Security

internal software infrastructure

Optimizing Your Infrastructure for LAW & Explore eDiscovery

By: Joshua Tucker

It’s safe to say Microsoft isn’t going out of business anytime soon. Last year alone they grew 18 percent, reaching 168 billion dollars*. They are continuously making updates to their software, improving their products and functionality, and purchasing emerging software. They want to empower every person and organization on the planet to achieve more*, but the power you obtain from the software is up to you. Microsoft does not know your intended purpose or use of their software; all they can do is provide the software and the barebone requirements to make it run.

CloudNine software is no different. Let’s take a deep dive into your infrastructure and how you can optimize it with the CloudNine on-premise processing platforms.

We see that several of our clients run their environments with the most minimal recommended resources. Just like Microsoft can’t know how large your SQL server needs to be, we don’t know the level of demand your client’s data is putting on your workstation. What we DO know is that the number of files per case is growing, the complexity of files is growing, and resources are sparse.

We will cover the areas where we can make vast improvements in the efficiency in the way you are using your CloudNine software.

Your Local Area Network

Let’s use the common “business triangles” as a frame of reference. Examples would be “people, technology, and process” or “team, leadership, and mission”, or, my favorite, “price, speed, and quality”. The more your balanced business triangle, the better. Too much or not enough emphasis on one side and that balance will start to wane.

The eDiscovery version of the business triangle is called the ‘Local Area Network’. The first side of this ‘Local Area Network’ is the hardware or the backbone of your infrastructure. The second side would be the software, or the muscle needed to use that backbone. The third side is your network file server or the brain’s storage area, which will hold all the knowledge that our software is going to discover for you. And finally, the three sides are then connected, like sinew, with your local network speed.

You want to find the sweet spot that balances cost, throughput demands, speed to review, and hardware budget. Let us go ahead and call this the “Goldilocks Zone”.

Real-life case study: About 8 years ago, we were working with a client that had a few virtual machines and a few physical machines. The virtual machines were 4 core and 8GB of RAM. The physical machines were 8 core and 16GB of RAM.  IT wanted to get rid of the physical machines, but there was resistance to letting them go because they were able to process so much faster than the virtual machines. We conducted some testing to find the Goldilocks Zone between the amount of data being processed, the expected speed, and the cost. We created a few virtual machines with 4, 8, and 12 cores and ran tests to determine the correct core count for our company. We determined that an 8-core box with 16GB of RAM was able to process data much faster than a 4-core box with only 8GB of RAM.

After we completed optimizing the processing machines, we ventured forth into the other areas of our infrastructure.

Next, we reached out to our SQL team to see what would happen if we added more RAM and more SQL cores. We saw the same result. As we added more resources, we found that we were able to increase the speed on LAW’s communication with SQL. Faster communication equals a faster read/write, which equated to a faster processing speed. During this testing we also found that the more SQL cores, the more we could horizontally spread out the processing tasks on our LAW machines (i.e., we could have more machines writing to the same database).

Note: Today, I have a simple equation to determine the correct size of SQL:  Take the total number of read/write instances that can be communicating or interacting with SQL. Divide that number by three. The resulting number is the SQL cores needed. For RAM, take the same number of instances and multiply it by four.

After we completed this environment review, we had larger machines, faster read/write capability, and more machines to process on each matter. The Goldilocks Zone for SQL ensures that you have the right number of SQL cores and RAM per instances that have read/write work with SQL.

(For LAW workstations is highly suggested at 8 core and 16gb of RAM. For Explore that was 8 core and 32gb of RAM.)

Note: Your LAN does not have to be local to your office, but SQL, the LAW database folder structure and the workstations all need to be in close proximity to each other. The closer the better.

Software and Upgrades

Let’s go back to our Microsoft analogy. Microsoft keeps improving their product and each version of the operating system has the potential of changing the location or how certain files work. It is imperative that the operating system that is installed on your workstations is supported by the version of the product that you are going to use. If it isn’t, the software could act in a way that is completely unexpected – or worse.

The data we process can be a threat to our organization (and this does go for everyone!) and the best way to protect yourself is to be up to date on patches and virus software. I highly suggest that you first patch in a test environment, testing each part of the tool and making sure that the patching will not interfere with your work. The more up to date you can test, the more secure your, and your client’s, data will be.

