Hijacking on the Information Highway: Ransomware and How to Avoid it

Ransomeware scams have been around for several years.

However, they are on the rise.

Every business needs to train staff who have access to computers how to avoid this kind of scam. Ransomware is one of the many kinds of malware — that is, malicious code that can infect a computer.

Ransomware enters a network, computer, or other device in the same way as other malware. Usually, a user clicks something they shouldn’t —  like an icon, a link, or a file attachment in an email or text message. Increasingly, criminals are inserting malware links in social media posts as traps for the unwary.

Click and thieves are in the door.

Once ransomware finds its way into a device or network, the device will freeze or appear to crash. Initially, ransomware scams were perpetrated by cybergangs who encrypted the infected device. The only way for the victim to regain control was to pay the required ransom. Now, less skilled copycats generate a pop-up message on the infected device that says the device is frozen or encrypted, but the warning may be a ruse.

Some scammers generate a pop-up warning that purports to be from law enforcement. The warning states the victim has broken a law and that the agency has locked the victim’s device pending payment of a fine.

Other versions of the scam simply notify the victim that the device has been encrypted, and a ransom must be paid to regain control of the device. Either way, the criminal’s endgame is the same: to force the victim to pay to remove the malware. The size of the ransom plus the damage to a business if the situation lingers prompts most victims to pay up.

The FBI has just released a public warning that includes a helpful list of steps to take to avoid ransomeware scams. You can find the full press release here: https://www.fbi.gov/sanjuan/press-releases/2016/fbi-warns-the-public-about-ransomware-internet-scam.

In a nutshell, the FBI suggests:

  • Keep your data backed up, and store the backup file in a remote location.
  • In addition, we suggest using at least a two-step backup system. Use a backup service that stores a copy of your files in a remote location either in the cloud or in a remote server, and perform regular backups on a portable storage device such as an external hard drive. Keep the external hard drive in a safe place.
  • Update your settings to show hidden file extensions. The FBI warns that malware may contain double file extensions, e.g., *.pdf.exe.
  • Don’t open *.exe files attached to emails.
  • Use antivirus and firewall protection, keep it up-to-date, and make sure you install operating system updates and security patches as they become available.
  • Use strong passwords, and avoid using the same password for everything.
  • We suggest changing passwords regularly as well.
  • Use a pop-up blocker.
  • Download software only from trustworthy sources. Be especially careful when downloading freeware.
  • Don’t open attachments in unsolicited emails.
  • We suggest treating all unsolicited communications as if they are scams. In other words, if you did not initiate a conversation, be extra careful even if the communication purports to be from someone you trust. Scammers can hijack or spoof email addresses.

    When in doubt, contact the alleged sender. Don’t use contact information from an email, text, or pop-up message. Go to your contacts list, address book, or an official source such as an agency’s website to get the email address or telephone number. Ask whether they sent the suspicious message before opening anything attached to it.

Train your staff to use internet-connected devices safely. If you become a victim, report the crime at www.ic3.gov. Do not jump to pay a ransom. First, turn off file sharing. Then, check to see whether any of your files have been compromised by running your antivirus program. Remove any infected files, and restore them from your backup. This may resolve the problem. If not, contact an IT expert for assistance. 

The President’s Supreme Court Nominee: Chief Judge Merrick Garland What Would His Confirmation Mean for Small Employers?

Chief Judge Merrick Garland

In the wake of U.S. Supreme Court Justice Scalia’s death, there has been a lot of political hullabaloo about the confirmation process for Chief Justice Merrick Garland of the D.C. Circuit, President Obama’s nominee, to fill the position. However, little of the political maneuverings has anything to do with what is most important to small business owners: whether his judicial opinions have helped or harmed businesses.

Let’s take a look at a few opinions authored by Justice Merrick to see what we can glean.

First, there are several federal agencies that have regulatory power over American businesses including: the Department of Labor, the National Labor Relations Board, the Equal Employment Opportunity Commission, the Occupational Safety and Health Administration, the Internal Revenue Service, and the Federal Trade Commission. Justice Garland has a reputation for giving deference to agency determinations. Most of the time, agency contact with a business happens because the business has been accused of violating a rule, regulation, or statute.

