Dunlap Fiore, LLCBaton Rouge Business Attorney | Louisiana Construction Law & Environmental Law Lawyer | Insurance Law2024-02-03T02:50:27Zhttps://www.dunlapfiore.com/feed/atom/WordPress/wp-content/uploads/sites/1201217/2020/06/cropped-dunlap-favicon-32x32.pngOn Behalf of Dunlap Fiore, LLChttps://www.dunlapfiore.com/?p=513952024-01-30T02:51:23Z2024-02-03T02:50:27Z1. Access controls
One key area to address is access controls. Businesses should have policies stating who can access which systems and data. Multi-factor authentication is important for sensitive information access. Companies should limit permissions to only those employees who need it for their specific roles.
2. Security software
Installing and updating antivirus software, firewalls and other endpoint security on all devices is essential. Security software helps block malware, viruses and cyber attacks. Regular scans should check for vulnerabilities. Policies should mandate security software installation and updates.
3. Employee training
Some of the biggest cybersecurity risks businesses face are employee errors, lack of awareness and violations of policies. Mandatory cybersecurity training helps educate employees on best practices for passwords, email security, social engineering scams and other topics relevant to their roles. Policies should outline training requirements.
4. Incident response plan
Despite best efforts, cyber attacks may still occur. Having an incident response plan with reporting procedures, containment strategies and communication plans can help limit the damage. The plan should designate who leads the response and require timely reporting of suspected incidents.
Implementing strong cybersecurity policies and procedures reduces a business's attack surface. The key areas of access controls, security software, employee training and an incident response plan provide a solid defense against ever-growing cyber threats. Staying vigilant and updating policies as risks evolve are critical to protecting your business.]]>On Behalf of Dunlap Fiore, LLChttps://www.dunlapfiore.com/?p=513942024-01-16T14:52:38Z2024-01-16T14:52:38Zpart 1 of this series, we looked at the rise of business email compromise (BEC) schemes and how they work. Next, we will explore who is liable and how to protect your business from such scams.
Who is liable for the loss?
The question now becomes who is liable for the loss. In the above scenario, you made the payment to your supplier. However, the supplier never received the payment and is still owed money. The supplier expects to be paid. But, on the other hand, the imposter hacked the supplier’s computer system and imitated the supplier’s communications.
One could argue that it is the supplier’s fault that the funds were lost, as the supplier did not have sufficient security to protect its systems from being hacked. The misplaced confidence enabled another to commit fraud. Who is at fault? Who is liable? Both you and the supplier are victims of the hacker imposter.
Courts that have faced the question of who is liable for losses that occur due to a BEC scam have consistently held that losses attributable to fraud should be borne by the party in the best position to prevent the fraud.
Questions the court may ask
The court is required to do a fact-specific analysis. Specifically, the court must ask who was in the best position to prevent the fraud and subsequent loss. The analysis is not about whether one party or another was negligent, but rather who was in the better position to prevent the fraud.
Some possible inquiries include:
Did the supplier fail to properly educate its employees not to click on an attachment or a link? Did this failure result in the release of malware that provided access by the imposter to the employee's email correspondence and business transaction information?
Did the supplier have sufficient security to protect its systems from being hacked? Did this misplaced confidence enabled another to commit fraud?
Did the supplier allow third-party hackers to infiltrate its systems, enabling the imposters to review the supplier’s invoicing procedures and receive emails from its customers?
Did the supplier enable an imposter to misappropriate funds by giving the imposter unlimited access to its systems?
Did the supplier have knowledge that third-party hackers infiltrated its systems?
Did the supplier have the opportunity to take reasonable steps to ensure its customers received notice of the BEC scam? If so, did the supplier adequately and timely warn its customers of the false ACH wiring instructions?
Did the buyer have a reason to suspect an imposter? If so, what measures did the buyer take to determine whether the individual was the trusted entity’s representative or an imposter?
Did the buyer receive conflicting information regarding the payment method, such as two different wiring instructions? If so, did the buyer exercise reasonable care after receiving conflicting emails to confirm or verify the correct wire instructions prior to sending payment?
Can I seek recourse from my bank?
Victims of BECs have found little success in seeking recourse against their financial institutions. For example, in Peter E. Shapiro, P.A., v. Wells Fargo Bank, 795 F. App’x 741, 743 (11th Cir. 2019), the Eleventh Circuit held that the bank was not liable, reasoning the bank “maintained and complied with reasonable routines” by processing the payment through its automated system based on a valid account number alone, without regard to a mismatch between names of the account holder and the intended beneficiary, which was noted in the system’s audit trail but did not halt the transaction.
