What’s Your Copyright IQ?

By Andrew A. Gonzalez, Esq.

Andrew A. GonzalezIn the old days, the Power of the Press was a luxury reserved for those with a press. Today, anyone with a desktop computer and an internet connection can become an electronic publisher. Before the internet, any entrepreneur not only had to know the nuts and bolts of marketing, but they had to be aware of complex legal issues such as libel and copyright infringement. An unintentional mistake and you could be sued out of existence. Professionals understood that the Power of the Press carried with it great responsibility and legal risk.How much do you really know about copyright law? Click To Tweet

If you are a website designer, or business owner, it is time to wake up to laws that have always applied to intellectual property in the real world. How much do you really know about copyright law? A copyright is a form of protection for original works of authorship fixed in a tangible medium of expression. Dangerous myths about copyright law.

MYTH: If it doesn’t have a copyright notice, it’s not copyrighted.
FALSE. In the USA, almost everything created after April 1989 is copyrighted and protected whether it has a notice or not. The default you should assume for other people’s works is that they are copyrighted and may not be copied unless you know otherwise.

MYTH: It is okay to copy as long as you give proper credit to the author/artist.
FALSE. If you copy an original writing, graphic, song, or other work without
permission, you are guilty of copyright infringement. The Digital Millennium Copyright Act [DMCA] restricts access to or distribution of copyrighted material. Violators may be subject to civil and criminal penalties.

MYTH: I goofed and used someone’s graphic on my web page without realizing that it is copyrighted, but I cannot be sued as long as it was an honest mistake.
FALSE. Ignorance of the law is no excuse. Copyright law does not care about your “intent”, only that you have infringed work of another.

MYTH: It is okay to use less than 10 percent of someone’s work.
FALSE. Although it may be permissible to use limited portions of a work for limited purposes, there is no rule permitting a certain percentage of the work to be reproduced, distributed, performed or translated.

MYTH: The work doesn’t show a copyright notice, so it is in the public domain and content can be used freely.
FALSE. A work has automatic copyright protection the moment it exists and in tangible form. While it is good practice to insert a copyright notice, it is not mandatory.

MYTH: If I don’t charge for it, it’s not a copyright violation.
FALSE. It is a violation even if you give it away—and there can be serious damages if you diminish commercial value of the property.

MYTH: It doesn’t hurt anybody and it’s free advertising.
FALSE. It Is up to the owner to decide if they want the free ads or not.

MYTH: I paid someone to create something for me so I own the copyright.
FALSE. If the content creator is on staff, and the work is created during their employment as part of their job, usually the employer owns the copyright. If, on the other hand, the content creator is an independent contractor, then the contractor may own the copyright unless there is something in writing transferring copyright to you.

MYTH: I copyrighted the name of my brand.
FALSE. Copyright protects original works of authorship, but a trademark protects words, phrases, symbols and logos that identify the source of the goods or services.

MYTH: I can mail myself a copy of my work to protect it [commonly known as “the poor man’s copyright”].
FALSE. There is no provision in copyright law granting any such protection and it not a substitute for registration.

MYTH: If I am caught infringing, I will just stop.
FALSE: The penalties for copyright infringement can be severe, and the technology for catching offenders gets better all the time. The penalties for copyright infringement include both criminal and penalties.

The purpose of copyright law is to provide a commercial framework to ensure that artistic, intellectual or other works of value are fairly rewarded. The development of technology in general and the internet in particular has dramatically increased the ease with which works are violated. In this environment, a number of misconceptions have become common currency. This article is intended as an introduction to copyright laws and is provided in good faith to gain a general understanding of the topic.

Andrew A. Gonzalez, Esq. is an experienced attorney with over twenty-five years in practice. He focuses attention on business and intellectual property matters. He provides sophisticated services to commercial and individual clients who need to effectively compete in a business environment. For more information, call 914-220-5474 or email gonzalez@golawny.com.

Hacking People: Why Your Biggest Vulnerability Isn’t In Your IT Department

By Clinton Henry

Clinton HenryLast week, Chris stopped off at his local coffee shop to have a chai before heading off to a trade show to deliver a keynote speech. As he sat at his usual spot near the counter, a heated discussion ensued next to him regarding the third quarter of 2017. In the middle of the morning’s caffeinated hustle and bustle, a marketing meeting was in progress.

