Comptroller Announces Texas Taxpayer Bill of Rights

Yesterday the Texas Comptroller of Public Accounts, Glenn Hegar, announced the creation of the Texas Taxpayer Bill of Rights.  These were promulgated as part of his goals to address taxpayer concerns in an efficient and respectful manner.  I’ve listed the short version below, but you can access the Taxpayer Bill of Rights here.

  1. You have the RIGHT to Fair and Equitable Treatment
  2. You have the RIGHT to Privacy and Confidentiality
  3. You have the RIGHT to Understand the Taxes You Pay
  4. You have the RIGHT to Pay Only What You Owe
  5. You have the RIGHT to Representation
  6. You have the RIGHT to Contest a Decision
  7. You have the RIGHT to Request a Waiver of Penalties
  8. You have the RIGHT to Simpler Tax Filing
  9. You have the RIGHT to Courteous, Accessible Assistance from a Real Person
  10. You have the RIGHT to Know How Government Spends Your Tax Dollars

Educate Your Employees on Spear Phishing Attacks Now

The latest victim….the White House.  That tells you all you need to know about just how effective spear phishing is as a tactic to infiltrate a computer system.  If the attack is effective against that target then you better believe it could happen to your business.  It happens to businesses across the country on a daily basis.  If you haven’t taken this matter seriously, now is the time to do so.  Educate your employees on how criminals employ the tactic.  Educate your employees on what to look for to avoid your business becoming a victim.  Take steps to protect your business before it becomes a victim.  And develop a plan of action to respond if it fails.

Why are Criminals Targeting Smaller Businesses for Spear Phishing Attacks?

Simple answer, they are easier targets.  Small companies tend to not have the same IT infrastructure and security that larger companies have in place.  They also tend to have less formal rules and restrictions on employee use of company computers.  This creates an easy target for criminals.

Small business have access to information that is just as valuable to hackers as larger companies.  Small businesses often provide services to government agencies or other larger public companies and as such, have valuable information in their possession or offer a pipeline into these more lucrative targets.

What is “spear phishing?”

Spear phishing is a specific type of cyber attack that appears to be from someone or some company you know.  The target receives an email, often with some information about the individual or business contained in the email such as a person’s name, the company’s phone system, or bank.  Where does that information come from?  The target’s online presence.  Think about how much information is readily available regarding your business and the people working for it.  Do you have a contact page on your website with names and email addresses?

This spear phishing email comes with a ZIP file attached or a camouflaged link to an automatic download.  Sometimes the ZIP file is described as a PDF or other harmless file type.  Click to open the attachment or the link and the target is caught.

What happens after your caught?

It depends.  Some attacks are passive, meaning the hackers are simply accessing your computer system to observe and acquire information.  There is at least one case where the hackers had access to a company’s system for over a year before anyone noticed! Hackers can monitor passwords and company activity.  This can affect individual employees accessing personal accounts from work as well as the company.  If the employee types in ID and password information to access a personal or business bank account, the hacker now has that information.  Think about the potential exposure of your company’s trade secrets too.

Some attacks are active, meaning the hackers are accessing your computer system in an attempt to gain control over some portion in order to further their goals.  The hackers then use that control to continue their efforts within your business or using your business as cover.  In the White House breach, for example, it is widely reported that the attack came after hackers infiltrated the State Department to gain control over a legitimate email address which they then used to hack into the White House system.

In other cases the hackers take control of your system and hold it hostage.  Once in your system, they take control of your company files then encrypt them and prevent your business from having access to them.  The next thing you receive is a ransom demand.  Pay up or lose the files forever.  You can read about some of these cases in an NPR story here.  It happens to police departments as well.  Even law firms have been victims.

How Much Could A Spear Phishing Attack Cost Your Business?

Smaller attacks are relatively cheap.  A few hundred dollars paid by the deadline will get you the encryption key to unlock your files in some cases.

In other cases, the potential financial exposure is much higher.  The attacks are becoming much more sophisticated.  More sophisticated programs will search out more valuable files. And if it locates them, guess what?  The price goes up.  The CAD designs for that $30 million dollar construction project are going to cost you a lot more to get back than the generic everyday company files.