When a business is appealing an adverse agency decision, Justice Garland appears to rule in favor of the agency more often than not.

Here is an example that explains why:

In a case involving the escape of a large amount of a corrosive and deadly chemical that sent 150 people to the hospital, the OSHA cited the business for multiple safety violations. The case went to a hearing in front of an administrative law judge who affirmed most of the violations. The company appealed to the D.C. Circuit, and in upholding the violations, Justice Garland wrote that the Court must uphold OSHA’s fact findings and conclusions so long as they are supported by substantial evidence and not arbitrary, capricious, abuse of discretion, or otherwise contrary to law.

This is simply a restatement of what the standard of review already is.

However, Justice Garland went on to quote a prior D.C. Circuit opinion stating, “We defer to [an agency’s] interpretation of the Act and regulations, upholding such interpretations so long as they are consistent with the statutory language and otherwise reasonable.”

The opinion goes on to painstakingly review OSHA’s fact findings. What this opinion tells me is that Justice Garland is not an activist judge. He follows historical precedents. Unfortunately, we are in an era when those precedents frequently favor employees over their employers.

This is not to say that Justice Garland hasn’t authored decisions favorable to businesses. He has.

When an employee wrongly tried to invoke protection of the Americans with Disabilities Act, Justice Garland sided with the employer. The employee asked for reduced work hours as a reasonable accommodation for arthritis. Days later, she fell and stopped working. For four months the employer asked for information about her health condition. She gave none, so the employer asked her to return to work. She didn’t. The employer terminated her. After that, she sent a doctor’s note saying she was totally disabled and could not work. She claimed the employer failed to give reasonable accommodation and retaliated against her. The trial court sided with the employer, and the employee appealed. Justice Garland wrote, “there can be no genuine dispute that [the employee] was not a qualified individual  . . .one who can, with or without reasonable accommodation, ‘eperform the essential functions’ of her position.”  Noting that an essential job function is the ability to appear for work, the Court found that the employee’s termination was legitimate, so there was no retaliation.

These are only two of the many legal opinions authored by Justice Garland.

However, they illustrate that he is a jurist that painstakingly reviews the facts of each case and who analyzes and complies with legal precedent. This is consistent with the observations of most commentators who have described Justice Garland as a moderate and as more conservative than President Obama’s previous nominees. What is apparent from the two cases described here is that Justice Garland appears to be neutral – neither pro-business nor anti-business.

Interestingly, Justice Garland’s father ran an advertising business out of the family home. Justice Garland describes it as the smallest of small businesses. He is known for being tough on crime and for having served as lead investigator and prosecutor of the Oklahoma City bombing case. Perhaps most importantly, Justice Garland has garnered praise from both sides of the aisle – Republicans and Democrats.

Regardless of the outcome, the path this nominee takes through the confirmation process will be interesting to watch.

Is an Employee Handbook a Contract?

 

employment-contract-300x200

Texas is an employment-at-will state. That means either party can end the employment relationship at any time without reason. In an employment-at-will state, the employer does not have to have good cause to fire an employee. However, an employee who is terminated without good cause related to the job may be eligible to collect unemployment benefits.

Like any legal concept, there are a few exceptions.

An employment contract that specifies the situations when the relationship can be terminated will form a contract that overrides employment-at-will. That is why it is important that an employee handbook not create a contractual relationship between the employer and the employee.

A well-crafted employee handbook is a valuable asset to your business. A handbook describes operating policies, employee benefits, and sets clear expectations for the employment relationship. A common practice is for employees to sign and agree to abide by the policies outlined in an employee handbook; however, careful wording is necessary to avoid creating an employment contract that would abridge the employer’s ability to terminate the relationship at will.

What turns a handbook into a contract?

An enforceable contract must contain a mutual agreement and consideration (benefit). To avoid turning an employee handbook into an employment contract, set expectations but avoid making promises, state clearly that either party can terminate the relationship without cause, make no promises of continued employment, and avoid creating inflexible discipline systems. Employers whose handbooks contained discipline systems that abrogate the right to terminate the employee at will have inadvertently created employment contracts.

