CLOSE X
RSS Feed LinkedIn Instagram Twitter Facebook
Search:
FMG Law Blog Line

Posts Tagged ‘IT’

Facing Increased Cyber Threats Against Legal and Accounting Professionals During the COVID-19 Pandemic

Posted on: March 24th, 2020

By: Renata Hoddinott

Millions around the world have had their daily routines disrupted and a wide variety of companies are participating in the largest “work from home” mobilization in history. While the ability for professionals to work remotely is key to business continuity in the midst of this pandemic, in doing so, firms and professionals have open their networks to unprecedented exposure.

Bad actors are capitalizing on the intense focus on COVID-19 panic and fear and security professionals have already noted an increase in malicious schemes. Those include phishing emails framed as alerts regarding the coronavirus outbreak containing attachments purportedly with information about COVID-19 and how to protect against the virus. When people are already stressed, fearful, and desperate for the most up-to-date information to protect themselves and loved ones, there is a significant risk to the security of any network.

Another prevalent threat for professionals, and particularly for CPAs, is in the realm of wire transfer requests. These types of scams are on the rise and can be very convincing, duping even the most cyber-savvy of professionals. Bad actors often begin well in advance of an attack by laying in wait and collecting information over an extended period. When the opportunity presents itself, such as now, these criminals use that information to launch convincing wire transfer requests. They can be framed as emails from “clients” requesting emergency funding and providing fraudulent wire instructions. CPAs often find themselves on the front lines against these malicious schemes and need to remain diligent and exercise extreme caution when responding to any requests. With professionals working remotely it can be more difficult to ensure a request is valid, but it is vital for requests to be double and triple checked and validated directly by phone or video to ensure accuracy before a single dollar is transferred.

Now is the time for all professionals to be vigilant about the cyber dangers. An unprecedented number of professionals are accessing company networks remotely and continuing to service clients including handling sensitive and confidential client data. In an office environment, when a threat is detected, IT can immediately quarantine and disconnect the compromised device and conduct an investigation of the company network. Now, however, employees may be connecting to firms’ servers from their own perhaps less secure networks and IT professionals are not on-site in those locations to troubleshoot issues and contain threats more easily. Failure to appropriately protect the sensitive and confidential data of clients may be the cause of malpractice claims in certain circumstances.

Firms should ensure IT security professionals are accessible to remote working professionals and able to isolate remote devices when necessary and limit the potential damage to the firm’s network through that compromised device. Now more than ever firms and professionals must remain diligent and prepared against new risks of fraud and cyber-attacks. Keeping mindful of cyber threats in the midst of this crisis is critical to ensuring ongoing success.

Additional information: 

The FMG Coronavirus Task Team will be conducting a series of webinars on Coronavirus issues every day for the next week. We will discuss the impact of Coronavirus for companies in general, but also for business in insurance, healthcare, California specific issues, cybersecurity, and tort. Click here to register.

FMG has formed a Coronavirus Task Force to provide up-to-the-minute information, strategic advice, and practical solutions for our clients. Our group is an interdisciplinary team of attorneys who can address the multitude of legal issues arising out of the Coronavirus pandemic, including issues related to Healthcare, Product Liability, Tort Liability, Data Privacy, and Cyber and Local Governments. For more information about the Task Force, click here.

You can also contact your FMG relationship partner or email the team with any questions at [email protected].

**DISCLAIMER: The attorneys at Freeman Mathis & Gary, LLP (“FMG”) have been working hard to produce educational content to address issues arising from the concern over COVID-19. The webinars and our written material have produced many questions. Some we have been able to answer, but many we cannot without a specific legal engagement. We can only give legal advice to clients. Please be aware that your attendance at one of our webinars or receipt of our written material does not establish an attorney-client relationship between you and FMG. An attorney-client relationship will not exist unless and until an FMG partner expressly and explicitly states IN WRITING that FMG will undertake an attorney-client relationship with you, after ascertaining that the firm does not have any legal conflicts of interest. As a result, you should not transmit any personal or confidential information to FMG unless we have entered into a formal written agreement with you.  We will continue to produce educational content for the public, but we must point out that none of our webinars, articles, blog posts, or other similar material constitutes legal advice, does not create an attorney client relationship and you cannot rely on it as such. We hope you will continue to take advantage of the conferences and materials that may pertain to your work or interests.** 