Don’t forget the potential liability your company may have to third parties as well.  If your files are compromised and the information accessed by the hackers includes personal information protected under privacy laws, then your business may be in for some significant expenses.  Many states (including Texas) have breach notification laws.  Fail to comply with the breach notification laws and your company could face significant fines.  If the information is used by the attackers and a third party suffers a loss, your business could be subject to a law suit as well.

There is also lost business to consider.  If your client learns that its confidential information was lost because your company didn’t take adequate measures to protect it, then how long do you think you will have that client?

 

NLRB General Counsel Memo Discusses Lawful and Unlawful Employer Handbook Rules

This past week the General Counsel for the National Labor Relations Board published a memo titled “Report of the General Counsel Concerning Employer Rules.”  You can download the PDF by following that link.

The report provides an update on the General Counsel’s view of lawful and unlawful employer handbook policies in the areas of confidentiality, professionalism, anti-harassment, trademarks, photography/recording, and media contact rules.  The memo provides examples of policies the General Counsel found lawful and unlawful under each area.

The NLRB GC has been actively challenging certain types of employer policies over the past few years as violations of Section 8 of the National Labor Relations Act.  Under Lutheran Heritage Village-Livonia, 343 NLRB 646 (2004), an employer’s rule may violate Section 8 of the NLRA if employees would reasonably construe the employer rule to prohibit Section 7 activity.  Section 7 activities include, among other things, the right for employees to engage in concerted activity with regard to their working conditions by commenting or speaking about them with other employees and third parties.

The GC has been challenging policies with broad prohibitions on things such as social media comments about an employer, broad definitions of confidentiality, and broad prohibitions on contact with media regarding an employer as violations under Section 8.  The GC has also actively challenged employer policies that prohibit recording or photography in the work place.  This is a much greater concern for employers these days given the fact that seemingly every employee owns a cell phone capable of making an audio recording or taking a photograph.

As a result of the NLRB’s effort, there has been some level of uncertainty as to what language the NLRB would find acceptable in an employer’s policies on these topics under the NLRA and practitioners had been seeking guidance in order to properly advise clients.  This memo is the General Counsel’s response to that request.

Employers would do well to review this memo and consult with their attorney to determine whether their policies and procedures should be revised given this new guidance.

What Employers Should Know About the EEOC Mediation Process

Beginning in the 1990s, the EEOC implemented a mediation program as an alternative means for resolving employment discrimination complaints filed by employees against their employers or former employers.  You can read more about the mediation program’s history on the EEOC’s website.  This article offers some insights into the EEOC mediation process for employers, as well…Continue Reading

Employee or Independent Contractor? IRS Webinar

The IRS is hosting a webinar on March 12th titled “Employee or Independent Contractor?”  This is an opportunity for business owners with questions about employee classification issues to learn more about the IRS’s views, the investigative process, and opportunities to resolve inaccurate classifications.  Topics that the webinar will cover include: Defining “Employee” The three control…Continue Reading

What is the Texas Business Opportunities Act?

Almost everyone is familiar with the concept of franchises and franchise law but many people are unaware of another statute governing business opportunities called the Texas Business Opportunities Act.  The importance of understanding this law cannot be understated due to the penalties involved – failure to comply is by law a deceptive trade practice in…Continue Reading

Starting a Business? Here Is What You Should Know About The Non-Compete Provision With Your Former Employer (or Partner)

Folks starting a new business are often doing so after working for an employer or after departing a previous venture with other partners.  Frequently these entrepreneurs have a non-compete provision tucked into some agreement from the previous relationship that they either did not know about or have not considered.  Look closely through all of your agreements and…Continue Reading

Forfeiture Provision in Executive Bonus Compensation Incentive Program is Not a Covenant Not to Compete Under Texas Law

The Supreme Court of Texas issued its opinion in Exxon Mobil Corporation v. Drennen this past week considering whether New York choice-of-law provisions in a Texas based corporation’s executive bonus-compensation incentive programs are enforceable.  The Court’s decision ultimately turned on whether or not a forfeiture provision in those programs constituted a covenant not to compete…Continue Reading