The simplest way to avoid turning an employee handbook into a contract is to provide a disclaimer that acknowledges the handbook contains guidelines only, does not create a contract of employment, and that it is subject to change including revocation by the employer at any time. Including a disclaimer protects the employer from claims that an employee handbook creates an employment contract that modifies the at-will employment relationship.

Contract vs. Agreement

What’s the difference between a contract and agreement?

Non-Compete

Is there a difference?

We seem to use the words interchangeably. The word “agreement” is broader in scope. Like all horses are animals, but not all animals are not horses; all contracts are agreements, but not all agreements are contracts.

An agreement is simply a meeting of minds. The Merriam-Webster dictionary defines an agreement as the act of agreeing or an arrangement by which people agree about what is to be done.

Black’s Law Dictionary defines a contract as a deliberate agreement between two or more persons with lawful consideration.  

So, a contract is an agreement with consideration. Consideration is the thing bargained for in a contract. Consideration is usually in the form of a benefit to be conferred, such as money, or foregoing something, for example, agreeing not to do something. The most common form of contract is a sales contract. The seller gives up legal title to an item. In return, the buyer pays the seller money. Each party gives up something, and each gains something.

Whether you call it an agreement or a contract, make sure everyone involved agrees to every term and that everyone involved understands what they are agreeing to. The best way to achieve clarity is to write it down.

 

Writing it Down: 4 A Recipe for Writing Simple & Personal Agreements

Contract

My last post explored common problems with handshake agreements.

Now that you’re convinced to write stuff down, what do you write?

A contract is no good if it isn’t enforceable. To be enforceable, a contract must be made by people who are legally able to make a contract (generally, adults who understand what they are doing), must have a lawful purpose, and must have an offer, acceptance, and consideration.

An offer is exactly what it sounds like – a promise to do something if the other person will do something else. Acceptance means both parties agree to hold up their end of the bargain. Consideration is payment. Consideration can be money, a promise, an action.

The Texas Comptroller’s Office has a handout that describes the legal elements of a binding contract: 

http://comptroller.texas.gov/procurement/pub/contractguide/LegalElementsofaContract.pdf.

Continue reading

What’s the Deal with Open Carry?

Lots of people are asking about Texas’ new Open Carry law because it takes effect next week. Many people are wondering if Texas businesses have to allow customers to openly carry firearms on their premises starting January 1. The short answer is: No, if you notify customers not to carry handguns on the premises. Let’s take a look at Texas’ new open carry law.

The open carry law is HB 910; it goes into effect January 1, 2016.

 Read it in full here. 

Previously, eligible Texans could apply for a license to carry a concealed handgun. This has been changed to a license simply to carry a handgun. In other words, a handgun license allows the holder to carry a handgun openly or to conceal it. An openly carried handgun must be holstered. Note that the open carry law only covers handguns. The new law does not apply to shotguns, rifles, assault rifles, or other long guns. In fact, Texas law is silent about carrying long guns in public except for Penal Code section 42.01(a)(8) which makes it a crime to intentionally or knowingly display any firearm in a public place in a way that is calculated to cause alarm.

TexasOpenCarry_s878x554

Photo by: Eric Gay Scott Smith, a supporter of open carry gun laws, wears a pistol as he prepares for a rally at the Capitol on Jan. 26, 2015, in Austin, Texas. (Associated Press)

 

Businesses can prohibit both employees and customers from carrying handguns on their premises even if the person is licensed to carry a handgun. However, a business that wants to prohibit handguns must post a notice at every entrance. There are separate notices required to prohibit openly carried handguns and concealed handguns. The notices must be in 1 inch high block letters of contrasting colors in both English and Spanish. The contents of the notices are:

Pursuant to Section 30.06, Penal Code (trespass by license holder with a concealed handgun), a person licensed under Subchapter H, Chapter 411, Government Code (handgun licensing law), may not enter this property with a concealed handgun.

