Cybersecurity and Intellectual Property Risks: How to Be Prepared
With years experience under her belt, Jura Zibas speaks to us this month on cybersecurity risks companies are facing now that more and more organisations are working remotely.
She also touches on common intellectual property risks and what companies can do to ensure they do not fall short on compliance.
- How has the pandemic impacted cybersecurity?
Cyber incidents have increased for businesses, individuals, agencies as everyone is working remotely. The infrastructure and conduct of individuals are part of the reason for the increase. With everyone existing on the computer more around the clock, statistically, there is more opportunity for exposure to increased incidents. The incidents are not only breaches by hackers, but phishing, fraudulent accounts and loans; plus, many more creative criminal activities are surfacing from countries outside the US. The WiFi infrastructure and mobile networks continue to be too weak for the additional stress on the system.
- What should companies be looking out for to avoid cybersecurity issues presented by COVID?
While companies should definitely consult with their IT departments or outside IT vendors to confirm they have updated their software to fight the opportunity for intrusions, education on the part of employees, vendors and IT departments remains the biggest issue. Regardless of how much we hear about cyber incidents, people still get duped. They click on attachments even if they do not recognise the email address of the sender. People are fooled by the fake emails from PayPal, Banks, retail chains and do not realise how much data is gathered by entities outside the US. The data is valuable. Employees receive emails, click on them inadvertently and their entire company network is infiltrated. The ransomware remains an issue. Fraudulent wire transfer requests and loan documents are definitely on an upswing. When employees are asked to pay a vendor via wire, look at the email sender carefully and call to verify via phone. You should never stop trying to educate in this area.
The most prevalent violations I see are not privacy law violations, but the copyright infringement from the use of images and music online – whether on a website used for advertising, selling or just information.
- Supply chain cybersecurity is a constant area of focus for many enterprise organisations and has become increasingly complex due to digitisation; were businesses prepared to become more digital and cyber secure? What points should they tick off their list, in order to be as secure as possible in this area?
No one is truly prepared for supply chain cybersecurity protection. In March 2020, the world was not totally ready, but while the implementation of processes to help the supply chain delivery, it seems companies are starting to think about future supply chain solutions. At a minimum, for the present, companies should confirm the supply chain has implemented application programming interface (APIs) and software that is compatible. For the future, it is time for the supply chain to use radio frequency identification (RFID) on all products and other contactless asset tracking technology. With the pandemic, it seems RFID is growing in recognition as companies globally are looking at how to integrate RFID. An RFID tag can be associated with every box, every product, every item and with the installation of antennas and high-quality software systems, the supply chain tracking becomes contactless and more efficient. I work with innovative hardware software technology companies who have unique, patented RFID asset tracking systems. It is revolutionary in many ways, as the applicable software platform for the RFID asset tracking can easily integrate into a third-party system, providing assurance that a company can locate, move and replenish assets throughout the supply chain.
- Data protection and personal privacy rights continue to grow in importance. How can firms get their arms around security efforts?
Data protection is covered by overall system security protection. Ideally, firms should institute the maximum total data protection software and policies. Use of personal emails and social media may lead to inadvertent disclosure. There is no secret weapon to understand the breadth of personal privacy rights that must be protected in every business. The reality is someone needs to know the various ever expanding privacy laws in every country and state. While California started a wave of more stringent privacy law protections, when you sell online, when you store data, you have to protect data and remember, a data breach can also be viewed as breaching privacy rights. While we are focusing on cyber here, privacy rights also protect information posted online in social media and information shared with the public about a person. Before you post, think about the source and if the person whose picture that will be blasted all over the internet gave permission.
- To survive this dynamic environment, organisations must modernise their approaches and equip themselves with the suitable tools to stay competitive. What tools and methods help?
There are multiple resources to identify the best tool for your industry and for the C Suite to work with technology experts to select suitable tools to fit the needs. Again, I cannot emphasize enough, that scientific and technical education and learning, the ability to use common sense and analytical skills to walk through the technical issue to identify the solution, remains the number one tool.
Unfortunately, human error whether clicking or failing to update software or APIs that are not sufficiently providing the scope required for a company.
- What are state and federal laws that are often at risk of being unknowingly violated by companies?
