When Bad Guys Attack Small to Mid-Sized Businesses: 20 Data Protection Tips

Ruth Binger

By Ruth Binger



A cyber incident will happen to your company. It is not a matter of if, but when. Small businesses make an appealing target because hackers know they don’t spend as much on security as larger businesses and are not as careful.

According to a Towergate Insurance study, 82 percent of small business owners claim that they are not targets for attack because there is nothing worth stealing. However, employee personal data and health information and customer data are always worth stealing. Symantec reports that 43 percent of cyber-attacks worldwide in 2016 were against small businesses with less than 250 workers. In fact, cyber crooks try to rob bank accounts via wire transfers, steal customers’ personal identify information, file fraudulent tax returns, commit Medicare fraud, etc.

IBM estimates that nearly two-thirds of all cyber-attacks hit small to mid-sized businesses. More disturbing, the U.S. National Cyber Security Alliance estimates that about 60 percent of those hit are forced to close six months after an attack. A 2016 Poneman Institute Breach Report advises that the average price a small business has to pay after a cyber attack is about $690,000.

According to the 2017 Verizon Data Breach Investigations Report:

  • 75 percent of the breaches were perpetrated by outsiders (with 51 percent involving organized criminal groups) and the remaining involved internal actors.
  • 62 percent of the breaches involved hacking
  • 81 percent of breaches involving hacking leveraged stolen and/or weak passwords
  • Not surprising, malware installed via malicious email attachments was present in 50 percent of the breaches involving hacking
  • The victims of data breaches are:
    • Financial organizations (24 percent)
    • Health care organizations (15 percent)
    • Public sector entities (12 percent)
    • Retail and accommodations (15 percent)
  • One in 14 users are tricked into following a link or opening an attachment with 25 percent of the users making the same mistake twice

It’s all about the money: Perpetrators of data breaches steal and exploit sensitive data for financial gain. They are opportunistic, using phishing to poke for weak points to use as entry points. Phishing, the most common tool, involves collecting sensitive information like login credentials and credit card information through legitimate-looking but fraudulent websites. Ninety-five percent of phishing attacks led to a breach that was followed by the installation of some sort of malicious software (malware).

Small to mid-sized businesses can take preventive steps to minimize damage. Here are 20 tactics to employ to protect your data. Continue reading »

Best Practices for Avoiding Misleading Browsewrap and Clickwrap Agreements in Cyberspace

Ruth Binger

By Ruth Binger



Visiting a website and merely viewing its contents can bind you to an internet “Terms and Conditions” or “Terms of Use” (“browsewrap” or “clickwrap”) contract.

Website owners, as technology providers, have a dilemma as they wish to facilitate business in the most efficient way. Maintaining the integrity of their software by controlling the scope of the limited software license they are offering is essential to protecting their copyrighted technology.

Given website owners are offering their services to the world, a pressing concern is a disgruntled website user who sues via a class action in the user’s home state. The issue for the courts is how many dispute resolution pre-existing legal rights a website owner can remove through its browsewrap contract, often called “Terms and Conditions,” if the website user receives little to no notice of its existence or has no knowledge that such a notice refers to a binding contract.

If you look carefully at a website you frequently use, you are likely to see various notices in capital letters in highlighted colors referencing that your use of the website is an automatic agreement to the website policies of privacy and terms and conditions. You may not know that this means you are binding yourself to a contract. If you do click on that bothersome notice link, you will most likely notice a nonnegotiable contract that contains a choice of law, agreement to arbitrate, and/or class action waiver. Given the limited attention span of a website user, most users will not click on the link. This is especially true if the website owner has buried the notice at the very end of the page, made it as inconspicuous as possible, and does not require any action to proceed with using the website. Continue reading »

Effect of 2015 SCOTUS Same-Sex Marriage Decision on Employment Practices

Ruth Binger

By Ruth Binger



The U.S. Supreme Court held in Obergefell v. Hodges that there is a constitutional right to marry and that the 14th Amendment’s Due Process and Equal Protection clauses require states to allow same-sex marriages and to recognize same-sex marriages lawfully performed in other states.