Conforme a la Sección 30.06, Código Penal (traspasar portando armas de fuego), una persona con licencia bajo el Subcapítulo H, Capítulo 411, Código de Gobierno (ley de licencias arma de fuego), no puede entrar en esta propiedad con una pistola oculta.

 

&

 

Pursuant to Section 30.07, Penal Code (trespass by license holder with an openly carried handgun), a person licensed under Subchapter H, Chapter 411, Government Code (handgun licensing law), may not enter this property with a handgun that is carried openly.

Conforme a la Sección 30.07, Código Penal (traspasar portando armas de fuego que se realiza abiertamente), una persona con licencia bajo el Subcapítulo H, Capítulo 411, Código de Gobierno (ley de licencias arma de fuego) no puede entrar en esta propiedad con un arma de fuego que se realiza abiertamente.

 

Many vendors sell notice signs that conform to the legal requirements. If a person carries a handgun into a business that has the notice sign posted, an employee or other authorized person should politely remind the handgun carrier that the business does not allow handguns and ask the carrier to remove the handgun from the building. Carrying a handgun on property where carrying is forbidden is a Class C misdemeanor – essentially the same as a traffic ticket. However, if a handgun carrier refuses to leave after being personally given oral or written notice of the prohibition, the offense is raised to a Class A misdemeanor. A person convicted of a Class A misdemeanor is subject to greater punishment than one who is convicted of a Class C misdemeanor.

Property owners can prohibit visitors from carrying long arms on their property by simply telling visitors that guns are not allowed on the property. No particular form of notice is specified to inform carriers of rifles, shotguns, or assault weapons.

Why are handguns treated differently than rifles, shotguns, assault rifles, and other long guns? Most likely because it is harder to hide a long gun. Handguns fit neatly into a purse, briefcase, or holster where they are not visible; whereas, rifles and other long guns are too large to easily hide on one’s body.

It is important to understand that the Legislature narrowly defined the word “premises” to essentially be inside a building. Even if a business owner prohibits carrying handguns on the “premises,” people may still keep a gun secured in their vehicle.

Continue reading

‘TIS THE SEASON TO BE SCAM SAVVY

With Thanksgiving behind us, the Holiday Season is in full swing, and so are scams. There may be nothing you can do to prevent the early morning call from your credit card’s fraud department asking if you are buying athletic shoes in London, however there are ways to protect yourself from scams and identity theft.

Here are a few tips for minimizing your risk during the holiday season.

  •  Surf smart. When shopping online make sure you are using a safe site. Take a moment to look for the lock symbol on the screen or “https” in the URL (website’s address). Type in the URL line; don’t click on a link from an email. And, Google has a free service that monitors malware attacks. Type http://google.com/safebrowsing/diagnostic?site= and the website you want to check. You will see a report whether the site has been attacked by malware in the last 90 days.
  • Shop smart. Be aware of your surroundings especially at ATMs and in stores. In the past, pickpockets were the main concern. Someone may still try to snatch your purse or wallet by hand, but now digital pickpockets use technology to steal your credit card information remotely. For a modest investment in equipment, thieves can wirelessly read the information on your credit card’s magnetic strip from a short distance and place the information on a fake card. If your card has one of the new EMV chips in it, you are still vulnerable. The magnetic strip is still hackable, and last summer fraud experts in Mexico found a device on ATMs intended to hack EMV chips. So, how can you minimize your risk? Carry only what you need. If you are going to use one credit card on a shopping trip, leave the rest at home. Most devices work within a short distance – six inches or so. If someone is standing too close to you, move away.
  •   Don’t fall for phone or email scams. All phone and email scams follow a pattern: unsolicited contact, with either a sad story or a fabulous deal, followed by an “Aask.” The Aask takes one of two forms: money or the victim’s personal information. A scammer seeking money will usually request a wire transfer because once started, a wire transfer is extremely difficult to stop. Once completed, a consumer has little hope of recovering the money. Here are a few tips for avoiding scams:
    • If you didn’t initiate the call or email, treat it like a scam. Be cautious, and don’t give out any personal information.
    • If a phone call, don’t guess who it is. Ask, “What is your name?” A common scam begins with a caller saying, “Grandma?” This scammer is betting the recipient will guess a grandchild’s name instead of saying, “Which grandkid are you?”
    • Don’t give out personal information over the phone if you didn’t initiate the call. If you call your bank, they need to verify your identity by asking for information. If you don’t give them information, they cannot help you. A scammer pretending to be your bank, will ask for your account number. Don’t give it.
    • Don’t fall for a fake deal. If you didn’t enter a lottery, you didn’t win a lottery. If you don’t have any relatives in Michigan, it’s unlikely you’d inherit anything from a Michigan resident.
    • Don’t use a phone number or email address given by a scammer. It just goes right back to the scammer. Instead, if you are unsure whether a call is genuine, look up the phone number independently and call back. If a credit card, call the number on the back of the card and ask for the fraud department. If a financial institution, call the number on your statement.
    •  Verify email addresses. If you get a suspicious email that looks like someone you know, look closely at the email address. Scammers fake email addresses by changing one or two letters.
    • Don’t wire money to another country without independent verification. You don’t have the same consumer protections when you send money to another country. A common scam involves an imposter who pretends to be a friend or relative who is stranded in another country. Hang up. Call the person who is supposedly asking for the money. Ask whether they just called you.
    • It’s okay to hang up on a scammer. Scammers are masters of human behavior. They rely on victims to be polite and helpful. The best way to avoid the scam is to simply hang up the phone or delete the email.