I want to diverge a bit from the cybersecurity topic and capture the latest in intellectual property. For many years, prior to the advent of cybersecurity and cyber incident trends, I practised in the area of copyrights, patents, trademarks, trade secrets. The most prevalent violations I see are not privacy law violations, but the copyright infringement from the use of images and music online – whether on a website used for advertising, selling or just information. The tool of IP enforcers is software that track uses, even uses of images you may have forgotten were still on a website page and were never viewed. But US Copyright Laws are not forgiving; you can be liable. If you sell real estate and want to clip articles to add to your website, or merely re-posting a video from YouTube that includes some fantastically popular song, think first. Letters are sent, lawsuits are filed asking for statutory or actual damages. It quickly becomes costly. During the pandemic, there has been quite an uptick in copyright infringement cases. While people spend hours of a day staring at their computers and relying on the information viewed online, they find potential patent infringement by competitors, former partners and strangers. The key is to always know the source of images, music and products. Make no assumptions. Spend the time obtaining permission or at least, do some due diligence before posting that image.
- There has been a spike in phishing attacks, Malspams and ransomware attacks as attackers are using COVID-19 as bait to impersonate brands thereby misleading employees and customers. What could have been done to avoid this?
Education! People still fail to look at the full email address of the sender to validate it and assure it is someone the recipient may know. Common sense is the key tool – when the address looks odd, has many unknown digits or clearly has the designation of a foreign country you do not do business with, do not click! Never take down your guard in confirming the legitimacy of an email. Make sure when you see that UPS tracking email, look at the sender email, confirm its legitimacy. Unfortunately, human error whether clicking or failing to update software or APIs that are not sufficiently providing the scope required for a company.
- Please share your journey into law.
My journey was actually not planned, but a side step. I was always interested in and focused on math, computers, chemistry leading on the path to dental school or medical school. After attending dental school, earning recognition for cancer research, it was recommended that I consider law, apply my scientific background, obtain a patent registration and practice law. Then, a federal judge recommended I take a position as a public defender to learn to try cases – there is no way to become a trial lawyer unless you try cases for the underdog when facing a jury. I will forever appreciate the superb training I received at my first courtroom role because from then, the journey began. I moved into an administrative law judge role, then private practice. Private practice was varied in different states, but I became a strong transactional lawyer by being a litigator first. Common sense, analytical skills and remembering the importance of helping businesses thrive when evaluating the law is a strategic path I will always follow.
- What challenges have you faced as a female lawyer? How have you overcome them? In reality, the pay differential remains a constant and I just continue to work hard to overcome all challenges faced as a female lawyer. Female lawyers do not help other women, unfortunately, on a regular basis. The women’s organisations want to help, but men still have an important role in law firms and business, and while women in corporate legal departments will sometimes focus on hiring women, it is still a small percentage. Once people feel comfortable speaking the truth, and social media does not attack them or ruin their lives, the challenges for women will become easier but not extinct.
- What is the most important lesson you have learnt throughout your legal career? Work hard, be responsive and remember, your legal skills are always valuable. Be the best lawyer you can – this will benefit you, your clients and your future. I always remind young lawyers, we are conduits to help business people. My goal is to help businesses grow, not defeat their spirit by making the pursuit of legal advice beyond the reach of every businesses pocketbook. I have learned the lack of common sense, lack of science and technology training, leads to a need for lawyers who can think analytically but also understand technology. Continuing to learn and keeping up with developments, remains a key part of my livelihood.
Jura C. Zibas
Attorney at Law
Wilson Elser Moskowitz Edelman & Dicker LLP
150 East 42nd Street
2063 Main Street, Suite 100 New York, NY 10017, Sarasota, FL 34237
Jura Christine Zibas is co-chair of the firm’s Intellectual Property practice and a member of the Information Governance Leadership Committee. She has an extensive technology background and focuses her legal practice on intellectual property, technology and commercial matters. Relying on her scientific and analytical skill sets, Jura assists in solving legal issues that involve intellectual property rights, cybersecurity and complex business disputes.
More than 800 attorneys strong, Wilson Elser serves clients of all sizes, across multiple industries and around the world. Wilson Elser has 38 strategically located offices in the United States and one in London. It is also a founding member of Legalign Global, a close alliance of four of the world’s leading insurance law firms, created to assist companies doing business internationally. This depth and scale has made it one of the nation’s most influential law firms, ranked in the Am Law 200 and 54th in The National Law Journal’s NLJ 500.