One thing I like about the right test environment is that once your testing is done, you can make an image and deploy that image to the rest of your workstations. It is fast and efficient.

How your processing engine gets metadata to you matters. For instance, there are engines, like LAW, that will expand the files and harvest all the metadata. This type of processing is slower in getting the data in review, but much faster in the final export. There are also engines, like CloudNine Explore, that will hold off on expanding the data but harvest all the text and metadata extremely quickly. This workflow is great for ECA purposes.

How deep these tools dig into your data is also important. You never want a want privileged document produced because your processing engine did not discover it. Find out if your engine is collecting all the natives, text, and metadata that you need for these legal matters, and then come up with a workflow that will accentuate the strengths of your tool.

Having an Investment in your File Storage

The price of data storage has been coming down for years. Which is great news considering the fact that discoverable data keeps growing and will continue grow at an astounding pace. It is estimated that this past year, that each person on the planet created 1.7 megabytes of information each second. Every matter’s data size has increased and with it, the speed to review. All of this must run efficiently, all of it must be backed up, and all of it must be in your disaster recovery plans.

Network speeds matters. It ties your infrastructure together. If the processing machine can’t talk to the SQL machines quickly, or to the network storage efficiently, then it won’t perform at top speed, no matter how many cores you have. Network speed should be considered not only for the processing department, but for your whole company. We highly suggest a gigabit network, and if you are a firm or legal service provider, you might want to be looking at a 10-gigabit network.

Even with a gigabit network, your workstations, SQL server, and file server need to be local to each other. Having one data center or a or central location helps keep those resources working more effectively, getting you a higher return on investment on your machines.

Pro tip! There is a quick and easy way to test your network speed without having to contacted IT. Find a photo that is near 1mb and put it in the source location. Log into one of your workstations, open a window to that source location, and drag that image to your desktop. Then, drag it back. Both times that you move this image should be instantaneous to you. If either move takes a more than one second, then your network speed needs to be improved.

RECAP

It is our responsibility to figure out what we need to get full capacity out of outside tools. To run CloudNine’s LAW we need workstations that have at least an 8 core and 16gb RAM. For CloudNine Explore workstations, we need 8core and 32gb or RAM and SQL environment that adjusts to number of instances that are interacting with it.

Ensure that your software matches up with the recommended versions for your processing engine. If you are on or are working with an operating system that wasn’t on the list of that processing engine, we know that you could get unexpected results – or worse data. Line up the programs, test before you deploy, and stay up to date.

Know where your data is stored and the speed at which your systems talk to each other. Keep your environment in close proximity.

All in all, in order to get the top speed and performance out of CloudNine’s tools (or our third-party software your purchase), you must invest into the right resources.

Keep working towards your “Goldilocks Zone” – the sweet spot between speed, price, and quality.

If you are interested in having a CloudNine expert analyze your environment and provide recommendations for efficiencies, please contact us for a free Health Check.

 

*https://www.statista.com/statistics/267805/microsofts-global-revenue-since-2002/

* https://www.priceintelligently.com/blog/subscription-revenue-adobe-gopro-microsoft-gillette

* https://www.comparably.com/companies/microsoft/mission

* https://docs.microsoft.com/en-us/sql/sql-server/install/hardware-and-software-requirements-for-installing-sql-server-2019?view=sql-server-ver15

 

Two Out of Three Companies Haven’t Reviewed Their Breach Preparedness Plans: Cybersecurity Trends

The singer Meat Loaf (real name Marvin Lee Aday) had a song once called Two Out of Three Ain’t Bad. Well, in this case, it is.  According to a new study, many companies haven’t updated their data breach plans since developing them, report a lack of adequate employee training on data protection, and still haven’t figured out how to guard cloud services and mobile devices.

As reported by Legaltech® News (Two Out of Three Companies Haven’t Reviewed Their Breach Preparedness Plans, Study Says, written by Sue Reisinger), a study of global companies also found that just over half of professionals believed their C-suite executives knew the company’s plan to deal with a breach.  The “Seventh Annual Study: Is Your Company Ready for a Big Data Breach?” was sponsored by Experian Data Breach Resolution and conducted by Ponemon Institute.

