August 25, 2019

Archives for June 14, 2012

Colorado Court of Appeals: Week of June 10, 2012 (No Published Opinions)

The Colorado Court of Appeals issued no published opinions and thirty-eight unpublished opinions for the week of June 10, 2012.

Neither State Judicial nor the Colorado Bar Association provides case summaries for unpublished appellate opinions. Case announcements are available here.

Tenth Circuit: Unpublished Opinions, 6/13/12

On Wednesday, June 13, 2012, the Tenth Circuit Court of Appeals issued no published opinions and three unpublished opinions.

United States v. Rivera-Rivera

United States v. McAllister

United States v. Maldonado-Ortega

No case summaries are provided for unpublished opinions. However, published opinions are summarized and provided by Legal Connection.

Finalists Selected to Fill Judgeship on the Colorado Court of Appeals

The Supreme Court Nominating Commission has nominated three candidates for an upcoming vacancy on the Colorado Court of Appeals. The vacancy will be created by the retirement of the Honorable Arthur P. Roy on November 23, 2012.

The nominees for the bench are Stephanie Dunn, Blain Myhre, and Anthony Navarro. All nominees were selected by the commission in Denver during a June 12-13 meeting.

Under the Colorado Constitution, Governor Hickenlooper has until June 29 to appoint one of the nominees as a judge on the Colorado Court of Appeals.

Law Firms and Small Businesses: Protecting Security Interests (Part 1)

Editor’s Note: This is the first in a two-part series of cyber security articles. Part two can be found here.

Is there anything more financially fragile than a small business in the U.S. today? As we climb out of the Great Recession, many of the surviving small businesses were forced to cut corners, often making compromises on the IT side. Combine this with an unprecedented rise in cyber crime that took the 2011 U.S. cost of security breaches to $32 billion, and one can easily predict the future security troubles of many small businesses.

As legal, and sometimes operational and financial, advisers to small businesses, law offices should be more aware than ever of the security risks to small business clients, understand how to mitigate these risks, and lend support when a security breach occurs.

These considerations are also important for attorneys to make regarding their own online presence and security risks, especially solo/small firm practitioners.

While I can’t cover IT security in its entirety here, I’ll touch on three areas, each of which should give you an idea of security troubles ahead and what you might be doing to anticipate these troubles:

  1. Professional and financial liabilities
  2. Reasonable contractual expectations
  3. Responses after a breach

To set the stage for my thoughts on the advice and support a law office might provide to small businesses, consider for themselves, or at least be aware of, let me start by sharing a few details of my background. I am the managing partner of 403 Web Security, a web application security company, and WDDinc, a software development firm with close to 20 years of developing software, much of it for small businesses. While I am not a legal expert, I have seen more than my share of software related contracts and have a firsthand view of the risks these organizations place themselves under.

For the sake of simplicity and to take full advantage of my experience, I’ll limit my notes to web application security – more commonly known as security within small business web sites.

Professional and Financial Liabilities

Without hesitation, I can say that the vast majority of small businesses not only have inadequate security protections in place, but also are oblivious to the fact they are security risks. Even worse, recent headlined security breaches of high-profile companies seem to engender only a misguided belief that they are immune from security attacks because they are small fish in a huge ocean.

The truth is, not only are small businesses not immune from attack, they are prime targets because of their lack of security. Consider the monetary value of even small, undetected breaches – unlimited time to exploit compromised data and the opportunity to revisit the sources months and years into the future.

When considering security liabilities, I like to separate small businesses into two categories. The first would be those businesses that collect and save protected data (i.e., medical, identity) within their own environments. The web sites that support these businesses tend to be custom built by design or development companies that have little or no experience in creating secure web sites, and almost never have the capabilities of testing new sites for security vulnerabilities. These companies potentially are open to huge fines when their data is compromised.

The second, and larger, category is small businesses with e-commerce components. These businesses usually, and wisely, use well-established (and secure) external web services to handle credit card and other payment transactions. Unfortunately, this approach is successful only when the business’ basic web site is secure. The point almost always missed is that a hacker does not always breach a web site for its underlying data. For example, a hacked site may be modified in subtle ways to take an unsuspecting consumer to a fraudulent e-commerce service that will happily collect and exploit the consumer’s credit card as soon as it is entered. Or, one of my favorite security flaws, Cross Site Scripting (XSS), might allow a hacker to take over a legitimate user’s browser – effectively compromising that user’s e-commerce transactions or invading the user’s entire computer.

In either case, a small business may be financially and legally liable for the fraud and illegitimate use of information from its security breaches. Perhaps just as importantly, the loss of reputation and consumer confidence alone might be enough to ruin any small business.

A proactive law firm might be in a unique position to address potential security issues and breach consequences with their clients. This should be part of the support of any client and attorneys should heed the same advice themselves.

Alan Wlasuk is a managing partner of 403 Web Security, a full service, secure web application development company. A Bell Labs Fellow award-winner with 18+ years of experience building secure web applications, Wlasuk is an expert in web security – from evaluation to web development and remediation.

Learn More: Cyber Security/Privacy CLE Homestudy Programs

Is Your Sensitive Data Secure: Cyber Insurance for Your Firm and Your Clients (video on-demand and mp3 download)

Avoiding The Lawyer’s Digital Nightmare: How To Safeguard Your and Your Clients’ Sensitive Information And Survive The Inevitable (?) Security Breach (video on-demand, mp3 download, and audio CD)

Ethics in a Wild Wired World (video on-demand, mp3 download, and audio CD)

To Use and Protect: Privacy Basics for Business (video on-demand and mp3 download)