What can I do to protect myself?
Today’s cyber landscape provides ample opportunities for criminals to facilitate large-scale fraud schemes. Cyberattacks come in many forms and are clearly on the rise. No organization is immune. The FBI states in its 2022 report that “cyber risk is a business risk.” As these threats of cyber-enabled fraud increase, companies must protect not only themselves but also their customers from these scams.
Accordingly, you should consider not “if” your business will experience a cyber attack but what you will do “when” your business experiences a cyber attack and what you can do to minimize liability risks. A proactive cyber security plan must include proactive steps, cyber insurance, and a strong incident response plan.
Email remains the most vulnerable threat vector for gaining access to corporate networks. When an email comes in from someone in a company that you have a relationship with, especially when it comes from what appears to be a correct email address, this can be harder to detect.
Businesses must prioritize regular training. The aim is to teach employees to resist phishing attempts. Employees should be educated on recognizing dangers and cybersecurity measures in order to be able to identify and recognize cyber scams. Remember that BEC scams are not reliant on a technical loophole or software breach but rather on an employee accepting the validity of a fraudulent email. Businesses can also limit what information can be communicated via email and establish policies that prohibit sensitive information, such as wiring instructions and bank account information, from being transmitted via email.
Businesses can implement additional security measures such as VPNs, multi-factor authentication, and endpoint/mobile device security solutions. To safeguard their data from ransomware attacks, businesses of all sizes should have backup and disaster recovery solutions and incident response procedures.
Insurance coverage may also be key
Including your employees in the solutions, staying vigilant, and understanding the risk is key to managing the risk. However, even if a business completes the most robust employee training and purchases the most sophisticated technology to further protect its systems, there is no guarantee your business will not be subject to a future cyber attack.
Properly insuring your business to cover yourself and your customers from the threat of a cyber attack is imperative. General insurance policies do not include cyber risk cover, some specifically exclude it. Despite the high frequency of cyber incidents experienced by businesses, research reveals that there is a significant gap in cyber insurance coverage, most notably among small businesses. It is likely that a portion of these businesses are not even aware that cyber insurance exists. However, it does, and it is well worth exploring.]]>On Behalf of Dunlap Fiore, LLChttps://www.dunlapfiore.com/?p=513932024-01-16T14:53:34Z2024-01-16T14:50:14ZWhat happened?
The Federal Bureau of Investigations (FBI) refers to this type of crime as a business email compromise scheme, or a BEC scheme. BEC schemes involve tricking a company's employee into clicking on an attachment or a link in an email.
Often BEC scams involve exploiting individuals in financial roles. When the employee clicks on the attachment or link in the email, this releases malware that provides the criminal with access to the employee’s email correspondence. Once the intruder has access to the employee’s email correspondence, that intruder then looks at conversation patterns and invoices and monitors correspondence to determine when a large financial transaction is scheduled to take place.
These legitimate business emails are compromised when the intruder then sends an email posing as a party to the transaction, instructing the money to be wired to a bank account, one controlled by the imposter. The email address used by the imposter is usually off by a letter or two or a change in number, such as @3brothers.com instead of @threebrothers.com. The change in the email address often goes unnoticed by the unsuspecting victim.
The imposer will immediately respond to any inquiries, further giving the impression that the unsuspected victim is communicating with the trusted person, when in fact it is the imposter.
This type of scam is on the rise
Business email compromise (BEC) as a cyberattack method is surging. This method is more prevalent than ransomware. And the financial losses are devastating. The 2022 Federal Bureau of Investigation Internet Crime Report states that individuals in the United States lost more than $34.3 million to ransomware in 2022, but lost over $2.7 billion dollars in BEC scams in 2022. The FBI found that BEC attacks make up more than one-quarter of all cybercrime losses in the U.S.
BEC attacks can be done by criminals for individual financial gains or by foreign state-backed hackers. For example, North Korea’s hackers have become increasingly sophisticated, and it is believed that revenue from BEC scams have been used to fund North Korea’s nuclear weapons program.
Learn more about who is liable for the financial loss, along with what to do to protect yourself from BEC scams, in part 2 of this series.]]>On Behalf of Dunlap Fiore, LLChttps://www.dunlapfiore.com/?p=513922024-01-05T02:10:20Z2024-01-05T02:10:20ZContractual obligations and responsibilities
In November 2023, construction spending reached $2.05 billion, according to the U.S. Census. All of this construction begins with a contract. When delays or disruptions arise, both parties should examine the contract terms to determine who bears the responsibility. Contracts typically include clauses specifying the consequences of delays, such as liquidated damages or extensions of time.
