Bernstein Shur Monthly – October 2017
October is National Cybersecurity Awareness Month
This is the perfect time to reflect upon what steps your organization has taken over the past year to enhance its Cybersecurity posture and what is actively being done to improve it. Cybersecurity is not just a checkbox that can be marked as complete while moving on to the next project.
While in the recent past Cybersecurity was considered an “IT issue” it is now an organization-wide and board level concern. Just as you may put a large amount of time and effort in to your payroll, business development, financials, and running your day to day business operations, you must be looking at your Cybersecurity investments and what you are doing to protect your business.
All it takes is one single click and all of the hard work and effort you and your employees have put in to the business may be gone. The US National Cyber Security Alliance recently conducted a survey and found that over 60 percent of small businesses fail within a 6 month period after being hit with a cyber-attack.
Everyone in your organization should be aware what Cybersecurity means and particularly what it means to your business. While technology plays an important role in Cybersecurity, arguably your employees, policies, and procedures are just as important, if not more so, in protecting your business.
Can you safely answer “yes” to the following statements and questions?
- My employees are aware of what Phishing means and how to identify malicious emails.
- Our business has a requirement that all employees are trained, at least annually, on Cybersecurity best practices.
- My business performs regular backups and tests to make sure we can restore data from backups.
- If my business had a ransomware attack and I lost all of my data, could I recover?
- If I am hacked, do I have the proper insurance, technology, and experts to help respond and recover?
- I have reviewed all of my contracts with third party vendors and they contain the appropriate information security requirements and risk allocations to account for the types of data to which my vendors have access.
Addressing all aspects of Cybersecurity is an iterative process, and one that you should keep top-of-mind throughout the course of your daily business activities. To learn more about how you can start to enhance your Cybersecurity posture, please contact Matt at email@example.com, or Josh at firstname.lastname@example.org for an in depth technology and legal assessment.
A Reminder from the Federal Trade Commission to Social Media Influencers: Disclose Paid #Ads
By: Ari Solotoff
Given the increasing popularity of social media platforms like Instagram, which just surpassed 800 million monthly active users, the FTC’s staff recently updated its Endorsement Guides describing the “do’s” and “don’ts” for social media influencers (“Influencers”). In a series of 20 FAQs covering topics from sponsored tags, to the use of hashtags, to the location of disclosures within a post, the FTC has summarized the essential truth in advertising requirements as applied to online and social media endorsements.
Generally, when an Influencer includes an opinion within a social media post about a product that she paid for herself, neither the Influencer nor the company would be legally responsible for failure to make adequate disclosures. However, when an Influencer generates content in response to a benefit or compensation from a company, the affiliation must be “clearly and conspicuously” disclosed. This results because when an Influencer speaks on behalf of an advertiser, it is a form of “commercial speech,” which violates the law if it’s deceptive.
Rather than issue a series of black-and-white rules, the FTC’s Guides provide a set of general principles that the FTC uses when evaluating whether a particular endorsement is deceptive or misleading. Under the FTC’s rules, an endorsement means any advertising message that consumers are likely to believe reflects the opinion, beliefs, findings, or experiences of someone other than the sponsoring advertiser, even if the views expressed are identical to those of the sponsoring advertiser. Both Influencers and brands may be liable for failing to clearly and conspicuously disclose a material connection, such as an endorsement, within a social media post.
To mitigate the risk of an FTC investigation, Influencers should adhere to the following guidelines when posting content:
- When to Disclose – An Influencer must clearly disclose when he has a financial or family relationship with a brand. When an Influencer pays for a product himself, there is no issue. The FTC is only concerned when a company pays the Influencer or provides something of value (e.g. free product) to mention a product.
- How to Disclose – No special wording is required. Instead, what matters is clear communication. Starting a tweet or Instagram post with “Ad:” or “#ad”, which takes only 3 characters, would be effective. Avoid ambiguous disclosures such as #thanks, #collab, #sp, #spon, or #amb.
- Where to Disclose – Disclosures should be hard to miss. On Instagram, disclosure must appear above the “more” button, which appears on Instagram captions that are longer than three lines. Disclosures should not be hidden or buried in blocks of text people are not likely to read or in hyperlinks.
Beyond publishing its updated Endorsement Guides, the FTC has also been taking Influencer activities more seriously. For example, the FTC recently sent 90 educational letters and 21 follow-up warning letters to Influencers and companies with a reminder that “material connections” must be clearly disclosed.
Whether you are an Influencer with questions about how to work with a brand endorsement, or a company interested in engaging a social media Influencer, we can assist you with navigating the FTC’s disclosure requirements. Please contact Ari Solotoff at email@example.com for further information.
The data systems of the U.S. Securities and Exchange Commission have been compromised by hackers.
By: Daniel Murphy
The breach, which took place in 2016, affected the SEC’s EDGAR portal, which is used by corporations to file financial reports and information. News of the breach has not been formally acknowledged by the SEC, but media sources have confirmed that the FBI and U.S. Secret Service have commenced an investigation. Sources also stated that the SEC could not confirm improper retrieval of data, despite the hack. Based on an internal memo describing the hack, it is understood that it was routed through computer systems located in Eastern Europe. In recent years, the agency has come under fire for inadequate computer safeguards. Earlier this year, the U.S. Department of Homeland Security identified numerous critical vulnerabilities in need of correction after scanning a representative sample of computers and systems.
