According to a new survey by insurer Nationwide, almost half of all businesses have been the victim of a cyberattack without knowing it.
Most of the headlines about cyber exposure and planning focus on the need to avoid exposure to consumer claims. This neglects the real purpose of cyber planning for most companies, however: protecting your revenue and securing your growth.
Many businesses don’t have a lot of “personally identifiable information” on file, and the penalties associated with losing control over that information are generally not large (outside healthcare, financial services, and similar industries). With those facts in front of you, it can be hard to justify spending scarce resources on a defensive plan.
However, your own business assets and your own growth/succession are at risk no matter what kinds of records you hold in your company. The time and money you spend on developing and practicing good cyber habits is priceless when you think about your IP, your trade secrets, your pricing, your “secret sauce” getting out via a hacker. Bad guys troll for valuable information all the time, and often sell batches of information via online black markets. This has nothing to do with the headline grabbing consumer suits that garner all the attention.
How would you value your business in a sale if you knew you’d been the victim of a cyberattack and couldn’t demonstrate that your core assets remained secure? How would you talk to your investors or your board following an attack? What would you want to know about a target’s cyber habits before buying its business?
These are the questions that should be driving our discussion of cybersecurity planning. #cyberforgrowth – not cybersecurity as a means to fend off rare (and rarely successful) consumer claims.
A friend recently asked if the Georgia Angel Investor Tax Credit program would cover an angel investor’s investment in a start-up’s convertible promissory note. It was a good question because start-ups often raise funds through convertible notes. The short answer to his question was, “it depends.”
The Georgia Angel Investor Tax Credit program gives angel investors who are Georgia residents a tax credit for making qualified investments in Georgia start-ups. The program was amended in 2015 to cover qualified investments made in 2016, 2017 and 2018. (See Georgia Angel Investment Tax Credit (May 24, 2016))
The program allows the angel a tax credit of up to 35% for a qualified investment, capped at a credit of not more than $50,000 in any tax year, with the tax credit to be issued in the second year after the investment is made. (For example, a qualified investment made in 2015 would result in a tax credit for the 2017 tax year.) The state permits not more than $5 million in tax credits each year and start-ups need to apply for allocations of the tax credits if they have investors who want to take advantage of the program.
The Georgia Department of Revenue has issued rules to guide tax payers through the requirements of the program. (See Georgia Rule 560-7-8-.52)
To obtain a tax credit a “qualified investor” must make a “qualified investment” in a “qualified business” (tracking the definitions from the Georgia Rule). Answering the question originally posed, therefore, requires the taxpayer to walk through each of these definitions. An investment in a convertible promissory note, can be a “qualified investment” (assuming all of the other definitions are met) if the convertible promissory note satisfies the requirements of “qualified subordinated debt” (the only debt category within the definition of “qualified investment”). Qualified subordinated debt is “indebtedness that is not secured, that may or may not be convertible into common or preferred stock or other equity interest, and that is subordinated in payment to all other indebtedness of the qualified business issued or to be issued for money borrowed and no party of which has a maturity date less than five years after the date such indebtedness was purchased.”
It is this last requirement for “qualified subordinated debt” that most start-up convertible note deals may have difficulty satisfying. Most convertible notes issued by start-ups are not subordinated, but rather represent senior indebtedness that may not be subordinated. So, if a start-up wants to ensure that its convertible note offering will be eligible for the Georgia Angel Investment Tax Credit program, counsel for the start-up should carefully draft the subordination provisions of the note with a view towards the requirements of Georgia Rule 560-7-8-.52(2)(g).
This week, the House of Representatives will consider and vote on the Financial Choice Act (“FCA”), sponsored by Rep. Jeb Hensarling of Texas – chairman of the House Financial Services Committee. The FCA is a response to the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”), and not a nice one. It essentially guts that bill which was itself a response to the financial crisis that began in 2007. After his election, President Obama called for a "sweeping overhaul of the United States financial regulatory system, a transformation on a scale not seen since the reforms that followed the Great Depression" and Dodd-Frank was basically the result.
Yesterday's news about Apple's secret effort to find the 'holy grail' for treating diabetes is just the tip of the iceberg.
The data-mining and communications solutions that are made possible by the Internet will make it possible for future entrepreneurs to launch solutions that we find hard to imagine today.
Wearable devices, once configured with the right technology to enable the monitoring of blood sugar levels, blood oxygen levels and other health data in combination with data-mining and simultaneous communication to health care providers hold great potential for guiding patients to make healthy choices and to seek medical help when appropriate.
There are obvious data privacy and cyber-security implications, of course, but even these challenges are opportunities in disguise for the entrepreneurs who can develop market-friendly solutions.
I hope everyone can join me in a webinar on April 21, 2017, entitled Real Estate in Mergers and Acquisitions.
I’ll be part of a panel that includes my environmental partner, Leah Knowlton, on challenges in dealing with real estate in M&A documentation and negotiations.
Registration information available on the National Business Institute website.
As warming temperatures precede the coming of Spring, there is a growing chorus of support in the U.S. Congress for ending the U.S. embargo of Cuba.
The new Administration may stand for regulatory rollback in many areas, but consumer privacy is (so far) not one. Trump's Federal Trade Commission (FTC) is pursuing a router manufacturer whose equipment hasn't caused any consumer harm yet: no data leaks, no identity fraud, no damages. Companies hoping to escape scrutiny under a relaxed privacy watchdog should consider themselves on notice.
As a best practice, it is a good idea to review your privacy policies and the marketing of your services or goods. Any claims you make about security and privacy of consumer data are fair game for scrutiny and investigation. The FTC so far has been unchecked by the courts, and this router case signals that the agency intends to continue vigorous enforcement—even under an anti-regulatory President.
Tax season brings with it many headaches. For the last couple of years, W2-related phishing scams have been among them. Cyberthieves may send email to HR or financial personnel that looks like it comes from a senior executive. The email may ask for copies of W2s for all employees. The scam used to be targeted to corporations only, but is now hitting school systems and non-profits as well.
As part of its cyber risk planning measures, any organization would be well served to have training and policies in place regarding how to respond to emails asking for this kind of information. In addition, no organization should be sending documents such as W2s by unsecured email.
Employee awareness is one of the biggest and best defenses to this kind of scam: knowing that the company policy is never to send such sensitive information in the clear, no matter who asks, can go a long way to preventing problems. A timely reminder during tax season is a good idea, as is revisiting the organization's cyber plan overall at regular intervals.
In a case of first impression, the Eleventh Circuit has held that an employer need not show an interruption of service to prove actionable harm under the Computer Fraud and Abuse Act (CFAA) and other federal laws. This is good news for employers and potentially for others who suffer computer intrusions.
A number of writers have recently looked at the possibilities for changes in U.S. policy coming out of the Trump administration.
In that regard, it’s important to note how fragile the current arrangement is with Cuba and how easily the new administration could implement changes.
- Data Privacy
- Data Security
- Government Investigations
- Limited Government
- FAST Act
- JOBS Act
- Public Policy
- Intellectual Property
- Social Media
- Employment Issues
- Non-Profit Organizations
- Due Process
- Political Philosophy
- Risk Avoidance
- Risk Management
- Regulation A+
- Renewable Energy Around the Web
- In-House Counsel
- Mergers and Acquisitions
- Real Estate