Cybersecurity

Subscribe to Cybersecurity

On Friday, May 18, Eric Barton participated in a panel discussion at the 2018 ITechLaw World Technology Conference, updating attorneys from around the globe on the latest developments in cyber vulnerabilities and crime. In today’s world, businesses and individuals face the certain knowledge that electronic systems are not entirely secure. Mr. Barton’s presentation provided “real

Seyfarth Shaw LLP is pleased to be a Global Sponsor at ITechLaw’s 2018 World Technology Conference in Seattle, May 16-18.

Fairmont Olympic Hotel
411 University Street
Seattle, WA 98101

ITechLaw is a not-for-profit organization established to inform and educate lawyers about the unique legal issues arising from the evolution, production, marketing, acquisition and use of

To develop consensus and non-partisan principles for best practices in managing trade secret litigation and well-vetted recommendations for consideration in protecting trade secrets, recognizing that every organization, both large and small, has and uses trade secrets; that trade secret disputes frequently intersect with other important public policies such as employee mobility and international trade; and that trade secret disputes are litigated in both state and federal courts.

Robert Milligan, Seyfarth Partner and Co-Chair of the Trade Secrets, Computer Fraud, and Non-Competes Practice Group, is an inaugural member of the WG12 Steering Committee, which consists of experts in the trade secret issues.
Continue Reading

Continuing our annual tradition, we present the top developments/headlines for 2017/2018 in trade secret, computer fraud, and non-compete law.

1. Notable Defend Trade Secrets Act Developments

Just two years after its enactment, the Defend Trade Secrets Act (“DTSA”) continues to be one of the most significant and closely followed developments in trade secret law. The statute provides for a federal civil cause of action for trade secret theft, protections for whistleblowers, and new remedies (e.g., ex parte seizure of property), that were not previously available under state trade secret laws.
Continue Reading

As a special feature of our blog—special guest postings by experts, clients, and other professionals—please enjoy this blog entry from Jonathan Karchmer, a senior managing consultant at iDiscovery Solutions.

Determining whether programs or malware actually ran on a system is an important goal of seasoned examiners when investigating computer evidence. Generally, there are several artifacts left behind anytime executables are run—regardless of whether the program is Outlook, Chrome, or something malicious. Today we’ll cover some artifacts we encounter on Windows systems.
Continue Reading

The use of open file sharing platforms in business continues to increase in 2017; Dropbox alone has over 200,000 active business accounts. Unfortunately, the convenience of these platforms and the increase in use by businesses attracts the attention of hackers as well. File sharing platforms and accounts have a high “hack value”—the overall value of the accounts on the dark web—due to the relative ease with which account can be obtained and the sensitivity of the information stored on these platforms.

The risk associated with the use of file share platforms is twofold. First, company supported file share is attractive to attackers because it is guaranteed to contain sensitive information. Second, file share platforms available to employees outside of the company—e.g. the employee Google Drive account—may be used to store company information, but likely do not use the same security standards as those enforced by the company. Attacks on file share platforms are also very real. In August of 2016 Dropbox forced users to reset their passwords based on a breach—60 million account credentials compromised—that had been discovered but was executed four years earlier in 2012.
Continue Reading

shutterstock_594829253As a special feature of our blog—special guest postings by experts, clients, and other professionals—please enjoy this blog entry from Supreet Singh, a senior consultant at iDiscovery Solutions, Inc. 

It’s hard to believe the first smartphone was released over 20 years ago. At that time, few thought it would become such an integral part of our lives. Additionally, this year marks the 10th anniversary of the iPhone and its introduction altered the world of digital forensics. Smartphones contain a wealth of personal and sensitive information like passwords, security or access codes, account numbers, electronic communications, and much more. But they are more than mere containers of data. Between the operating system, installed applications, and service providers, there’s a wealth of information that can provide dramatic insight into conversations, activities, habits, preferences, and movements of the phone’s user.

There are essentially three places where smartphone related data can be found: on the phone itself, with mobile app providers (e.g. Facebook, Snapchat, or Yelp), and with the service provider (e.g. AT&T or Verizon). Data from all three sources can be very useful in civil lawsuits, criminal cases, or internal investigations, depending on the needs of the case.
Continue Reading

shutterstock_437170435As a special feature of our blog—special guest postings by experts, clients, and other professionals—please enjoy this blog entry from Charlie Platt, a director at iDiscovery Solutions and a Certified Ethical Hacker. He advises clients on data analytics, digital forensics, and cybersecurity.

These days cybersecurity seems to be all about technology. Pen testing, firewalls, port scanning, SIEM, zero-day, IPS, AES256, SHA, DMZ, NIDS, TLS, SS7 – I’ll stop. I could go on, but you get the idea. And I have a vested interest in keeping your attention.

Acronyms and geek-speak abound, and we are ever on the lookout for the next latest and greatest technical solution to secure our digital assets. Unfortunately, that perfect technical solution doesn’t exist and never will. How can I be so sure? Because no matter how well built, or how well thought out our technical solution may be, humans are involved. When humans are involved, they will be the weakest link, and we can’t (yet) re-engineer humans with a technical solution.
Continue Reading

shutterstock_617698010As a special feature of our blog—special guest postings by experts, clients, and other professionals—please enjoy this blog entry from Charlie Platt, a director at iDiscovery Solutions and a Certified Ethical Hacker. He advises clients on data analytics, digital forensics, and cybersecurity.

At the airport recently, waiting for boarding, flipping through an issue of United States Cybersecurity Magazine, an article about detecting insider threats caught my eye. It was loosely based on a list of behaviors it claimed were ideal indicators for detecting insider threats. I thought, “Wow, this is great! I know plenty of clients who could benefit from this information.” Insider threats are difficult to detect, and I was excited by the opportunity to get new insight, but I became more and more distraught as I read on. The longer I read, the more I saw myself, and many of my cyber-colleagues, being described by the author’s so-called threat indicators. How could we, the good guys, be mistaken for threats?

I read through the list again, and for each point, I asked, “Is this a reliable indicator of a real threat, or a false positive?” I’ve provided the entire list below with my thoughts on each item.
Continue Reading

shutterstock_160974335In a recent formal Ethics Opinion, the American Bar Association stressed that lawyers must make reasonable efforts to prevent inadvertent or unauthorized access to confidential information relating to the representation of their clients. The ABA recognized that in the age of constant cybersecurity threats, law firms are targets for hackers for two reasons:

(1) they obtain, store and use highly sensitive information about their clients while at times utilizing safeguards to shield that information that may be inferior to those deployed by the client, and (2) the information in their possession is more likely to be of interest to a hacker and likely less voluminous than that held by the client.

The Opinion further recognizes that while the Model Rules of Professional Conduct do not impose greater or different duties of confidentiality based upon the method by which a lawyer communicates with his or her client, electronic communication involves risks that are constantly changing.
Continue Reading