A Recent Study on Cybersecurity Among Small Businesses

Posted on: December 18th, 2019

By: Michael Kouskoutis

A recently published report, entitled “Under Attack: The State of MSP Cybersecurity in 2019,” surveyed 200 managed service providers across the country to evaluate the state of cybersecurity among smaller businesses.  (A managed service provider is a company that handles its customers’ IT infrastructure, often remotely.)  The report reveals how small businesses and their managed service providers are underequipped to protect against the newest forms of cybersecurity threats.  In particular, the study found that nearly three-quarters of managed service providers suffered a cyberattack, and over 80% of their small-business customers experienced a cyberattack as well.

What’s most concerning is that two-thirds of managed service providers believe that they are not equipped to defend their customers against a cyberattack, and that this lack of confidence is likely linked to the widening gap among providers in technical skill, knowledge, certifications and accessibility to resources.  The report advises that managed service providers should seek top talent and facilitate training programs aimed at keeping staff up to date on the latest cyber threats and solutions.

Further, managed service providers are reporting difficulty in selling cybersecurity solutions to their customers, leaving customers increasingly vulnerable to the latest cyber threats.  However, prior studies show that small businesses are willing to spend 27% more money for cybersecurity, provided they feel confident in the security package’s ability to offer adequate protection.  In addition to strengthening their services, managed service providers should proactively engage in conversations with their customers about cybersecurity, and not wait until after an attack.  Customers and prospects should be aware of the evolving nature of cyber threats and that proper cybersecurity requires a deliberate and concerted effort among all small business employees.

For more information about cybersecurity or breach response, contact Michael Kouskoutis at [email protected].

Insurer Side Beware: Litigation Privilege for Pre-Suit Communications Extends Only To The Party Contemplating Filing Of Litigation

Posted on: January 14th, 2019

By: Tim Kenna & Kristin Ingulsrud

Strawn v. Morris, Polich & Purdy—filed Jan. 4, 2019, Court of Appeal of California, First District, Division Two 2019 Cal.App. LEXIS 9*—makes explicit that the application of the litigation privilege to pre-suit claims communications where the policyholder disputes its contemplation of litigation only applies to policy side interests if the insurer is contemplating litigation in good faith.

The litigation privilege makes inadmissible any communication made in judicial or quasi-judicial proceedings. California Civil Code § 47(b)(2). This privilege extends to pre-litigation statements relating to litigation contemplated in good faith and under serious consideration. Action Apartment Assn., Inc v. City of Santa Monica (2007) 41 Cal.4th 1232, 1251.

In Strawn, the insureds brought a cause of action for invasion of privacy against State Farm’s counsel based on the alleged wrongful transmittal of the insureds’ tax returns to State Farm in connection with a coverage investigation involving potential arson. The MPP argued that the transmittal was protected by the litigation privilege because it was in anticipation of the civil action the insureds “would surely and did in fact” file. The trial court agreed and sustained the demurrer based on the litigation privilege.

The California Court of Appeal reversed. In order for the insurer to apply the privilege to its own communications, the Court held, the insurer would need to establish that it was contemplating litigation in good faith when it received the tax returns.

There have been cases in which the courts have held that routine claims communications relate to the business of insurance and are not protected speech. See, e.g. People ex. Rel. Fire Insurance Exchange v. Anapol (2012) 211 Cal.App.4th 809. Other cases have attempted to discern whether the communications themselves establish a good faith consideration of litigation. Blanchard v. DIRECTV, Inc. (2004) 123 Cal.App.4th 903.  Strawn seems to go one step further in requiring the movant to establish that IT was contemplating the filing of litigation in good faith. Strawn appears to hold that at least in a case of disputed intent of the policyholder, the insurer side’s good faith subjective or objectively reasonable belief that the policyholder was contemplating litigation is irrelevant. Thus, where claimants’ counsel threatens suit, there was no protection to the insurer side no matter how unlikely settlement.