“I was surprised that two out of three respondents said they haven’t reviewed or updated their data breach preparedness plans,” said Michael Bruemmer, vice president of data breach resolution and consumer protection at Experian. “Preparedness plans can’t be a binder on a shelf that are not active and fluid plans. They should be reviewed and updated at least on a yearly basis.”

Bruemmer said a main takeaway from the report for general counsel is that “their clients are not preparing enough by practicing [data breach drills] and updating their response plans. They should work with clients to ensure this piece is a well-oiled machine.”

The study showed that 55% of respondents believed their C-suite executives knew the company’s plan to deal with a breach, but Bruemmer said the number should be higher. He recommended that general counsel make sure the CEO and C-suite “are knowledgeable and prepared for a data breach response. We have witnessed many leaders ill-equipped to handle the consumer response after a data breach.”

Here are some other notable study findings:

  • About 36% of respondents reported their organization had a ransomware attack last year with only 20% feeling confident in their ability to deal with it. The average ransom was $6,128 and 68% of respondents say it was paid.
  • Spear phishing attacks are pervasive, with 69% of respondents reporting one or more attacks and 67% saying the negative consequences of these attacks were very significant. Bruemmer called these threats “rudimentary at this point, and … a strong employee training program against these attacks [is] a must.”
  • Some 68% of respondents said their company has put more resources toward security technologies to detect and respond quickly to a breach. Still data breaches are increasing, with significantly more organizations reporting data breaches than ever before. “Consequently, confidence levels among executives to thwart spear phishing and other common attacks have declined,” according to the report.
  • More organizations at 54% report they have a high ability to comply with the European Union’s General Data Protection Regulation, compared with only 36% a year ago.

You can download a copy of the study from the Experian web site here.

So, what do you think?  Are you surprised by any of these findings?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Image Copyright © Page Six

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

FBI Says Half of $3.5 Billion Cyber Losses in 2019 Were Due to Business Email Scams: Cybersecurity Trends

The FBI’s Internet Crime Complaint Center (IC3) reported that it received over 460,000 internet and cyber-crime complaints in 2019, which the agency estimates caused losses of more than $3.5 billion, the bureau wrote in its yearly internet crime report released earlier this month.  And, about half of that is due to BEC (Business Email Compromise), aka EAC (Email Account Compromise) crimes, which are sophisticated scams targeting businesses and individuals performing wire transfer payments.

This was reported by ZDNet (FBI: BEC scams accounted for half of the cyber-crime losses in 2019, written by Catalin Cimpanu – hat tip to Sharon Nelson of the excellent Ride the Lightning blog).

“At its heart, BEC relies on the oldest trick in the con artist’s handbook: deception,” the FBI said back in 2017, when it started receiving an increased number of BEC scams reports.

A typical BEC scam happens after hackers either compromise or spoof an email account for a legitimate person/company. They use this email account to send fake invoices or business contractors. These are sent to employees in the same company, or upstream/downstream business partners.

The idea is to trick counterparts into wiring money into the wrong bank accounts.

BEC scams are popular because they’re (1) dead simple to execute, and (2) don’t require advanced coding skills or complex malware.  And, they pay BIG.  There were only 23,775 BEC victims last year, but they accounted for over $1.77 billion in losses for victims, which is an average of $75,000 per complaint.  Wow.  Here’s a breakdown of the loss amounts and victim counts by crime type over last year – as you can see, BEC crimes are almost four times as large as any other by total loss amount, but only sixth in total number of victims:

I wrote (almost to the day, no less) about an email I received last year that I suspect was a BEC scam that appeared to be from CloudNine’s co-founder Brad Jenkins.  But I could tell that it wasn’t because it was identified as an external email.  At CloudNine, we mark any emails coming from an external source to identify them as an external email, which is inserted into the received email to help recipients differentiate between real and fake CloudNine emails.  It’s easy to set up and an effective way to flush out those BEC scam emails.

BTW, the map at the top shows the number of complaints by state and, as you can see, California was the only state with over 30,000 complaints (while Florida, Texas and New York had between 20,000 and 30,000).  But the map is a bit deceiving in this respect – California had 50,132 complaints last year, nearly double that of the next highest states (Florida and Texas, which tied at 27,178 complaints).  Ouch.

So, what do you think?  Do you know someone who has been victimized by a BEC scam?  Please share any comments you might have or if you’d like to know more about a particular topic.

Images Courtesy of 2019 FBI Internet Crime Report

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

How Long Will it Take to Crack Your Password?: Cybersecurity Trends

Have I mentioned lately how much I love an infographic?  Well, I do. And this latest infographic that I have come across – from a Facebook friend who is also a colleague nonetheless – is a great one to note when considering your own passwords.

As you can see from the infographic above, the size and composition of your password could dramatically affect how long it takes to crack the password.  For example:

  • If you have a password that is numbers only, a password that is as much as eight numbers (that’s nearly 100 million number combinations) can still be cracked instantly;
  • Even if that number only password is 14 numbers (that’s nearly 100 trillion number combinations), it only takes four days to crack a password even that size;
  • Want to use all upper and lower case letters instead? That will help somewhat, but a five-letter password can still be cracked instantly;
  • And a nine-letter password will still only take 4 days to crack;
  • Want to mix numbers and upper and lower case letters? You’d better use more than seven characters or it will take no more than 3 hours to crack your password;
  • Even with eight characters, it could still take as few as ten days;
  • If you add in symbols, then a seven character password could still take less than a day;
  • But, if you add an eighth character, that pushes the time up to 57 days. Add a ninth character? That pushes the time up to 12 years;
  • But, notably, size does matter – when it comes to passwords and other things. ;o)  An 18 number password still takes 126 years to crack, an 18 letter password takes a trillion years, an 18 number and letter password takes 374 trillion years and an 18 number, letter and symbol password takes 1 quintillion years!

Ain’t nobody got time for that!

Interesting!  Of course, that’s one school of thought – here’s another, straight from the man who originally wrote password advice for the National Institute of Standards and Technology (NIST) and ultimately decided that advice was wrong.  And, here’s a case from last year involving a criminal defendant who used a 64-character password to protect his device!

As I mentioned, I got this infographic from a Facebook friend – Michael Potters, who is also the CEO and Managing Partner of the Glenmont Group.  It may be available in other places (not sure where it started), but I got it from Michael, so hat tip to him for the info!

So, what do you think?  Does this change your thinking about password creation?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

How Many States Have Outlawed Ransomware? You May Be Shocked: Cybersecurity Trends

Care to hazard a guess?  Ten?  Twenty?  More?  Try TWO.  Maryland is currently considering a bill to become only the third state after Michigan and Wyoming, to criminalize the possession and distribution of ransomware.

As noted by Bitdefender’s Hot for Security blog (with hat tip to Sharon Nelson’s Ride the Lightning blog), the bill understandably makes exceptions for penetration testing, security researchers, and other legitimate reasons to own ransomware.

Certainly a motivating factor may have occurred when hackers hit Baltimore, Maryland’s largest city, with a RobbinHood ransomware attack on May 7, 2019. All administrative transactions, payments and communications were frozen after city officials refused to pay the attackers. It took them more than eight weeks to restore all systems.  Following the attack, Baltimore City’s board allocated $10 million to an emergency ransomware response to prevent similar attacks. When the dust settled, the city estimated recovery costs at $18 million.

The current law in Maryland specifies that a cyberattack that incurs damages of less than $10,000 is a misdemeanor and carries a punishment of up to five years in prison and a fine up to $10,000. If the damages pass the $10,000 mark, it turns into a felony, and the punishment goes up to 10 years in prison.  The bill would dispense with limits for damages and raises the punishment to up to 10 years, even if it’s a misdemeanor.

This while the Insurance Journal reported (via Reuters – hat tip again to Ride the Lightning) last week that U.S. insurers are ramping up cyber-insurance rates by as much as 25% and trying to curb exposure to vulnerable customers after a surge of costly claims.  While there were 6% fewer ransomware incidents in 2019 versus the prior year (according to Malwarebytes), the average ransom of $41,198 during the 2019 third quarter more than tripled from the first quarter, according to Coveware, which helps negotiate and facilitate the payments.

By the way, if you remember our post from a couple of weeks ago regarding Apple and Attorney General William Barr’s claim that they weren’t helping to crack into password-protected iPhones used by Pensacola Navy base shooter Mohammed Saeed Alshamrani (Apple, for their part, disputed Barr’s assessment that it failed to provide “substantive assistance”), Naked Security reported that Apple, under pressure from the FBI, backed off plans to let iPhones users have end-to-end encryption on their iCloud backups.  Where did I find that out?  You guessed it – Ride the Lightning (via Sharon’s post here).  It’s the RTL trifecta!  :o)

Just a reminder, CloudNine will be once again exhibiting next week at Legaltech, at booth 3000 in America’s Hall 2.  And, we’re once again excited to be co-sponsoring the annual #DrinkswithDougandMary cocktail reception with Mary Mack, Kaylee Walstad and the rest of the EDRM team!  This is our fourth year and we’re grateful to Marc Zamsky and Compliance Discovery for co-sponsoring as well.  It will once again be at Ruth’s Chris Steak house and will happen Wednesday, February 5 from 4-6pm.  You can register to attend here.  And, as I told you on Wednesday, we will be conducting another NineForum education series of TED-talk discussions from our booth, so please check that out as well!

So, what do you think?  Are you surprised that there are only TWO states that criminalize ransomware?  Seriously, TWO?!?  Please share any comments you might have or if you’d like to know more about a particular topic.

Ransom Image Copyright © Touchstone Pictures

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Here’s Another Updated Commentary from The Sedona Conference: eDiscovery Best Practices

Last Friday, we covered one updated commentary from The Sedona Conference® (TSC) and promised to cover another one this week.  Consider our promise kept!  :o)

On January 10, TSC and its Working Group 11 on Data Security and Privacy Liability (WG11) announced the publication of the January 2020 final version of The Sedona Conference Incident Response Guide.

The mission of WG11 is to identify and comment on trends in data security and privacy law in an effort to help organizations prepare for and respond to data breaches, and to assist attorneys and judicial officers in resolving questions of legal liability and damages.  WG11 developed the Incident Response Guide to provide a comprehensive but practical guide to help practitioners and organizations deal with the multitude of legal, technical, and policy issues that arise whenever a data breach occurs.

The Incident Response Guide is intended to help organizations prepare and implement an incident response plan and, more generally, to understand the information that drives the development of such a plan. It has been created by thought leaders in the industry and reflects both the practical lessons learned and legal experience gained by the drafters from direct experience responding to incidents, from representation of affected clients, and from the promulgation of rules and guidelines on national and international levels, and is intended to provide general guidance on the topic.

A couple of interesting and curious things about this guide, compared to other TSC guides we’ve covered in the past:

  • The Public Comment version of the Guide was developed way back in March 2018, almost two years ago
  • The guide starts on page 124 and goes to page 262?!? At least in the version I just downloaded this weekend.  Hmmm…

Regardless, there are essentially seven parts in the 139-page(!) (PDF) Commentary (after the Introduction, Part I), plus six appendices.  The Guide covers various topics like pre-incident planning, the incident response plan and executing it, key collateral issues and basic notification requirements.  The appendices include a Model Incident Response Plan and Model Notification Letter and Model Attorney General Breach Notification examples.

You can download a copy of the Commentary here (login required, which is free).  BTW, do you know how many states have security breach notification laws?  You might be surprised!

So, what do you think?  Does your organization have a incident response plan for data security?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Friday the 13th is Unlucky for the City of New Orleans. Almost. Maybe.: Cybersecurity Trends

In Friday’s post about Norton Rose Fulbright’s 2019 Litigation Trends Annual Survey, one of the most notable trends was that 44 percent of corporate respondents identified Cybersecurity/data privacy as the most likely new source of dispute for their business on the horizon, which was more than four times the next likely sources.  Cybersecurity is also a big challenge for municipalities as we saw on Friday.

According to Forbes (New Orleans Declares State Of Emergency Following Cyber Attack, written by Davey Winder), the City of New Orleans suffered a cybersecurity attack last Friday serious enough for Mayor LaToya Cantrell to declare a state of emergency.

The attack started at 5 a.m. CST on Friday, according to the City of New Orleans’ emergency preparedness campaign, NOLA Ready, managed by the Office of Homeland Security and Emergency Preparedness. NOLA Ready tweeted that “suspicious activity was detected on the City’s network,” and as investigations progressed, “activity indicating a cybersecurity incident was detected around 11 a.m.” As a precautionary measure, the NOLA tweet confirmed, the city’s IT department gave the order for all employees to power down computers and disconnect from Wi-Fi. All city servers were also powered down, and employees told to unplug any of their devices.

During a press conference, Mayor Cantrell confirmed that this was a ransomware attack. A declaration of a state of emergency was filed with the Civil District Court in connection with the incident.

NOLA Ready said that emergency communications had not been affected. Although the “Real-Time Crime Center” had been powered down, public safety cameras were still recording, and incident footage would be available if needed. The police and fire departments continued to operate as usual, and the ability to respond to 911 calls was not impacted.

The ransomware attack that has hit New Orleans follows another that targeted the state of Louisiana in November. Louisiana school district computers were also taken offline, and a state of emergency declared, in response to a ransomware attack in July. It isn’t yet known if the two were connected. However, in August, 23 government agencies were taken offline by a cyber-attack on the State of Texas. Which suggests that U.S. municipalities are firmly in the crosshairs of ransomware threat actors.

Gee, you think?  Apparently, any business is in the crosshairs these days, if they have enough money.  After all, why do hackers hack, if not for the money.

So, what do you think?  Does your organization have a plan if it’s hit by a ransomware attack?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Today’s Webcast Will Help You Learn about Important eDiscovery Developments for 2019: eDiscovery Webcasts

2019 was another busy year from an eDiscovery, cybersecurity and data privacy standpoint.  So busy, we couldn’t fit it all into a single webcast!  Nonetheless, what do you need to know about those important 2019 events?  Today’s webcast will discuss what you need to know about important 2019 events and how they impact your eDiscovery, data privacy and cybersecurity efforts.

Today at noon CST (1:00pm EST, 10:00am PST), CloudNine will conduct the webcast 2019 eDiscovery Year in Review.  In this one-hour webcast that’s CLE-approved in selected states, we will discuss key events and trends in 2019, what those events and trends mean to your discovery practices and provide our predictions for 2020. Key topics include:

  • How Much Data is Being Transmitted Every Minute on the Internet in 2019
  • What a Lawyer’s Notification Duty When a Data Breach Occurs
  • General Data Protection Regulation (GDPR) and Data Privacy Fines
  • Biometric Security and Data Privacy Litigation
  • Cell Phone Passwords and the Fifth Amendment
  • How Organizations Are Doing on Compliance with the California Consumer Privacy Act (CCPA)
  • Social Media and Judges Accepting “Friend” Requests from Litigants
  • How #metoo and Investigations are Impacting eDiscovery within Organizations
  • Whether Emojis Are the Next eDiscovery Challenge
  • The Challenge to Obtain Significant Spoliation Sanctions under the New Rule 37(e)
  • Whether Lawyers Are “Failing” at Cybersecurity?
  • Outside Hackers vs. Internal Employees As Cybersecurity Threat
  • Sanctions Resulting from Inadvertent Disclosure of Privileged Information

As always, I’ll be presenting the webcast, along with Tom O’Connor.  To register for it, click here – it’s not too late! Even if you can’t make it, go ahead and register to get a link to the slides and to the recording of the webcast (if you want to check it out later).  If you want to learn how key events and trends in 2019 can affect your eDiscovery practice in 2020, this webcast is for you!

So, what do you think?  Do you have FOMO (fear of missing out) on important info for 2019?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

The Password Reuse Problem Has Still Not Gone Away: Cybersecurity Trends

This isn’t a throwback post – that comes tomorrow.  But, it’s worth noting that we covered a story over two years ago where the guy who recommended we change our passwords periodically and require passwords that combine upper case letters, lower case letters, numbers and special characters admitted that was bad advice.  But, people – and systems – still seem to support the old ways.  That’s so 2003!

As discussed in Help Net Security (The password reuse problem is a ticking time bomb, written by Michael Greene), In the first six months of 2019, data breaches exposed 4.1 billion records and, according to the 2018 Verizon Data Breach Incident Report (which we covered here), compromised passwords are responsible for 81% of hacking-related breaches. The latest data from Akamai states that businesses are losing $4m on average each year due to credential stuffing attacks, which are executed by using leaked and exposed passwords and credentials.

The author recommends three key steps that organizations should take to strengthen their defenses:

  1. Prevent the use of weak, similar or old passwords: New passwords should be significantly different from the previous ones and old passwords shouldn’t be re-used. Also, fuzzy-matching is a crucial tool for detecting the use of “bad” password patterns, as it checks for multiple variants of the password (upper-lower-case variants, reversed passwords, etc.).
  2. End mandatory password resets, which don’t improve security: This policy has proven to be ineffective as it does nothing to ensure that the new password is strong and has not already been exposed. For example, changing your password from “Big5tud” to “Big5tud!” isn’t an incremental enough change to protect yourself.  ;o)  The author also notes that Microsoft and NIST guidelines (which we covered in the post two years ago) advise against this approach.
  3. Check credentials continuously: NIST advises companies to verify that passwords are not compromised before they are activated and check their status on an ongoing basis. As the number of compromised credentials expands continuously, checking passwords against a dynamic database rather than a static list is critical.

The other key step (that the author didn’t mention) is to implement two-factor authentication wherever possible and expect it from your applications.  Two-factor authentication is where the application sends you a code (via text or email – the means for sending may vary depending on the platform) once you provide your password that you have to enter to then be able to access the application.  Unless a hacker can also access your email account or see your texts, that second layer of security helps protect against hacking of your account via just your password.  According to this infographic from Symantec, 80 percent of data breaches due to stolen credentials could have been eliminated with the use of two-factor authentication.

We’ve known all of this information for at least a couple of years now, yet organizations continue to move slowly in making changes.  Maybe by 2031?

So, what do you think?  Does your organization require you to change passwords periodically?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

According to the ABA, Lawyers are “Failing at Cybersecurity”: Cybersecurity Trends

In these days of increased data privacy emphasis with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), how are lawyers doing with regard to cybersecurity within their firms?  According to the American Bar Association Legal Technology Resource Center’s ABA TechReport 2019, they are “failing at cybersecurity”.

In the ABA Journal article (Lawyers are failing at cybersecurity, says ABA TechReport 2019, by Jason Tashea), the author reports this quote from an accompanying article on cybersecurity released last Wednesday: “In fact, the results are shocking and reflect little, if any, positive movement in the past year or even in the past few years. The lack of effort on security has become a major cause for concern in the profession.”

The annual report looks at how attorneys use all kinds of technology in their practices. Articles on cloud computing, cybersecurity and websites and marketing were released free online. There are six more articles that will be released Wednesdays through Dec. 18.

The survey found that the most popular security measure being used by 35% of respondents was secure socket layers (SSL), which encrypt computer communications, including web traffic. Only 27% make local data backups. Since 2018, the number of respondents reading vendor privacy policies fell from 38% to 28%. A mere 23% investigated a vendor’s history, even though 94% said vendor reputation mattered when deciding who to contract with.

Only 35% of attorneys use SSL?!?  I have a feeling that many more use it, but don’t realize it.

Meanwhile, slightly more than a quarter of respondents (26%) reported their firm had had a security breach.  In addition, 19% of respondents who reported said that they do not know whether their firm has ever experienced a security breach.  So, the percentage of firms that have experienced a security breach could be quite a bit higher.

Consequences of security incidents included consulting fees for repair (37%), downtime/loss of billable hours (35%), expense for replacing hardware or software (20%), destruction or loss of files (15%), notifying law enforcement of breach and notifying clients of the breach (9% each), unauthorized access to other (non-client) sensitive data (4%), and unauthorized access to sensitive client data (3%).

Only 9% of firms notifying clients of the breach?!?  Ruh-roh.

The ABA Legal Technology Resource Center Tech Survey 2019 is available here.  It’s in five volumes, each available for $350 (non-members) or $300 (members).

BTW, the Legal Technology Resource Center of the ABA used to have a publicly available page with Cloud Ethics Opinions Around the U.S., showing a map of states that had a cloud ethics opinion (we’ve covered it a handful of times, the last being about 2 1/2 years ago here, when there were 21 states that had one, including one that the ABA didn’t have on its site).  That page is now inactive and I can’t find it via a search on the website.  If anybody knows if it’s still available in some form on the ABA website, let me know.

So, what do you think?  Are you surprised by any of the ABA findings on cybersecurity?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.