The Obergefell decision is not an employment decision. However, the Equal Protection language in the opinion will require companies to make some changes to their employment practices, training, manuals, forms, beneficiary designations, and other personnel policies going forward.

Obergefell followed the Supreme Court’s decision in United States v. Windsor which held that the federal government’s interpretation of “marriage” and “spouse” must apply to both opposite sex and same-sex unions. Windsor made employee benefits like the Family Medical and Leave Act (“FMLA”), COBRA, and the Employee Retirement Income Security Act (“ERISA”) available to all same-sex spouses of federal employees.

What Does Obergefell Mean To Employers? Continue reading »

Exempt Employees, Overtime, and the Proposed DOL Rule for 2016

Ruth Binger

By Ruth Binger



The labor landscape has changed and it will continue to change. The average worker has become increasingly responsible for the more traditional aspects of the employment relationship including health insurance, pension, and job security. There also has been a substantial increase in the numbers of part-time workers, workers/employees classified as exempt from overtime premium pay, and workers misclassified as independent contractors. Commentary and theory abounds as to the reason for the loss of full-time jobs, much less middle class jobs, including outsourcing, computers/software, Affordable Care Act, robots, automation, high taxes, globalization, etc.

Suffice it to say, a legal backlash is building against this new terrain. Proposed restrictive legislation, administrative rule-making, and recent court cases show evidence of a concerted attempt to re-create or retrieve the job security and wages and benefits of days gone by.

Most recently, the U.S. Department of Labor (“DOL”), in a long-awaited announcement on June 30, 2015, proposed a new rule that will decrease the ability of companies to classify their employees as exempt from premium overtime wages under the Fair Labor Standards Act (“FLSA”).

Backdrop – Increase in Part-time Workers

This legal backlash is due, in part, to other recent and dramatic changes in the number of part-time workers:

  • Since 2007, the number of “involuntary” part-time workers has doubled.
  • Employers are increasingly using software tools such as the use of just-in-time scheduling software. Estimates are that 17 percent of the work force is now employed by companies that use just-in-time scheduling software. Employees accordingly work fluctuating work weeks with uncertain schedules.
  • Another contributing factor is business practices, such as the use of “call in shifts” where the employer does not confirm need for services until two hours before start time.

In response, a host of bills are being introduced in many states and municipalities to legislate predictable scheduling.

Backdrop – Misclassification

Likewise, misclassification of workers has also increased. Companies are attempting to shift work from employees to independent contractors, especially in the construction, transportation, and cab industries using a variety of strategies. Continue reading »

Protecting Your Intellectual Property in a Wild World

Ruth Binger

By Ruth Binger



Your company is an “A” player and it has done everything right in the U.S. in protecting its intellectual property (“IP”). You have not just relied upon a “smile.” You’ve invented a unique product called Superstar® widget and it is not yet offered by your competitors. Vast amount of resources have been poured into the development of the Superstar widget. Prior to introducing the Superstar widget, you used due diligence and used the IP Awareness Assessment Tool on the U.S. Patent and Trademark Office website to identify what IP you have, if it has value, and if it can be protected under U.S. law.

Upon identifying your IP, the company retained capable attorneys who were successful in obtaining U.S. trademark registrations on the corporate name, non-functional design, and logo so customers could more easily identify the Superstar widget and its association with the company. Superstar widget packaging correctly evidences all registered trademarks.

You made a wise expenditure on patents and the company has received patents on the Superstar widget process. Further, copyright registrations with the U.S. Copyright Office have been obtained on your website, web video, and associated software and you are giving notice to the world of your ownership by using the appropriate symbol of “©2012 Company.” Continue reading »

Unemployment Insurance in Missouri: Should Employers Respond to Claim Notices?

