My Queue

There are no Videos in your queue.

Click on the Add to next to any video to save to your queue.

There are no Articles in your queue.

Click on the Add to next to any article to save to your queue.

There are no Podcasts in your queue.

Click on the Add to next to any podcast episode to save to your queue.

You're not following any authors.

Click the Follow button on any author page to keep up with the latest content from your favorite authors.

Growth Strategies

This Means War

Put up your best fight to protect your network, or you could be held liable for damages to customers.
Magazine Contributor
3 min read

This story appears in the November 2003 issue of Entrepreneur. Subscribe »

In the latest legal turn in computer security, you may be held liable for failing to protect your network. Attorney Eric Begun, a partner at Blank Rome LLP in Philadelphia, points to two recent examples. In April, the Maine Public Utilities Commission (MPUC) fined Verizon Wireless $62,000 for service disruption following an SQL Slammer worm attack in January, due to a vulnerability in Microsoft's SQL Server 2000. Also this year, Guess? Inc. agreed to a legal settlement after the FTC found that customer information on the Guess? Web site was vulnerable to hacking (though no one hacked the site). In both cases, the companies failed to take the security steps that others in the industry had taken.

The virulent Slammer worm attacked networks, bringing them to a virtual standstill as it sent out hundreds of clones per second. Verizon took its data processing network offline for 30 hours to prevent further disruption and to fix the problem. When MPUC fined the company for the disruption under its service-level agreement, Verizon claimed it was not responsible for "situations beyond its control." MPUC rejected that argument, noting Microsoft had recognized the possibility of a worm the previous July and had posted a security patch twice since then, which competitors in the industry had used. Meanwhile, Guess? was collecting detailed personal information from its online customers, promising to store all personal information "in an unreadable, encrypted format." But an FTC investigation showed that for two years, the Guess? Web site was actually vulnerable to reasonably foreseeable hacker attacks, despite warnings in the industry and readily available security measures. Guess? agreed to a settlement, under which, for the next 20 years, it will maintain a comprehensive information security program, submit to audits of the program, and report on compliance.

"This is a hint about where the law may very well end up- serves as a heads-up," Begun says. Indeed, California just enacted a law requiring companies to report to their customers cases of unauthorized access to customer data. Take a lesson from Guess?, and make sure your privacy policy is accurate. Don't just copy another company's privacy policy without understanding it (copyright issues aside), or write one so reader-friendly that it misrepresents reality.

Begun advises business owners to get up to speed on security issues so they can negotiate intelligently with their Web host. Most data processing services and Web hosts offer a service-level agreement that includes a refund or credit if a given level of service isn't maintained. Such agreements may have an exception for events outside the host's control. But you can inform them you don't consider hackers and worms to be beyond their control.

Jane Easter Bahls is a writer in Rock Island, Illinois, specializing in business and legal topics.

More from Entrepreneur

Terry's digital marketing expertise can help you with campaign planning, execution and optimization and best practices for content marketing.
In as little as seven months, the Entrepreneur Authors program will turn your ideas and expertise into a professionally presented book.
Create your business plan in half the time with twice the impact using Entrepreneur's BIZ PLANNING PLUS powered by LivePlan. Try risk free for 60 days.

Latest on Entrepreneur