Bernstein Shur Flies High at Maine Municipal Association’s Annual Meeting
By: Phil Saucier
Bernstein Shur has a long professional relationship with the Maine Municipal Association and the firm’s service areas are far broader in scope than just legal work. As an example, Jason Levasseur, a drone consultant and IT Training Specialist at Bernstein Shur, recently participated in the Maine Municipal Association’s Annual Conference at the Civic Center in Augusta. As a follow-up to a recent presentation on drones at MMA (along with Bernstein Shur shareholders Phil Saucier and Mike Bosse), Jason was asked to give a drone demonstration at this conference to show how they are increasingly being utilized by municipalities in support of various departments including fire, code enforcement and tax assessment. Jason made a video of the drone demonstration which was shown twice to conference participants.
Phil Saucier, Chair of the Firm’s Municipal and Governmental Services Practice Group, also gave a presentation during the conference entitled “The Law Court’s Frustration with Municipal Land Use Ordinances – Where do we go from here?” Phil presented, alongside Beth Della Valle, Director of Planning and Development for the City of Sanford, and Lee Jay Feldman, Director of Planning at the Southern Maine Regional Planning and Development Commission, on the Maine Supreme Judicial Court’s recent decisions expressing frustration with municipal land use ordinances. The panel explored the court’s concerns and discussed the extent of legal and planning latitude available to municipalities in deciding whether and how to change their ordinances.
Here are a few pictures of the event, taken by the drone, below:
Natural Disasters and the Construction Industry
By: Mike Bosse
We are generally lucky in New England. Tornados and Hurricanes are extremely uncommon in our region, and the snowstorms, rainstorms, wildfires and heat waves that we do have are usually non-life threatening. With the repeated hurricanes hitting the United States this year, however, it is worth thinking about how natural disasters can affect the construction industry, both in terms of day to day operations, as well as being part of the response to the disaster.
First of all, there is the actual disaster itself. Natural disasters are scary events, and can cause widespread personal injury and property damage. As the recent events in Miami, Houston, and Puerto Rico, and some of the other Caribbean islands demonstrate, there may be initial chaos during the disaster and immediately afterwards, trying to locate loved ones and assess the immediate damage to one’s own property, as well as the immediate surroundings. Unfortunately, it also seems that natural disasters are now followed by spikes in crime more often than not, with individuals trying to profit from others’ misfortune.
The construction industry is usually involved in assisting in the recovery following natural disasters. The heavy equipment we have in the industry, and our general labor experience lend themselves to being part of a cleanup. Clearing roads, removing trees, restoring power, and transporting of people are all common events following a disaster. In New England, those in the industry have been called upon to respond to a couple of nasty ice storms that took out electricity to large geographic areas for several days in the past two decades. That type of response, to any natural disaster anywhere in the country, puts a drain both on the individuals who are working long hours, as well as their families if the cleanup effort is anything other than modest.
Then there is the ripple effect back on the companies that are helping out, as their labor forces are depleted and they do not have the ability in the short term to work on new projects, or maybe even the current ones, that are bringing revenue into the companies to keep them on track. Revenue may also suffer a slowdown, however, because some of the projects that are in process literally become unworkable depending on the nature of the disaster. The construction industry, like others, can literally grind to a halt and at least temporarily weaken the economy, as was just borne out by the repeated hurricanes that hit the Southeastern coast.
Then of course, there are the projects themselves, in whatever state they were before, and after, the disaster. A whole host of issues can come up on the projects, from the time of the disaster, to getting the projects back up and running again. In the best case scenario, either the general contractor or the owner will have a builders’ risk policy in place. As many know, a builders’ risk policy protects the value of the work in place, and is sometimes referred to as an “all risk” policy. There is no insurance policy that covers all risks, but the intent of a builders’ risk policy is to come in and be able to allow the project participants to rebuild the project to its status just before the disaster, with the general contractor being paid for that effort. In New England, likely the most common instances of having a builders’ risk policy respond are after fires on partially construction projects, where the work is destroyed and a rebuild must occur.
In the event that no builders’ risk policy exists, a project may literally be scrapped or never advance to completion. The contractor may be excused for the contracted performance because of what is referred to as a “force majeure” event, or the owner may not have the money to finish the construction.
Then there are subcontractors and suppliers on the various projects. Some subcontractors may not be able to perform going forward and may have to be replaced on a project. Some suppliers will likely face a shortage of supply depending on the nature of the disaster, causing a spike in prices.
Well after the disaster, important work can and should take place inside and outside the industry about how to improve the quality of buildings to better withstand natural disasters in the future. One example is how construction on the west coast has evolved to respond to the continuing risk of major earthquakes, with buildings now better engineered to withstand quakes that would have leveled the buildings just decades ago.
Luckily, deadly natural disasters are very uncommon in New England. But with each passing year, the storms seem to get stronger, more destructive, and more deadly, no matter where we live. Hopefully by the time this article is published, hurricane season will have passed without any further damage to our people and our homes.