Privacy

Rule Change Could Facilitate the Government’s Ability to Access ESI in Criminal Investigations: eDiscovery Trends

A rule modification adopted by the United States Supreme Court that significantly changes the way in which the government can obtain search warrants to access computer systems and electronically stored information (ESI) of suspected hackers could go into effect on December 1.

On April 28, the Supreme Court submitted the amendments to the Federal Rules of Criminal Procedure that were adopted by the Supreme Court of the United States pursuant to Section 2072 of Title 28, United States Code.  One of those proposed rule changes, to Federal Rule of Criminal Procedure 41, would enable “a magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside that district if:”

  • “the district where the media or information is located has been concealed through technological means; or”
  • “in an investigation of a violation of 18 U.S.C. § 1030(a)(5), the media are protected computers that have been damaged without authorization and are located in five or more districts.”

Currently, the government can only obtain a warrant to access ESI from a magistrate in the district where the computer with the stored information is physically located.

As reported in JD Supra Business Advisor (Come Back With a Warrant: Proposed Rule Change Expands the Government’s Ability to Access Electronically Stored Information in Criminal Investigations, written by Thomas Kurland and Peter Nelson), proponents of the rule change say it is necessary to allow the government to respond quickly to cyber-attacks of unknown origin – particularly malicious “botnets” – which are becoming increasingly common as hackers become ever more sophisticated.

However, others say the rule change will significantly expand the government’s power to search computers without their owners’ consent – regardless of whether those computers belong to criminals or even to the victims of a crime.  One US senator, Ron Wyden of Oregon, has called for Congress to reject the rules changes, indicating that they “will massively expand the government’s hacking and surveillance powers” and “will have significant consequences for Americans’ privacy”.  He has indicated a “plan to introduce legislation to reverse these amendments shortly, and to request details on the opaque process for the authorization and use of hacking techniques by the government”.

So, what do you think?  Will Congress reverse these amendments?  Should they?  Please share any comments you might have or if you’d like to know more about a particular topic.

Just a reminder that I will be moderating a panel at The Masters Conference Windy City Cybersecurity, Social Media and eDiscovery event tomorrow (we covered it here) as part of a full day of educational sessions covering a wide range of topics.  CloudNine will be sponsoring that session, titled Faster, Cheaper, Better: How Automation is Revolutionizing eDiscovery at 4:15.  Click here to register for the conference.  If you’re a non-vendor, the cost is only $100 to attend for the full day!

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

The Next Batch of “Dirty Laundry” within the “Panama Papers” Will Be Searchable: eDiscovery Trends

“Kick ’em when they’re up, Kick ’em when they’re down, Kick ’em when they’re up, Kick ’em all around” – this seems to be my week for covering Don Henley songs.  Based on reports, the next batch of “Dirty Laundry” from the “Panama Papers” will not only provide more details about hundreds of thousands of secret offshore entities, it will also be searchable.

According to CNET (Panama Papers Part 2: The world’s dirty laundry becomes searchable, written by Claire Reilly), the International Consortium of Investigative Journalists (ICIJ) will release on Monday, May 9 a searchable database with information on more than 200,000 offshore entities that are part of the “Panama Papers” investigation.

As the ICIJ stated in its announcement, “The database will likely be the largest ever release of secret offshore companies and the people behind them… When the data is released, users will be able to search through the data and visualize the networks around thousands of offshore entities, including, when available, Mossack Fonseca’s internal records of the company’s true owners. The interactive database will also include information about more than 100,000 additional companies that were part of the 2013 ICIJ Offshore Leaks investigation.”

The ICIJ also stated that the information “will not be a ‘data dump’ of the original documents – it will be a careful release of basic corporate information.”

Since its release due to a data breach of 11.5 million documents (2.6 total TB of data) at Panamanian law firm Mossack Fonseca, the “Panama Papers” investigation has led to high profile resignations, including the prime minister of Iceland.  It also has triggered official inquiries in multiple countries; and put pressure on world leaders and other politicians to explain their connections to offshore companies. It sparked a new sense of urgency among lawmakers and regulators to close loopholes and make information about the owners of shell companies public.

Last month, founding partner Ramon Fonseca claimed that, despite the huge amount of data exposed, the data breach was not an inside job.  “We rule out an inside job. This is not a leak. This is a hack,” he told Reuters at the company’s headquarters in Panama City’s business district.