Ruth Binger

By Ruth Binger



New regulations require Missouri employers to respond timely to information requests regarding unemployment insurance compensation. The federal Trade Adjustment Assistance Extension Act (“TAAEA” or the “Act”) of 2011 requires, among other things, that states increase employers’ duties regarding unemployment compensation claims. Specifically, the Act provides that states must require employers to respond timely and adequately to Claim Notices, information requests from state agencies relating to unemployment benefit compensation claims. It also requires states to charge the unemployment accounts of employers that repeatedly fail to respond to Claim Notices for unemployment benefits paid to ineligible former employees.

In Missouri, an employee that satisfies all the unemployment insurance benefit eligibility requirements may still be disqualified from receiving benefits for voluntarily quitting without good cause or for being discharged for work misconduct. Once a terminated employee files a claim for unemployment benefits, the Missouri Division of Employment Security (“DES”) mails the former employer a Claim Notice, which requires a response within 10 days. The Claim Notice permits the employer to protest an unemployment benefits claim because the former employee quit voluntarily or was discharged for misconduct. If the claim is not in dispute, the employer must still respond to acknowledge the claim.

Some employers routinely fail to respond to Claim Notices. They may systematically choose not to respond to Claim Notices to avoid becoming involved in a former employee’s benefits appeal. Continue reading »

Considerations for Buyer Enforcement of Non-competes in the Purchase of a Business

Ruth Binger

By Ruth Binger



You are a business owner whose company is buying the assets of a Missouri business with locations in both Missouri and Illinois.  Your company intends to hire the seller’s employees. It is your understanding that those employees have signed restrictive covenants/non-competes with the seller (“Seller Agreements”).  You have instructed your attorney to advise you on how to protect your company against the seller’s current highly trained employees walking out the door with the customer relationships, trade secrets, and confidential information you are purchasing.  For administrative purposes, to the extent possible, you would like to use one strategy with both the Missouri and Illinois employees.

Here’s a look at some of the complexities of personal service contracts and non-competes you will want to consider.

Restrictive Covenants and Non-compete Agreements

The phrases “restrictive covenants” and “non-compete agreements” are used interchangeably by the public.  More confusingly, the term “non-compete” is often used to describe three different types of covenants or promises: time and space clause, non-solicitation clause and anti-raiding clause.

The most restrictive non-competition covenant is a promise by the employee not to engage in the same type of business for a stated time in the same geographical market as the employer (“time and space clause”).

More common is a non-solicitation clause, where the employee is allowed to engage in the same type of business in the same geographical area but is prohibited from soliciting the employer’s customers for a stated period of time. Continue reading »

U.S. Supreme Court Backs Resellers in Physical Goods Copyright Case

Ruth Binger

By Ruth Binger



Suppose you plan to buy a large supply of Disney books from an overstocked Barnes & Noble retailer in Taiwan, and then offer your employees the opportunity to purchase the books at a deep discount as gifts for Christmas.  You reason that if the employees don’t buy up all of the books, you can always sell the remainder to a discount book chain or on the Internet.

You are approached by the human resources department manager and advised that Disney is very litigious about protecting its copyrights. Because your company is not an authorized seller for Disney products, the manager fears losing an infringement lawsuit.

Fortunately, your legal counsel is familiar with this issue. Upon learning that you intend to make the initial purchase from an authorized Disney retailer in Taiwan, counsel advises that your company is protected by the “First Sale” Doctrine of the Copyright Act.

And the U.S. Supreme Court agrees. In Kirtsaeng v. John Wiley & Sons, the Court held that a legally obtained copyrighted work can be imported into the U.S. and resold without permission from the copyright owner even if it was manufactured and sold overseas. The ruling applies to sale of physical, tangible works and not digital works that are licensed and not easily resold because of license agreements. The Court explained that in a complex and interconnected world, buyers, sellers, and retailers should be able to import and sell products without having to search out the copyright owner to determine if the U.S. copyright owner approves of the sale.