Strawn’s effects may be felt by litigants who attempt to utilize the litigation privilege in furtherance of dispositive pre-trial motions, including anti-SLAPP and motions for summary judgment.  First, Strawn emphasizes that good faith is a question of fact that must be determined before the litigation privilege can apply. Second, it severely limits the application of the litigation privilege in favor of any party who is responding to a perceived threat of litigation, even if that perceived threat is objectively reasonable.

If you have any questions or would like more information, please contact Tim Kenna at [email protected] or Kristin Ingulsrud at [email protected].

A Contradiction In Terms – Recent Developments On 3rd Party Placement Of STEM Opt Students

Posted on: July 13th, 2018

By: Kenneth Levine

In April 2018, USCIS issued official guidance that precluded the assigning of a U.S. employer’s STEM OPT employees to off-site third-party locations.  A STEM OPT employee is a foreign national who is pursing “practical training” through a U.S. employer after having received a degree from a U.S. college/university in a science, technology, engineering or mathematics program.  This development was viewed as especially detrimental to IT consulting companies, whose business model is largely predicated on providing IT services to 3rd party client sites.   These client sites have always served as a fundamental training ground for recent graduates of information technology programs.

In issuing the April guidance, USCIS appears to have blatantly disregarded conflicting guidance that remains in effect.  3rd party placement of STEM OPT employees by staffing agencies is clearly permitted in the preamble to the STEM OPT regulation (8 CFR 214.16 and 81 FR 13040, 3/11/16) and ICE’s “Frequently Asked Questions and Answers” document.

The ICE FAQ addresses this issue as follows:

STEM OPT students are permitted to use staffing/placement agencies to find a training opportunity. However: … [a]ll STEM OPT regulatory requirements must be maintained, and … [t]he staffing/placement agency cannot complete and sign the Form I-983 as an employer, unless … the staffing/placement agency is an E-verified employer of the student, and … [t]he staffing/placement agency provides and oversees the training.

FMG Immigration Attorneys have received recent independent verification from colleagues that H-1B petitions are being approved where USCIS sought to challenge eligibility for the visa based on 3rd party placement of the OPT STEM employee.   Accordingly, so long as it can be demonstrated that each element of the above referenced ICE guidance for 3rd party placement (including full compliance with the I-983 training program) have been satisfied, then there is no reason for staffing companies to discontinue this practice.

For additional information related to this topic and for advice regarding how to navigate U.S. immigration laws you may contact Kenneth Levine of the law firm of Freeman, Mathis & Gary, LLP at (770-551-2700) or [email protected].

Electronic Medical Records – IT Guides for a New Frontier

Posted on: August 27th, 2012

By: Michael Eshman
It is clear that electronic medical records and exchanges are the wave of the future in healthcare. For better or worse, the electronic management and maintenance of files and records will transform the healthcare industry.

In December 2011, Georgia Health News reported on the medical revolution coming with online records and the statewide exchange Georgia is building with the help of a $13 million federal grant. In addition to the economic factors driving the change, in our prior blog post titled “Electronic Medical Records – Saving More Than Trees,” we noted that a recent Harvard study found medical malpractice claims dropped in Massachusetts after doctors began using electronic records. There are great rewards and incentives to adopt electronic medical records and to be part of the expanding record exchanges, both for the quality of care that can be provided to patients and for the economics and efficiency of practice management.

However, any practice using electronic medical records should lean heavily on trusted IT professionals to ensure the privacy and security of the records. As noted by Georgia Health News in the column linked above, the Ponemon Institute reports that the number of reported medical data breaches has increased by 32 percent since 2010.

In a recent brazen attack, hackers accessed the computer network of a small practice in Lake County, Illinois, but instead of merely stealing and reposting the records, they encrypted the records and posted a digital ransom note for payment in exchange for the password. It is unclear whether the records were backed-up, but if not, the hackers effectively held hostage the medical records of patients.

As more practices move to electronic records, and as medical record exchanges expand nationwide, the incidents of attempted hacks will likely increase, and it will fall to the practices and the administrators of the exchanges to manage the risk associated with maintaining and sharing electronic records. Electronic records and exchanges are part of the new frontier for medical providers, and there are great benefits to be gained from the advancements. But providers are wise to focus on the issues of data management and security and to lean on trusted IT professionals and risk managers for guidance.

Thoughts and questions are always welcome.