So, what do you think?  What lessons, if any, can be learned from the Panama Papers fiasco?  Please share any comments you might have or if you’d like to know more about a particular topic.

Thanks to Sharon Nelson’s Ride the Lightning blog for the tip on the story!

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Well, That Didn’t Take Long! Apple v. the US Government Gears Up for Round Two: eDiscovery Trends

When the FBI was able to access the iPhone used by one of the gunmen in the San Bernardino terrorist shooting, effectively ending the six week dispute between Apple and the FBI over privacy and security, we said the battle was over – for now.  Apparently, “for now” was the same as “not for long”.

According to re/code (Apple-FBI Encryption Battle Shifts to New York, written by Dawn Chmielewski), the U.S. Attorney’s office notified a federal judge in Brooklyn on Friday that the government plans to press forward with its request to have Apple assist in unlocking a phone seized in a Brooklyn drug case, moving the low-profile case to center stage in the ongoing debate over encryption.

“The government’s application is not moot and the government continues to require Apple’s assistance in accessing the data that it is authorized to search by warrant,” U.S. Attorney Robert Capers wrote to the court.

Apple had requested a delay in the case until it could be determined whether the FBI’s new technique for hacking an iPhone 5c used by one of the San Bernardino shooters could also unlock the device in the Brooklyn case.

Back in February, a federal judge ordered Apple to give investigators access to encrypted data on the iPhone used by one of the San Bernardino shooters, a court order that Apple has fought, accusing the federal government of an “overreach” that could potentially breach the privacy of millions of customers.  That same day, Apple CEO Tim Cook published an open letter, pledging to fight the judge’s ruling that it should give FBI investigators access to encrypted data on the device.  And, the two sides battled over the issue in court until the FBI was successfully able to access the iPhone on its own toward the end of March.

As many predicted, it was only a matter of time before another dispute with a government agency over Apple security made its way to the courtroom.  When that government agency is not able to find a way to access the Apple device and requests assistance from the court, I would expect to see a long drawn-out court battle over the issue – one that privacy and security advocates will undoubtedly continue to debate.

So, what do you think?  Is this the case where the true battle between Apple and the US government will be waged?  Please share any comments you might have with us or let us know if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

“Panama Papers” Hack Wasn’t an Inside Job, Says Founding Partner: eDiscovery Trends

It seems that everybody is talking about the huge data leak of 11.5 million documents (2.6 total TB of data – that’s right, terabytes) at Panama-based law firm Mossak Fonseca that appears to have exposed illicit offshore holdings of global political leaders and celebrities (among others), dubbed the “Panama Papers”.  Now, a founding partner at the firm has indicated that the leak was not an inside job.

“We rule out an inside job. This is not a leak. This is a hack,” founding partner Ramon Fonseca told Reuters at the company’s headquarters in Panama City’s business district.  “We have a theory and we are following it,” he continued, without elaborating.

“We have already made the relevant complaints to the Attorney General’s office, and there is a government institution studying the issue,” he added, flanked by two press advisers.

Claiming that “[t]he (emails) were taken out of context”, Fonseca said that “The only crime that has been proven is the hack.  No one is talking about that. That is the story.”

As the Reuters article notes, governments across the world have begun investigating possible financial wrongdoing by the rich and powerful after the International Consortium of Investigative Journalists (ICIJ) published a report on Monday based upon a yearlong study of some 2.6 TB of leaked data, mostly emails from the law firm that span four decades.

The papers have revealed financial arrangements of prominent figures, including friends of Russian President Vladimir Putin, relatives of the prime ministers of Britain and Pakistan and Chinese President Xi Jinping, and the president of Ukraine.  On Tuesday, Iceland’s prime minister, Sigmundur David Gunnlaugsson, resigned, becoming the first casualty of the leak.

The idea that the data was hacked externally as opposed to someone inside the firm stealing or copying a hard drive or tape seems difficult to believe.  It takes a long time to transmit 2.6 terabytes of data – we’re talking weeks, not days, of continuous transmission.  Either the firm was utterly clueless as their sensitive data was being pulled right out from under their noses for a long period of time or there is more to the story.