He knew it was a marketing meeting because the three employees left the screens on their computers open to “Marketing Plans.” Much to his amazement, they abandoned the table and were apparently in line—as well as online. They left two smartphones and a couple of memory sticks out in the open, plain as a Pumpkin Spiced Latte.

While reasonable predictions aren’t always correct, there’s a strong possibility that eventually the company will experience a breach. Moreover, it’s highly unlikely that anyone within the business or IT has taken a serious look at how its users operate to protect it from this sort of vulnerability.

The biggest risk for any organization being hacked is neither the firewall nor the server. It is another problem altogether: social engineering. Social engineering is when employees inadvertently (or out of malice) give cyber thieves sensitive corporate or client information. The problem with most businesses and IT departments is while they may be eager to invest in cybersecurity measures for their organization, they often neglect investing in shielding the most common attack surface motivated hackers use to gain access: employees.Over-familiarity with and blind trust of technology can be a dangerous thing. Click To Tweet

Let’s review some of the socially engineered pitfalls that occur all too often:

Public Wi-Fi: Public Wi-Fi is to your computer network as Kryptonite is to Superman or garlic is to a vampire. Unless you are sending out information that is encrypted via a secured site, never conduct any business from an unsecured Wi-Fi hotspot.

Public Places: In the space of two seconds, it would have been possible for a thief to take screen shots of the third quarter plan with a smartphone or to swipe the smartphones and stick drives or even one of the laptops. Any document, especially any document with links to your organization, is all a cyber thief needs to get going. Never leave documents unattended.

Ever hear of visual trespass? It is the practice of someone in any public space looking over your shoulder viewing your computer screen. Here’s an apt example: Alison, the head of tax and audit for a publicly traded company, was traveling and noticed a stranger was trying to observe her computer screen in an airport while she was working on her corporation’s soon- to-be-public 10-k filing. While the stranger may have been rude (and not a cyber thief), the person working on those financials was misguided and careless.

Moreover, public conversations that should be held in private can undo a company quite easily. Recently, the same Chris from earlier was in O’Hare airport while a gentleman next to him was on the phone with a colleague who needed access to a file. The helpful companion, within earshot of Chris, decided it was a good idea to give his coworker his personal password so he could access the file. If Chris was an opportunist, he could have simply made conversation with the unsuspecting traveler later and traded business cards, giving Chris his username and company along with his password. The businessman would have been none the wiser.

Phishing: Remember those emails we once received from Nigeria, Lithuania, or Romania that named us as the heirs to great fortunes? All they needed to secure the millions owed to us was a credit card number. People fell for it in droves. Then there were fake job postings that asked us for background information. The postings looked legitimate and we fell for that too. We gave them what they asked for.

Phishing has not gone away. It has become so sophisticated that we believe it comes from our bosses, a supplier, or a nonprofit we might support. The links in the email are typically malware that can infect the entire network and grab important files. Don’t fall for it. When in doubt, always verify. An interesting fact: Millennials are more prone to falling for phishing than older employees. Over-familiarity with and blind trust of technology can be a dangerous thing.

Vindictiveness: Remember that angry employee who was terminated? What precautions were taken to make sure that he or she was immediately shut out from the network? Terminated employees can sometimes be vindictive. Have a plan and protect your data so the recently fired sales executive can’t walk to your competitor with your latest leads or biggest accounts.

Vendors: Your computer network is only as good as who has access to that network. Many cyber thieves have successfully snuck in through a back door by going through the networks of your vendors. This is a potentially huge problem for any organization having a continuous relationship with suppliers. If your network is secure but your vendors have cyber security that is more like Swiss cheese, it can potentially create a huge vulnerability in your network.

Remember that while most internal IT organizations often seek funding for the latest network security equipment or software to beef up cybersecurity, they often neglect to engage their users to harden the organization from social engineering attacks that are commonly used to compromise a company. Neglecting to offer sufficient training for their users leaves the organization vulnerable to a hacker using a company’s own employees against it.

