them into giving access to their network or downloading malware that can corrupt their business’s computers.

Cyberattacks can be particularly devastating to small businesses, and many of them lack the resources that larger companies have to devote to cybersecurity. Symantec Corp.’s 2016 Internet Security Threat Report indicates the percentage of spear-phishing attacks targeting small business rose dramatically from 18 percent to 43 percent between 2011 and 2015.

The FTC’s new web page offers specific information to help small businesses protect their networks and their customer data. This includes a new Small Business Computer Security Basics guide, which shares computer security basics to help companies protect their files and devices, train employees to think twice before sharing the business’s account information, and keep their wireless network protected, as well as how to respond to a data breach. It also has information on other cyber threats such as ransomware and phishing schemes targeting small businesses. The FTC is continuing to work with the SBA on additional ways to help small businesses.

If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, including assistance with policies, prevention or recovery from a ransomware attack and cybersecurity insurance or insurance claims, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy, News & Events

Protecting Personal Information: A Guide for Business

ftcThe Federal Trade Commission (FTC) has published an updated version of its Protecting Personal Information: A Guide for Business.

A sound data security plan is built on 5 key principles:

  1. TAKE STOCK. Know what personal information you have in your files and on your computers.
  2. SCALE DOWN. Keep only what you need for your business.
  3. LOCK IT. Protect the information that you keep.
  4. PITCH IT. Properly dispose of what you no longer need.
  5. PLAN AHEAD. Create a plan to respond to security incidents.

Most companies keep sensitive personal information in their files—names, Social Security numbers, credit card, or other account data—that identifies customers or employees.

This information often is necessary to fill orders, meet payroll, or perform other necessary business functions. However, if sensitive data falls into the wrong hands, it can lead to fraud, identity theft, or similar harms. Given the cost of a security breach—losing your customers’ trust and perhaps even defending yourself against a lawsuit—safeguarding personal information is just plain good business.

Some businesses may have the expertise in-house to implement an appropriate plan. Others may find it helpful to hire a contractor. Regardless of the size—or nature—of your business, the principles in this brochure will go a long way toward helping you keep data secure.

If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, including assistance with policies, prevention or recovery from a ransomware attack and cybersecurity insurance or insurance claims, contact attorney Jeffrey A. Franklin at Prince Law Offices.

1 Comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

FTC Charges D-Link Put Consumers’ Privacy at Risk Due to the Inadequate Security of Its Computer Routers and Cameras

Device-maker’s alleged failures to reasonably secure software created malware risks and other vulnerabilities

ftc

The Federal Trade Commission (FTC) filed a complaint today against Taiwan-based computer networking equipment manufacturer D-Link Corporation and its U.S. subsidiary, alleging that inadequate security measures taken by the company left its wireless routers and Internet cameras vulnerable to hackers and put U.S. consumers’ privacy at risk.

In a complaint filed in the Northern District of California, the FTC charged that D-Link failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras.

The complaint filed today is part of the FTC’s efforts to protect consumers’ privacy and security in the Internet of Things (IoT), which includes cases the agency has brought against ASUS, a computer hardware manufacturer, and TRENDnet, a marketer of video cameras.

“Hackers are increasingly targeting consumer routers and IP cameras — and the consequences for consumers can include device compromise and exposure of their sensitive personal information,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “When manufacturers tell consumers that their equipment is secure, it’s critical that they take the necessary steps to make sure that’s true.”

According to the FTC’s complaint, D-Link promoted the security of its routers on the company’s website, which included materials headlined “EASY TO SECURE” and “ADVANCED NETWORK SECURITY.” But despite the claims made by D-Link, the FTC alleged, the company failed to take steps to address well-known and easily preventable security flaws, such as:

  • “hard-coded” login credentials integrated into D-Link camera software — such as the username “guest” and the password “guest” — that could allow unauthorized access to the cameras’ live feed;
  • a software flaw known as “command injection” that could enable remote attackers to take control of consumers’ routers by sending them unauthorized commands over the Internet;
  • the mishandling of a private key code used to sign into D-Link software, such that it was openly available on a public website for six months; and
  • leaving users’ login credentials for D-Link’s mobile app unsecured in clear, readable text on their mobile devices, even though there is free software available to secure the information.

According to the complaint, hackers could exploit these vulnerabilities using any of several simple methods. For example, using a compromised router, an attacker could obtain consumers’ tax returns or other files stored on the router’s attached storage device. They could redirect a consumer to a fraudulent website, or use the router to attack other devices on the local network, such as computers, smartphones, IP cameras, or connected appliances.

The FTC alleges that by using a compromised camera, an attacker could monitor a consumer’s whereabouts in order to target them for theft or other crimes, or watch and record their personal activities and conversations.

These tips can help you secure your router:

  • Before you buy or replace a device, do research online. Use search engines to find reviews, but be skeptical about the source of the information. Is it from an impartial security expert, a consumer, or the company itself?
  • Download the latest security updates. To be secure and effective, update the software that comes with your device. Check the manufacturer’s website regularly for new software and updates.
  • Change your pre-set passwords. Change the device’s default password to something more complex and secure.

There are additional steps you can take to help keep your IP camera secure.

The FTC has provided guidance to IoT companies on how to preserve privacy and security in their products while still innovating and growing IoT technology.

The Commission vote authorizing the staff to file the complaint against D-Link Corporation and California-based D-Link Systems, Inc. was 2-1, with Commissioner Maureen K. Ohlhausen voting no. The complaint was filed in the U.S. District Court for the Northern District of California.

NOTE: The FTC files a complaint when it has “reason to believe” that the law has been or is being violated and it appears to the Commission that a proceeding is in the public interest. The case will be decided by a federal district court judge.

If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, including assistance with policies, prevention or recovery from a ransomware attack and cybersecurity insurance or insurance claims, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy