Social media and related issues in the workplace can be a headache for employers. There is no denying that social media has transformed the way that companies conduct business. In light of the rapid evolution of social media, companies today face significant legal challenges on a variety of issues, ranging from employee privacy and protected activity to data practices, identity
Continue Reading Upcoming Webinar! Protecting Trade Secrets in the Social Media Age
File Share Platforms and Business Risk
The use of open file sharing platforms in business continues to increase in 2017; Dropbox alone has over 200,000 active business accounts. Unfortunately, the convenience of these platforms and the increase in use by businesses attracts the attention of hackers as well. File sharing platforms and accounts have a high “hack value”—the overall value of the accounts on the dark web—due to the relative ease with which account can be obtained and the sensitivity of the information stored on these platforms.
The risk associated with the use of file share platforms is twofold. First, company supported file share is attractive to attackers because it is guaranteed to contain sensitive information. Second, file share platforms available to employees outside of the company—e.g. the employee Google Drive account—may be used to store company information, but likely do not use the same security standards as those enforced by the company. Attacks on file share platforms are also very real. In August of 2016 Dropbox forced users to reset their passwords based on a breach—60 million account credentials compromised—that had been discovered but was executed four years earlier in 2012.
Continue Reading File Share Platforms and Business Risk
Technically Speaking, Cybersecurity Isn’t About Speaking Technically
As a special feature of our blog—special guest postings by experts, clients, and other professionals—please enjoy this blog entry from Charlie Platt, a director at iDiscovery Solutions and a Certified Ethical Hacker. He advises clients on data analytics, digital forensics, and cybersecurity.
These days cybersecurity seems to be all about technology. Pen testing, firewalls, port scanning, SIEM, zero-day, IPS, AES256, SHA, DMZ, NIDS, TLS, SS7 – I’ll stop. I could go on, but you get the idea. And I have a vested interest in keeping your attention.
Acronyms and geek-speak abound, and we are ever on the lookout for the next latest and greatest technical solution to secure our digital assets. Unfortunately, that perfect technical solution doesn’t exist and never will. How can I be so sure? Because no matter how well built, or how well thought out our technical solution may be, humans are involved. When humans are involved, they will be the weakest link, and we can’t (yet) re-engineer humans with a technical solution.
Continue Reading Technically Speaking, Cybersecurity Isn’t About Speaking Technically
Briefing Recap! Trade Secret Protection: What Every California Employer Needs to Know
In a series of breakfast briefings, Seyfarth attorneys Robert Milligan, Joshua Salinas, and Scott Atkinson, joined by Jim Vaughn, one of California’s leading computer forensic experts, discussed how to navigate the tricky waters and provided best practices for trade secret protection. The briefings covered how to best identify and protect trade secrets, what employers need to know about the DTSA,
Continue Reading Briefing Recap! Trade Secret Protection: What Every California Employer Needs to Know
Great Employee or Insider Threat?
As a special feature of our blog—special guest postings by experts, clients, and other professionals—please enjoy this blog entry from Charlie Platt, a director at iDiscovery Solutions and a Certified Ethical Hacker. He advises clients on data analytics, digital forensics, and cybersecurity.
At the airport recently, waiting for boarding, flipping through an issue of United States Cybersecurity Magazine, an article about detecting insider threats caught my eye. It was loosely based on a list of behaviors it claimed were ideal indicators for detecting insider threats. I thought, “Wow, this is great! I know plenty of clients who could benefit from this information.” Insider threats are difficult to detect, and I was excited by the opportunity to get new insight, but I became more and more distraught as I read on. The longer I read, the more I saw myself, and many of my cyber-colleagues, being described by the author’s so-called threat indicators. How could we, the good guys, be mistaken for threats?
I read through the list again, and for each point, I asked, “Is this a reliable indicator of a real threat, or a false positive?” I’ve provided the entire list below with my thoughts on each item.
Continue Reading Great Employee or Insider Threat?
ABA Encourages Encryption of Emails When Transmitting Confidential Client Information
In a recent formal Ethics Opinion, the American Bar Association stressed that lawyers must make reasonable efforts to prevent inadvertent or unauthorized access to confidential information relating to the representation of their clients. The ABA recognized that in the age of constant cybersecurity threats, law firms are targets for hackers for two reasons:
(1) they obtain, store and use highly sensitive information about their clients while at times utilizing safeguards to shield that information that may be inferior to those deployed by the client, and (2) the information in their possession is more likely to be of interest to a hacker and likely less voluminous than that held by the client.
The Opinion further recognizes that while the Model Rules of Professional Conduct do not impose greater or different duties of confidentiality based upon the method by which a lawyer communicates with his or her client, electronic communication involves risks that are constantly changing.
Continue Reading ABA Encourages Encryption of Emails When Transmitting Confidential Client Information
WannaCry Ransomware Attack: What Happened and How to Address
Cross Posted from Carpe Datum Law
Recently, a widespread global ransomware attack has struck hospitals, communication, and other types of companies and government offices around the world, seizing control of affected computers until the victims pay a ransom. This widespread ransomware campaign has affected various organizations with reports of tens of thousands of infections in as many as 99 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The software can run in as many as 27 different languages. The latest version of this ransomware variant, known as WannaCry, WCry, or Wanna Decryptor, was discovered the morning of May 12, 2017, by an independent security researcher and has spread rapidly.
The risk posed by this ransomware is that it enumerates any and all of your “user data” files like Word, Excel, PDF, PowerPoint, loose email, pictures, movies, music, and other similar files.. Once it finds those files, it encrypts that data on your computer, making it impossible to recover the underlying user data without providing a decryption key. Also, the ransomeware is persistent, meaning that if you create new files on the computer while it’s infected, those will be discovered by the ransomware and encrypted immediately with an encryption key. To get the decryption key, you must pay a ransom in the form of Bitcoin, which provides the threat actors some minor level of anonymity. In this case, the attackers are demanding roughly $300 USD. The threat actors are known to choose amounts that they feel the victim would be able to pay in order to increase their “return on investment.”
The ransomware works by exploiting a vulnerability in Microsoft Windows. The working theory right now is that this ransomware was based off of the “EternalBlue” exploit, which was developed by the U.S. National Security Agency and leaked by the Shadowbrokers on April 14, 2017. Despite the fact that this particular vulnerability had been patched since March 2017 by Microsoft, many Windows users had still not installed this security patch, and all Windows versions preceding Windows 10 are subject to infection.
Continue Reading WannaCry Ransomware Attack: What Happened and How to Address
Enlisting Government Help to Protect Your Trade Secrets
“I’m from the government and I’m here to help.” Yeah, right.[1]
Most businesses think protecting their intellectual property is their own responsibility, and it is. But what about when your intellectual property rights are violated by an evildoer? Who are you going to call? While your obvious choice will be the law firm sponsoring this blog, you might also be able to get help from your local prosecutor.
Both State Attorneys General and Federal Prosecutors have tools at their disposal that let them bring the full force of the government to your side—when they are motivated to do so. Speaking at a State Fraud & Prevention Summit in Atlanta recently, Georgia Attorney General Chris Carr announced how his office is available to take action on cybersecurity and data breach fraud cases, and he even pointed to several Assistant AGs in the audience who were there and ready to help.[2] Carr said his state’s emphasis on protecting data privacy and security is enhanced by the U.S. Army recently announcing that its new Cyber Command Headquarters (ARCYBER) will be located in Georgia.[3] Other states have similarly dedicated AGs ready to help, and sometimes you can even get local prosecutors to take interest in your case.
Continue Reading Enlisting Government Help to Protect Your Trade Secrets
Seyfarth Shaw, AlixPartners, and Directors Roundtable to Present Cyber Risk Management Program in San Francisco
Seyfarth Shaw, AlixPartners, and Directors Roundtable invite you to attend Cyber Risk Management Facing Boards, C-Suites & General Counsel: Prevention, Crisis Management, and Mitigating Personal Liability, a program for corporate directors, executive officers and general counsel, focused on approaches and strategies to forensic preservation of electronically stored information, as well as an expert summary of forensic technologies and methodologies
Continue Reading Seyfarth Shaw, AlixPartners, and Directors Roundtable to Present Cyber Risk Management Program in San Francisco
Upcoming Webinar: A Big Target — Cybersecurity for Attorneys and Law Firms
Do you and your firm have adequate cybersecurity to prevent yourself (and your confidential client data) from getting hacked?
On Wednesday, December 7, at 11:00 a.m. Pacific, Richard Lutkus, a partner in Seyfarth Shaw’s eDiscovery and Information Governance Practice; and Joseph Martinez, Chief Technology Officer and Vice President of Forensics, eDiscovery & Information Security at Innovative Discovery, will present
Continue Reading Upcoming Webinar: A Big Target — Cybersecurity for Attorneys and Law Firms