Stay safe, and enjoy the holiday season!

Writing it Down: 3 Excuses, Excuses

My last post noted how writing things down supports healthy business relationships. If writing things down is so important to protecting a healthy business, why don’t people do it?

Common reasons for resisting written agreements are:

“I do deals on a handshake. It’s a matter of trust.”

“It’s too expensive; I’d have to hire an attorney.”

“My friend wouldn’t break a promise. He’d never do that to me.”

None of these are good excuses from my perspective. I’ve seen too many business relationships deteriorate as a result of otherwise savvy business owners adopting these excuses. Let’s explore the problems with handshake agreements.

  • Verbal agreements are too broad. People invariably do not remember details exactly the same way; therefore, a handshake agreement often will lack all of the necessary terms of the agreement. Example: Joanna installs tile. Bert hires Joanna to install tile in his bathroom for an agreed price payable half up front and half when the job is complete. Joanna estimates the job will take 2 days to complete. Bert selects tile from Joanna’s sample books. Joanna installs the selected tile and matching grout. Bert is unhappy because he wanted contrasting grout. The grout decision was a missing term. Bert demands that Joanna remove and replace the grout at no extra charge. Joanna believes their contract requires Bert to pay the rest of the agreed price and re-negotiate a new contract for removal and replacement of the grout. The parties have created their own mess. At a minimum, Joanna should be using a written work order or estimate that clearly lays out what work will be done, what decisions the customer will make, and how changes will be handled.
  • Verbal agreements can be ambiguous. When terms are not reduced to writing, they are subject to differing interpretations much the same way that two people witnessing the same event often describe it differently. Even lawyers are guilty. Example: Samantha cannot afford a lawyer to handle her entire divorce. She hires Amanda’s virtual law firm to provide limited scope services to aid her in handling her own divorce. Both agree that for a flat fee, Amanda will draft the divorce petition and court orders, give Samantha instructions for filing the petition, and provide a publication explaining the divorce process including how to handle the final hearing. In the interim, Samantha agrees to pay her spouse a small sum every month to cover an unexpected home repair. Samantha expects Amanda to draft an agreed temporary order since their flat fee covers “court orders.” Amanda disagrees. Her intention was that “court orders” included only the final divorce decree. “Court orders” in this context is ambiguous. A written agreement signed by Amanda and Samantha would have given Amanda the opportunity to spot the ambiguity before agreeing to provide services and, even if imperfect, writing down the parties’ expectations would have given them a starting point for discussing adding services to their agreement.
  • Oral agreements are hard to enforce, and agreements are worthless if they are not enforceable. Agreements are not enforceable if all the parties have not agreed to all the terms. Example: Ben and Dan form a partnership to start a mobile car wash service. Ben owns a panel van that he will contribute to the business. He estimates the van is worth $10,000. Dan will contribute $10,000 in cash for start-up costs. Both will work without salary for 6 months, and Dan will “manage” the business. After 60 days, the relationship starts disintegrating. It seems Ben and Dan can’t agree on anything. Ben has had enough and kicks Dan out of the business. Ben claims all of the improvements Dan made to the truck belong to him. Dan wants his $10,000 back and wants to be paid for the time he spent building the business. Since the parties never agreed to an exit strategy, Dan has no contract that provides him reimbursement for his time or his money. Dan must rely on common law theories of recovery to get his money back and soon realizes that attorneys’ fees and litigation costs will exceed his initial $10,000 investment. While he may be able to recoup attorneys’ fees after a trial, he decides a lawsuit is a risk he does not want to take.
  • Verbal agreements are susceptible to differences in memory making the proof of terms a matter of which party is more credible. Lawyers call this a “he said/she said” dilemma. Example: In the previous example, Dan visits a lawyer. He explains his agreement with Ben, and wants to know how to get his money back and get paid for his time and efforts to build the business. After a few minutes of hard questioning, Dan realizes that by not writing things down, Ben can simply deny the terms of their agreement. Whereas a written agreement speaks for itself, to enforce their verbal agreement, Dan will have to find witnesses and other evidence to prove every part of the agreement. Most of the terms were made in private conversations between Dan and Ben, so most of Dan’s witnesses are relying on Dan’s description of the agreement. Dan’s lawyer calls this hearsay and explains it may not be useful in court. A legal action to enforce their agreement will come down to who is more believable under the pressure of a court proceeding.