Clinton Henry is one of the world’s leading cyber security and identify theft experts. Known for his engaging keynotes and insightful perspective on business and personal cyber security, Clinton has amassed a loyal following of business and IT executives who look to him for guidance on how to protect their corporate profits and reputation from attack or compromise.

Save

9 Surefire Steps to Lockdown Your Cyber Security

By Clinton Henry

Clinton Henry“Dear Client.” That’s how the letter usually begins.

The next few sentences are a little trickier; there is really no good way for someone to hear that their data has been stolen. Unfortunately, getting this letter is becoming an all too common occurrence in business. Businesses lose more than $100 billion a year to cyber-attacks and fraud globally.

While a security breach might be one of the last things on your mind, the most recent Travelers Risk Index report shows that it’s a top concern for your clients, customers, and contractors – “Personal Privacy Loss and Identity Theft” went from barely ranking on their survey a few years ago to being number two, right behind “Financial Security.”

The expectation of cyber security has to be met with the same fervor and drive that you strive to meet all your other clients’ expectations.

1) Engage and Educate Employees: It’s important that you create a culture of security within your organization because security is everyone’s responsibility. If you don’t have buy-in from all your team members, you’re exposing your business to unnecessary risk. The majority of attackers gain access to networks via social engineering and the manipulation of a user within an organization, not via command line “hacking” from a dark, Cheetos-filled basement somewhere, as the movies often portray. Why would someone spend days trying to crack your accountant’s password when they can simply call your IT desk pretending to be your accountant and ask him to reset it to something new?

2) Anti-Virus: Having an up to date anti-virus deployed on all of your desktops and servers is vital. An unprotected computer is an easy target for a motivated attacker. Don’t make it easy on them – pay for anti-virus and make sure it’s regularly updated by your IT staff.

3) Password Management: It’s important that you and your employees leverage strong, complicated passwords that aren’t easy to guess. There are now hacking applications you can plug into a computer that will run through the most common 10,000 passwords used in about four minutes, trying each of them. You’d be surprised how many folks with access to critical data have the password of “password,” or if they are feeling clever, “password1” (Did this just guess your password? Go change it!).

4) Secure Your Networks: Without getting too technical, just know that having a firewall between your corporate network and the Internet is very important. If you don’t, there is very little stopping someone from freely accessing your data.

5) Secure Your Cloud: No matter what cloud provider or service you use, make sure you do your due diligence on their security practices. If they can’t easily and quickly tell you how your data is secured, odds are it isn’t. Also, for any accounts used to access your firm’s data, make sure you have strong passwords and only access it via a computer you own or trust. If you access your cloud on an infected machine, a hacker could potentially learn your password and use it later on without your knowledge.

6) Protect Banking Information: Make sure that all financial data, accounts, and records are kept secure and segregated from the rest of your business’ general shared drives. If financial transactions are conducted electronically, ensure they are done over an encrypted connection and that your employees never email account numbers, credit card information, or sensitive financial documents.

7) Backups: One of the most common types of breaches now being seeing are called “ransomware” attacks. Instead of “stealing” data from your organization, these attackers find your critical data and then encrypt it (digitally locking you out of it), making it so only the person with the digital “key” can unlock and access that data. The hackers then offer the victim access to the “key” for a very large fee. If you’re hit with one of these attacks you have two options:

Pay the fee or restore the locked data from a recent backup. This is why backups are so important. Recently a very large hospital, a police department, and a public school (along with literally thousands of other victims) have been forced to pay tens of thousands of dollars to get their data back. Making sure your data is backed and stored separately from your main repository can help protect you from attacks such as these.

8) Physical Security: This one is self-explanatory but you’d be surprised how much client data is left lying around the office. Ensure your partners, trusted employees, and finance team lock away any sensitive documents when they aren’t working with them.

9) Mobile Devices: While they are a convenience and increase productivity of the staff, mobile devices mean that your clients’ sensitive data can potentially walk out your firm’s door without you ever knowing it. Make sure that all mobile devices used to access corporate data have passwords (your email server can force this requirement), and if you have employees that use laptops you should look at having the hard drives for those machines encrypted. Most modern operating systems have encryption built in (you just have to enable the feature), and it’s foolish not to leverage it. If an employee accidently leaves a laptop on a plane or in the back of a taxi, you’ll be guaranteed that all data on it is secure and protected.

