Phishing Incident Indicates Need for Safeguards in Software – Epstein Becker Law Firm

LAWFUEL – US Law Firm Announcement – Software as a Service (SaaS) shows promise to revolutionize the way businesses purchase software products. SaaS turns software into a service that is leased over the Internet, instead of a product bought and installed on company computers.

“The SaaS leasing model permits companies to avoid the expense and headache of installing complex software packages that typically require huge outlays of cash for hardware and software upgrades,” explains William H. Venema a member of the Business Law practice and administrative partner at the Dallas office of Epstein, Becker Green Wickliff & Hall, P.C., “Theoretically, SaaS frees users from having to hook up another computer in a remote data center to yet another database to an additional application server to one more security server. The challenge with such an open system is that security can be easily compromised unless the proper protections are in place.”

One of the best known SaaS providers,, offers customer tracking and client relationship management services to nearly one million users. Unfortunately, the company recently experienced one of the weaknesses of the SaaS model, when one of its employees was tricked by an online phishing scam artist into divulging an internal system password that gave access to the company’s customer contact list. This exposed subscribers to spam emails containing fake invoices, computer viruses, and other security problems.

The phishing incident represented a deficiency in both the technology and the process. The continued lack of Internet standards to authenticate senders or to notify servers of an email recipient’s blocking preferences leaves the door open to phishing attacks. Just as important, user gullibility is often the cause of phishing security breaches. Enhanced employee training for SaaS providers is essential to the prevention of breaches.

“Proper structuring of software licensing arrangements can help protect users against security breaches such as those that occurred at,” adds Mr. Venema. “At a minimum, licenses should include provisions that address server and technician security. Unfortunately, too many companies fail to include such provisions and thereby increase their vulnerability to such attacks.”

Founded in 1973, Epstein Becker & Green, P.C., is a law firm with more than 380 attorneys practicing in 11 offices throughout the U.S. – Atlanta, Chicago, Dallas, Houston, Los Angeles, Miami, New York, Newark, San Francisco, Stamford, and Washington, D.C. — and affiliations worldwide. The firm’s size, diversity, and global affiliations allow our attorneys to address the needs of both small entrepreneurial ventures and large multinational corporations on a worldwide basis. EBG’s five core practices include: Business Law, Health Care and Life Sciences, Labor and Employment, Litigation and Real Estate.

Scroll to Top