Time is of the essence
Delays can lead to financial losses and affect the overall project schedule. If contractors fail to meet the agreed-upon deadlines, they may face legal consequences. Project owners could also be accountable if they cause delays through changes in project scopes or other actions.
Mitigation and notification
Parties involved in construction projects often need to take proactive measures to mitigate delays and disruptions. Failure to promptly notify the other party about potential issues may impact future legal claims. Communication ensures that all stakeholders are aware of challenges. It allows them to work together to find solutions outside legal challenges.
Compensation for losses
When delays occur, the affected party needs to show what caused the delay, the resulting damages and the efforts made to mitigate these damages. Legal disputes may arise if there is a disagreement regarding the extent of the losses or the party responsible for the delay.
Dispute resolution mechanisms
Construction contracts often include dispute resolution mechanisms, such as mediation or arbitration. These mechanisms offer a structured way to resolve conflicts without resorting to lengthy court proceedings.
Understanding and following the agreed-upon contract parameters can help parties navigate legal challenges efficiently and avoid legal action later on.]]>On Behalf of Dunlap Fiore, LLChttps://www.dunlapfiore.com/?p=513912023-12-12T17:28:41Z2023-12-12T17:28:41Z1. Making due diligence errors
One prevalent mistake is insufficient due diligence before initiating a business asset sale. Buyers must thoroughly examine the financial records, contracts and operational aspects of the business. Sellers, on the other hand, may overlook the importance of presenting a comprehensive and accurate picture of their assets. Failing to conduct or respond to due diligence adequately can result in disputes and legal complications down the line.
2. Neglecting regulatory compliance
Louisiana is home to about 471,240 small businesses, and they make up 99.5% of the state's businesses. Louisiana, like any other state, has specific regulations governing business transactions. Ignoring or misunderstanding these regulations can lead to serious consequences. Compliance with state and local laws, permits and licenses is necessary.
3. Undervaluing intellectual property
Intellectual property such as patents, trademarks, copyrights and trade secrets, is often a significant component of a business's value. However, failing to account for the true worth of intellectual property can result in missed opportunities for the seller.
4. Using incomplete contracts and agreements
Clear and comprehensive contracts are the foundation of a successful business asset sale. Incomplete or poorly drafted agreements can lead to misunderstandings and disputes. Both parties should enlist the expertise of professionals to ensure that they clearly outline and agree on all terms, conditions and obligations.
By taking certain steps, the parties can enhance the likelihood of a smooth and mutually beneficial transaction.]]>On Behalf of Dunlap Fiore, LLChttps://www.dunlapfiore.com/?p=513902023-10-12T21:24:41Z2023-10-12T21:24:41ZWorker shortages
The shortage of skilled labor is especially concerning as the demand for construction projects remains high. Several factors contribute to the worker shortages in the construction industry.
Many skilled workers in construction are reaching retirement age. Also, there are not enough younger individuals with the necessary training and expertise to fill their shoes. There has been a decline in vocational training programs, which has led to a gap between the demand for skilled workers and the supply.
Changes in immigration policies can also impact the availability of labor in the construction sector. This industry often relies on foreign-born workers with specialized skills.
The construction industry can be physically demanding and hazardous. This makes it less attractive to potential workers concerned about safety.
Supply issues
Construction contractors are also grappling with supply issues that affect the availability and cost of construction materials. These issues can delay projects and increase costs.
The global health emergency in 2020 exposed vulnerabilities in the global supply chain. Delays in the production and transportation of materials have led to shortages and price increases.
Just as construction contractors face worker shortages, suppliers of construction materials may also struggle to maintain a workforce capable of meeting demand.
Stricter environmental regulations can affect the availability of certain materials and drive up costs as suppliers must comply with more stringent standards.
Worker shortages and supply issues exacerbate one another. Addressing these challenges requires a multi-faceted approach to meet the demands of a growing and evolving world.]]>On Behalf of Dunlap Fiore, LLChttps://www.dunlapfiore.com/?p=513892023-09-27T17:01:34Z2023-09-27T17:01:34ZFinancial implications
Delays can have a domino effect on construction projects, leading to increased costs. Contractors may have to pay their workers for longer periods, deal with storage fees for materials or face penalties for missing deadlines. When these extra expenses pile up, it can strain the project's budget and lead to disputes over who should bear the additional costs.