A trusting relationship does not cure the parties’ failure to communicate effectively. The failure to define all important terms can be fatal to any agreement. Writing things down gives people the opportunity to avoid future problems.

Continue reading

Writing it Down: 2 It's All About the Relationship

Every profitable business is a complex web of relationships. Think about it. Common relationships on which a thriving business is based include:

Customer-Supplier

Co-Owners (shareholders, partners, members)

Employer-Employee

Supervisor-Supervisee

Owner-Management

Business-Regulators (taxing authorities, licensing boards)

Landlord-Tenant

Networking partners

Of course, there are more. On the most basic level, a business cannot exist without customers, and a business will not last long without strong customer relationships. Every profitable business is built on a web of thriving relationships. Relationships are strong when everyone is on the same page, expectations are clear and realistic, and the parties trust each other to do what each has agreed to do.

 

Relationships deteriorate when everyone is not on the same page, expectations are ambiguous or unrealistic, or someone fails to keep a promise. Many times, misunderstandings between parties cause or contribute to the deterioration of otherwise healthy relationships. Misunderstandings happen for a number of reasons – many of which are avoidable. A common cause of misunderstanding is the failure to accurately describe a task to be performed. Who will do what by when, and how will it be done?

Details may be assumed differently by various parties when the details are not written down. For example, John hires Dan to paint a wall. The two negotiate a price and a time for completion. Dan paints the wall. John refuses to pay full price because Dan did not prime the wall before painting it. A critical item was not discussed. Dan assumed the wall did not need priming because it was not discussed. John assumed that any painter would prime the wall first. Now, everyone is dissatisfied.

Had the two written down the terms of their agreement, they may have uncovered the missing information in time to clarify and correct. This example uses a very simple agreement. In reality, the more complicated an agreement is, the more terms and details are needed, and the more steps toward completion of each party’s agreed tasks, the more critical it is to write everything down.

Dan and John did not need a lawyer or fancy language to write their agreement. Their agreement could have been in the form of a work order signed by both of them. It seems obvious that a written agreement would have helped them avoid conflict and would have led to a better working relationship. So, why do we resist writing things down? My next post will explore our propensity to rely on a handshake over pen and paper.