Cybersecurity and other online threats to businesses are, unfortunately, an increasingly common occurrence. In addition to phishing, spoofing, and other well-known email scams, cyber criminals are deploying increasingly sophisticated attacks. In recent months, our office has been contacted by many clients who have been victims or attempted victims of numerous cybersecurity attacks. Below are some tips and points to help prevent or address a cyberattack or other online threats.

• Pay Careful Attention To The Sender’s Email Address: While seemingly obvious, failing to take this precaution can have a significant harmful impact on your company. Employees should always check to make sure the name displayed matches — exactly — the actual email address. A nefarious sender can change the display name to whatever is expected to most likely get a response, including a manager’s or coworker’s name. In addition, make sure that the actual email address is from the expected sender and not just a similar domain. For example, if the expected sender was Acme, Inc., which had a web domain of acme.com, any emails from Acme, Inc. would likely come from @acme.com email addresses. A client in this situation started receiving emails from an @acmeinc.com email address, which turned out to be fraudulent.  
• Buy Your Business’s Domain Name, as well as adjacent names: Domain squatting or cybersquatting—where a third-party registers the domain name for your company and offers to sell it for a (sometimes exorbitant) price—is a practice as old as the Internet itself. Depending on what trademark rights you have in your business’s name, you may have options to challenge the cybersquatter under trademark law, the Anticybersquatting Consumer Protection Act, or the Internet Corporation of Assigned Names and Numbers (“ICANN”) dispute resolution procedures. While these options can end with a positive result, the procedures are often cost- and time- intensive. A better approach is to take preventative measures. It is generally a good idea to obtain the domain name for your business, as well as any “adjacent” names. These adjacent names include abbreviations, confusingly similar variations, and the corporate structure for your business. Using the Acme, Inc. example from above, the business owner should consider obtaining acme.com, www.acmeinc.com, www.acmecorp.com, and, potentially, www.akme.com. A business should also consider the “.net,” “.biz,” and,”.info” domain names for their business as well. Cost is always a consideration, but registering your business’s domain name early could be important to preventing more costly litigation or dispute-resolution procedures in the future. Another benefit is that you will preempt the ability for a cybercriminal to impersonate your business by using your business’s domain name to defraud third parties.
• Get A Trademark Registration: Many businesses—particularly start-ups and early stage companies—overlook the importance of trademarks. A trademark registration protects your business or product name in your industry and provides mechanisms to help ensure that a competitor or fraudster does not benefit from your business’ goodwill. Addressing trademarks early—including both a clearance search and an application for registration—can help mitigate future and more expensive issues. It can be devastating for a young business to spend years building up their brand, only to then receive a cease-and-desist letter from a prior user of that name. Rebranding (or defending a trademark suit) is an expensive and arduous process that can often be avoided by taking early steps to protect your trademark(s). While often not thought about in the context of “cybersecurity,” ensuring that your business properly protects its name and related trademarks can be very important when fighting cybersquatters or fraudsters.  
• Be Wary Of Third-Party Escrow Or Holding Companies: Online marketplaces, such as eBay, Craigslist, and Facebook Marketplace, are popular platforms for both individuals and businesses to sell goods. A business will setup a virtual storefront that allows users to browse and purchase goods. But consumers can sometimes be skeptical that the online storefront is “real,” and are understandably concerned that the purchased good will never be received. Third-party escrow or holding companies offer services in which a buyer’s payment is held in escrow until delivery of the purchased good is confirmed. In theory, this practice protects both parties to the transaction because the seller does not ship the good until the escrow company confirms receipt of the purchase funds. Unfortunately, scammers will pretend to be an escrow service and buyers will purchase fake goods by sending the money to the fake escrow company. To make matter worse, the scammers will list a real company for the contact info, so the real company begins receiving angry calls demanding delivery of the goods. For businesses, following some of the other tips in this article—such as purchasing the proper domain names—can help mitigate this risk. For buyers, it is important to take the extra step of verifying that the escrow company is legitimate and has a relationship with the seller. Often, a simple telephone call to the escrow company can prevent fraud before it happens.
• Cybersecurity Or Cyber Liability Insurance: Often offered by the same providers of other business insurance, a cyber liability insurance policy can provide coverage events and incidents that are not covered by typical E&O, CGL, or other business liability insurance. Because this is an emerging industry, costs and coverage can vary greatly. However, there can be third-party coverage, such as the loss of customer data, as well as first-party coverage, such as losses caused by a business’s internal network being taken down. Cyber liability insurance can also help with remediation costs, such as legal, investigative, and communications.   

These materials are made available by Stibbs & Co., P.C. for informational purposes only, do not constitute legal or tax advice, and are not a substitute for legal advice from qualified counsel. The laws of other states and nations may be entirely different from what is described. Your use of these materials does not create an attorney-client relationship between you and Stibbs & Co., P.C. The facts and results of each case will vary, and no particular result can be guaranteed. The facts and results of each case will vary, and no particular result can be guaranteed.