The facts are simple.  Kirtsaeng, a Thailand citizen, moved to the U.S. to study mathematics at Cornell University, and entered a Ph.D. program in mathematics at the University of Southern California. Continue reading »

Common Sense Road Map to Employee Discipline and Termination

Ruth Binger

By Ruth Binger



Owners and managers frequently face the difficult process of terminating an employee for a reason other than lack of work. The reasons are many and varied, ranging from being placed in the “wrong seat on the bus” to poor cultural fit to “good cause” reasons, such as performance or behavior. Although employment at will is the rule of law, laws exist that undercut the employer’s absolute power to terminate for any reason whatsoever. Many of these laws are just plain common sense and can be compared to administering discipline with your own children.

Decisions made in haste or poorly executed have a very long damage tail including lawsuits, reduced morale, and loss of business momentum. By looking through the lens of both human nature and law, managers and owners can learn to make and execute decisions that are generally defensible both inside and outside the company culture. Knowing what could be coming and where it’s coming from will create a wiser decision process, a more legally defensible position, and buy-in from your watchful employees.

Practicing the following 10 rules will put you on a road map of common sense when dealing with issues related to employee discipline or termination:

  1. Investigate. Investigating the facts protects the integrity of the process and lessens the ability of an employee to establish an unlawful motive. Poking in the weeds also provides feedback to you on what is working, what is not working, and what should be changed. Look for facts – not hearsay and speculation. Determining credibility is your job. Companies are human collaborative efforts containing many actors with varying motives and agendas that can be constructive, bad, opportunistic or even crooked. Consider plausibility, demeanor, motive to lie, corroboration, and past record when making judgment calls.
  2. Interview witnesses and the employee in question. Ask the employee in question to explain what happened in front of two management witnesses. Write down exactly what the employee states and ask him/her to sign it.  Ask the employee for objective facts or witnesses to support his/her position. Your aim is to pin down the employee to “one recollection.” Interview complainants and witnesses by asking who, what, where, when and how questions. Let them know that you will try to keep the investigation as confidential as possible under the circumstances and in compliance with the law. This arduous process prevents tears at the fabric of your culture. Continue reading »

Social Media: Six Ways to Protect Today’s You and Tomorrow’s You

Ruth Binger

By Ruth Binger



Thanks to an exponential growth rate in technology, the Internet has changed the world and how we communicate with each other.  In 1995, 16 million people used the Internet.  Last year, 2 billion people used the Internet and in 2020 it is predicted that the number will be over 5 billion.

Google, a 12-year-old company, has certainly fueled this growth.  Social media platforms have also supercharged Internet usage.  Facebook claims to have over 800 million active subscribers, LinkedIn claims 85 million subscribers and YouTube has over 100 million videos online.

However, the way we relate to and judge each other, whether it is for employment, relationships, or credit history, has not changed.  We are all trying to predict each other’s future behavior for the relationship(s) and transactions we seek.

Facebook purports to be worth $104 billion with its purchase of Instagram.  Why is it worth so much?  Because companies are spending over $2 billion per year to collect information from social media outlets about what we as consumers want.  Our behavior and our opinions can be measured in fine detail as we post and that behavior can be monetized.  For example, it is estimated that your personal/buying information is worth $50 to $500 to Google, depending upon how much you spend.  On Twitter, each of your followers, assuming you have a large following, could be worth as much as $2.50 each per month.  In short, personal data greases the Internet.  The data we share (names, addresses, pictures, precise locations, and links) helps companies target advertising based not only on demographic but also on personal opinion and desires.

What does all of this information mean to you as an individual? Technology rules will continue to change, so you need to be vigilant. It is important for you to keep up with the positives and negatives of the rapidly changing technology. Right now, social media is at its height but it is designed for websites. That is predicted to change as the world moves to smartphones.  Nearly $1 million worth of features come with any smartphone and there are a billion smartphones in the world.  Within the next decade, 6 billion people will have a constant connection to the Internet.  This explains why Facebook recently bought Instagram, a mobile app company, for $1 billion. Facebook wants to conquer the smartphone market and not be left behind.  Continue reading »

Skip to content