Your business, your brand, and your bottom line depend on the trust you develop with your clients. Handling the items listed above will go a long way in protecting all three.

Clinton Henry is one of the world’s leading cyber security and identify theft experts. Known for his engaging keynotes and insightful perspective on business and personal cyber security, Clinton has amassed a loyal following of business and IT executives who look to him for guidance on how to protect their corporate profits and reputation from attack or compromise.

Save

Save

Should You Copyright Your Website?

By Andrew A. Gonzales, Esq.

Andrew GonzalezThe Internet makes it possible for businesses to reach millions of potential customers with a website. However, the Internet can be a source of liability for a company that is careless in publishing information.

If you have a blog, write articles, or manage an online magazine, chances are you have experienced—or will have—content stolen. The stolen content can be reposted on other blogs, article websites, and personal websites without proper attribution. Sometimes website content is copied in its entirety from your site to another website. There are also situations where your content is reposted with proper attribution, but without your permission.

The good news is that no matter how or why your content is used without your prior knowledge: there are measures you can take for such protection. There are even ways to prevent your content from being stolen in the first place.

How Do I Find Out If Content Has Been Stolen? Set alerts that make it simple to keep an eye on your website content and potential piracy. Set alerts for both your domain name and business name so anytime they show up in the search engine, you receive notification.

Who Owns or Hosts the Site? Contact the offending party directly to put them on notice to immediately remove infringing content. If this request falls on deaf ears, contact the online service provider (OSP). OSPs are often more efficient when it comes to removing potentially infringing content than web owners.

The Digital Millennium Copyright Act (DMCA) is landmark legislation that updated U.S. Copyright Law to meet the demands of the digital age. You can also send a DMCA Takedown Notice to the OSP requesting that they remove or block the offending pages from the suspect website.

What is a Copyright? Copyright is a form of protection given to authors of original works, including literary, dramatic, musical, artistic, and other intellectual works. A copyright automatically comes into existence the moment an author fixes work in a tangible form. This protection gives the owner of a copyright several exclusive rights:

  • to reproduce the work;
  • to prepare derivative works (works that adapt the original work);
  • to perform or display the work publicly;
  • to distribute copies of the work to the public by sale, rent or lease.

Why Should I Consider Copyright Registration? You’ve probably noticed phrases like “All Rights Reserved” or “Copyright 2016,” or perhaps the copyright symbol and a date at the bottom of a website. What does this mean? Do I need to copyright my website?

Registering a copyright with the United States Copyright Office is not mandatory. Copyright protection exists without registration; however, the “work” must be registered prior to filing an infringement case in court. In addition, the copyright owner will be eligible to receive statutory and actual damages as well as legal costs and attorneys’ fees from a copyright infringer. Registration provides notice to the public that you own the work making it more difficult for someone to claim they unknowingly infringed upon your copyright. There is also added credibility registration brings to the work.

Should I Register my Website? Copyright violation is illegal, but it can be difficult to prosecute offenders without copyright registration establishing a public record of ownership. If the content of your website is original (not a template), or if it includes an original work, it can be protected. Website registration will generally be made to protect the textual, graphic, and audio content of a site. All of these components should be submitted to obtain the broadest scope of legal protection.

Putting the Public on Notice: If a website contains copyrightable materials, a copyright notice should, at the very least, be placed on the site’s home page. Although not required by law, it is not a bad idea to place notice on every page of the website. The circle © puts the world on notice that you claim a copyright in the work. The proper way to use the © is in connection with the year of first publication and the copyright owner’s name (i.e. © 2016 Jane Doe or Copyright 2016 Jane Doe).

If you really want to make it clear that all aspects of your site are copyrighted, you may use a notice such as: All website design, text, graphics, selection and arrangement thereof, and software are the copyrighted works of Jane Doe © Copyright 2016.

Content theft on the Internet will always be a problem. Bear in mind that U.S. Copyright laws, cease and desist letters, careful monitoring, and all other actions can only get you so far. There is no 100% foolproof way to stop such action, but legal intervention may be warranted.

