Subscribe to Entrepreneur for $5
Subscribe

This Means War

Put up your best fight to protect your network, or you could be held liable for damages to customers.

By
This story appears in the November 2003 issue of Entrepreneur. Subscribe »

In the latest legal turn in computer security, you may be held liable for failing to protect your network. Attorney Eric Begun, a partner at Blank Rome LLP in Philadelphia, points to two recent examples. In April, the Maine Public Utilities Commission (MPUC) fined Verizon Wireless $62,000 for service disruption following an SQL Slammer worm attack in January, due to a vulnerability in Microsoft's SQL Server 2000. Also this year, Guess? Inc. agreed to a legal settlement after the FTC found that customer information on the Guess? Web site was vulnerable to hacking (though no one hacked the site). In both cases, the companies failed to take the security steps that others in the industry had taken.

The virulent Slammer worm attacked networks, bringing them to a virtual standstill as it sent out hundreds of clones per second. Verizon took its data processing network offline for 30 hours to prevent further disruption and to fix the problem. When MPUC fined the company for the disruption under its service-level agreement, Verizon claimed it was not responsible for "situations beyond its control." MPUC rejected that argument, noting Microsoft had recognized the possibility of a worm the previous July and had posted a security patch twice since then, which competitors in the industry had used. Meanwhile, Guess? was collecting detailed personal information from its online customers, promising to store all personal information "in an unreadable, encrypted format." But an FTC investigation showed that for two years, the Guess? Web site was actually vulnerable to reasonably foreseeable hacker attacks, despite warnings in the industry and readily available security measures. Guess? agreed to a settlement, under which, for the next 20 years, it will maintain a comprehensive information security program, submit to audits of the program, and report on compliance.

Continue reading this article -- and everything on Entrepreneur!

Become a member to get unlimited access and support the voices you want to hear more from. Get full access to Entrepreneur for just $5!

3 months free with code ZENDESK

Presented by zendesk

3 months free with code ZENDESK