Scheduling conflicts
Construction projects are often intricate jigsaw puzzles where each task relies on the completion of the previous one. Delays in one aspect of the project can create scheduling conflicts that ripple throughout the entire timeline. This can result in disputes among contractors and subcontractors over priority and access to resources.
Quality compromises
Rushing to make up for lost time can compromise the quality of work. Contractors may cut corners or skip necessary inspections to meet deadlines. This can lead to disputes calling the quality of the work into question.
Breach of contract
Construction contracts typically include specific timelines and deadlines. When one party fails to meet these obligations due to delays, it can lead to accusations of a breach of contract. Contractors may find themselves in disputes over the terms of the agreement and whether the delays were justifiable or not.
Miscommunication
Delays can also result from miscommunication or a lack of clear documentation. When parties do not adequately communicate changes in project scope or timelines, disputes can arise as each party may have a different understanding of the project's progress and expectations.
Delays happen in the industry, but contractors can take proactive measures to protect themselves. Clear contracts, thorough documentation, effective communication and dispute resolution mechanisms can help contractors navigate the challenges of construction projects and minimize the risk of disputes that can be costly and time-consuming to resolve.]]>On Behalf of Dunlap Fiore, LLChttps://www.dunlapfiore.com/?p=513842023-08-05T04:18:40Z2023-08-05T04:18:40Zcreating bylaws. Bylaws are an operating guide for your business. They outline a range of important topics, and the board of directors will adopt them to make them a pivotal part of your company.
Legal points about bylaws
When creating bylaws, it is important to note what may not be allowable under the law. Louisana's law is very general. It only says that you can include any provision that helps with the management and regulation of the business and is not otherwise outlawed by law or the articles of incorporation. In addition, the bylaws cannot ban or restrict the ability of the board of directors to add, amend or repeal provisions.
Examples of provisions in bylaws
While you can and should design your bylaws to meet the needs of your business, there are a few standard provisions that companies typically include. Most bylaws will state the name and purpose of the business. This provision helps to ensure everyone is on the same page about the goals of the company.
Other provisions may include membership rules and rights, officers and decision-making authority, meeting rules and requirements, including special meetings, and the role of the board of directors.
In general, bylaws should outline all operating procedures for the governance of the company. They should leave no room for questions or confusion.]]>On Behalf of Dunlap Fiore, LLChttps://www.dunlapfiore.com/?p=513802023-06-27T23:46:02Z2023-06-27T23:46:02ZProving that a contractor is not liable for construction defects
As the name implies, a construction contractor is responsible for carrying out the terms of a contract and is therefore not liable for any construction defects if they follow the contract exactly. The only exception is when a contractor agrees to terms that they know will not work or that will result in a defect. Any contract drafted and signed in good faith and then followed accordingly is one that proves that the contractor is not responsible for any defects.
Protecting your business against a construction defect claim
Whether or not your or your contractor is responsible for a defect, you still must defend yourself against a defect claim by compiling the necessary documents. This includes work orders, building inspections and schedules. It is also wise to have comprehensive construction liability insurance in place in case a court rules in favor of a claim against you.
Contractors are responsible for defects that are the result of negligence or acts of bad faith on their part. Contractors who follow outlined terms in good faith are not liable.]]>On Behalf of Dunlap Fiore, LLChttps://www.dunlapfiore.com/?p=513752023-06-03T20:13:36Z2023-06-05T20:13:30ZClaim originator
If you find yourself in a claim or have an accident that could result in a lawsuit, review the indemnity and insurance clauses in all of your contracts. Identify who you have to provide coverage for and who owes you coverage. For example, under state laws, general contractors tend to have the most extensive indemnity for people working on their projects. At the same time, most subcontractors must provide indemnity for the general contractors who hire them.
Party notification
If you face a claim, immediately notify your insurance provider and all parties that owe you indemnity. In your notice to the parties, demand a defense and refer to the clause proving that in your contract. Also, ask them to notify their insurance provider and request a policy cover sheet.
Additional insured coverage
Two additional insured endorsements can change who is liable. For example, the standard endorsement states that the policy only covers an additional insured if the liability arises from your work. The other version says the policy covers additional insureds when your acts or omissions cause damage. Courts interpret these endorsements differently, so consider that when drafting contracts and choosing an insurance provider.
There are many things to consider for who has a responsibility when it comes to claims in the construction business. Therefore, make sure you keep these things in the back of your mind when you are drafting contracts or facing legal issues.]]>