Andrew A. Gonzalez, Esq. is an experienced attorney with over twenty-five years in practice. He focuses his attention on business and intellectual property matters. He provides sophisticated services to commercial and individual clients who need to effectively compete in a business environment. For more information, please call 914-220-5474 or visit www.golawny.com.

The Internet: Once a Curious Novelty Becomes an Essential Business Tool

By Peter DeHaan

Author Peter DeHaanI first heard about the Internet over thirty years ago from one of my college friends. He landed a job with a computer mainframe manufacturer and was assigned to work at a university. He regaled me with tales of instantaneously sending text messages across the country at no cost. “That is fantastic,” I said. “How can I get in on this?”

“You can’t,” he replied matter-of-factly, “not unless you’re at a major university or work for a defense contractor.” I was disappointed. My visions of fast and free communications faded as quickly as they formed. With little more thought, I dismissed the Internet as a non-issue, one with limited utility and no future.

That was in 1981. Fast-forward a decade. Suddenly, it seemed, everyone was talking about the Internet. I was perplexed. How could something so limited be treated as the next big thing? Had something changed to make the Internet a practical reality for the masses? Indeed, it had.

I signed up for a dial-up Internet account. Back then, using the Internet seemed like a waste of time. It took eons to be connected, a bit of luck to stay connected, and patience to accomplish anything useful – not that there was much to do from a business standpoint. When a colleague would get email, I would note their address, but would invariably pick up the phone for any future communication.

As more people became connected, I tried to check email once a day, while checking voicemail multiple times. However, it wasn’t long before I was checking email several times a day and voicemail only once or twice. Now I have dedicated Internet access and spend all day connected, receiving, and sending hundreds of messages. All too often, I forget to check voicemail.

I recently considered what my day would be like without email. Indeed, about 99 percent of my publishing work is accomplished via email. Articles are submitted electronically, then routed to our proofreaders, passed back to me, and finally forwarded to production. Design proofs are sent as PDF attachments, and communication with my printer is via email. Without email, we would play phone tag and rely on snail mail and overnight delivery services. This would increase costs and lengthen our production cycle. In fact, if I only had the phone and delivery services for communications, I would need to hire an assistant just to accomplish the same amount of work. Plus, I would not be nearly as effective or efficient. In short, the Internet is great!

Email is just one aspect of the Internet; the World Wide Web is another part. Once the realm of large companies with big budgets, websites are now expected for organizations of all sizes. In many cases, divisions, departments, and even projects within organizations boast their own website. Nowadays, an organization without a website is viewed as second rate or is ignored. Websites are also a great equalizer, leveling the playing field between major corporations, smaller competitors, and start-ups.

One seemingly obvious feature of websites is to provide a means for further communication. Therefore, a “contact us” page is a common element. Yet, it’s confounding when contact information can’t be found. These organizations should want to interact with customers and prospects, but visitors to these sites can’t call, write, or even email.

Of course sending a message to an email address found on a website isn’t any guarantee of dialogue. Once, when researching an article, I used a search engine and contacted the first ten companies listed via email. One site responded within five minutes with a personal response. Two more followed later that day, and a fourth, three days later. But six never responded or even acknowledged receipt of my message. Now it could be that a message or two got lost in cyberspace. That does happen, but certainly not 60 percent of the time.

In another instance, I sent out a targeted email to over 100 addresses gleaned from printed directories and listings. Again, the results were disconcerting. Six percent were returned because the mailbox was full, 8 percent were rejected because the domain name was “unknown,” 14 percent were refused because the user name “could not be found” and 61 percent did not respond, and only 11 percent replied.

This suggests some steps to take to achieve the best Internet results. The first is basic, but often overlooked: periodically verify that your website is up and running. True, there are software programs that can do this, but who is checking to make sure the programs are actually running? Plus, who is watching for error messages?

A second critical task is to periodically send out test email messages to important email addresses. If it bounces back or there is an error, the recipient or technical staff can be contacted to correct the problem. This is especially needed for generic email addresses, such as info@…, sales@…, customerservice@…, and so forth.

Don’t leave your online presence to chance. The risk is too great.

Peter DeHaan is a magazine publisher by day and a writer by night. Visit peterdehaan.com to receive his newsletter, read his blog, or connect on social media.