One story that was somewhat humorous this week was that George Mason University was forced to tweak the renaming of its law school to honor the late Supreme Court Justice Antonin Scalia because of an unfortunate acronym.  The school had to change the proposed name from the Antonin Scalia School Of Law (see the problem here?) to the Antonin Scalia Law School.

The acronym for Mossak Fonseca is an unfortunate acronym too.  I’ll bet when the members of that firm realized that their data had escaped out into the public, they uttered a few unfortunate acronyms of their own (possibly in both Spanish and English).

So, what do you think?  Do you believe that the data was hacked from the outside?  Or do you think something else happened?   Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Breaking News: The BIG Battle between Apple and the FBI is Over – For Now: eDiscovery Trends

Last week, we reported that the FBI said that it might no longer need Apple’s assistance in opening an iPhone used by a gunman in the San Bernardino, Calif., rampage last year.  Looks like that was the case.

According to CNN Money (FBI says it has cracked terrorist’s iPhone without Apple’s help, written by Jackie Wattles and Laurie Segall), the Department of Justice says the FBI has accessed the iPhone used by one of the gunmen in the San Bernardino terrorist shooting, with the help of an unnamed third party.  Saying that it has successfully retrieved the data from the phone, the Justice Department is asking the court to vacate its order from last month for Apple’s assistance.

“The FBI has now successfully retrieved the data stored on the San Bernardino terrorist’s iPhone and therefore no longer requires the assistance from Apple required by this Court Order,” DOJ spokeswoman Melanie Newman said in a statement.

Government officials did not go into detail about what was found on the phone.

The two sides were due in court last week, but the judge granted a last minute request from the DOJ to postpone the hearing, saying an unidentified “outside party” came to the FBI with an alternative method for hacking into the phone.  On Monday, the DOJ said the method only works on this particular phone, which is an iPhone 5C running a version of iOS 9 software.

A law enforcement official, speaking to reporters on condition of anonymity, would not reveal how it pulled off this hack. He would not name the “third party” that helped the FBI. And he refused to say whether the FBI will disclose this hacking method to Apple so the company can protect future phones from being hacked this way.  “We can’t comment on the possibility of future disclosures at this point,” the law enforcement official said.

Last month, a federal judge ordered Apple to give investigators access to encrypted data on the iPhone used by one of the San Bernardino shooters, a court order that Apple has fought, accusing the federal government of an “overreach” that could potentially breach the privacy of millions of customers.  That same day, Apple CEO Tim Cook published an open letter, pledging to fight the judge’s ruling that it should give FBI investigators access to encrypted data on the device.  And, the two sides have battled over the issue in court over the past month.

So, who is this “outside party”?  Was Steve Jobs resurrected over the weekend?  It was Easter, after all.  :o)  Regardless, it appears that the dispute is over – at least until the next time that the DOJ and the FBI need to hack into an Apple device.

So, what do you think?  Do you think we will see more disputes like this in the future?  Please share any comments you might have with us or let us know if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

FBI May Be Able to Unlock Terrorist’s iPhone without Apple’s Help: eDiscovery Trends

In court on Monday, the FBI said that it might no longer need Apple’s assistance in opening an iPhone used by a gunman in the San Bernardino, Calif., rampage last year.

According to The New York Times (U.S. Says It May Not Need Apple’s Help to Unlock iPhone, written by Katie Benner and Matt Apuzzo), in its court filing, the government said an outside party had demonstrated a way for the FBI to possibly unlock the phone used by the gunman, Syed Rizwan Farook. The hearing in the contentious case — Apple has loudly opposed opening the iPhone, citing privacy concerns and igniting a heated debate — was originally set for Tuesday.

In its filing, the Justice Department, while noting that the method must be tested, stated that if it works “it should eliminate the need for the assistance from Apple”. The Justice Department added that it would file a status report by April 5 on its progress.  Judge Sheri N. Pym, the federal magistrate judge in the United States District Court for the Central District of California who was set to hold the hearing, agreed to grant the Justice Department’s motion to postpone the hearing.

As the article notes, “The emergence of a potential third-party method to open the iPhone was a surprise, as the government said more than a dozen times in court filings that it could open the phone only with Apple’s help. The FBI director, James B. Comey Jr., also reiterated that point several times during a hearing before Congress on March 1.”

Last month, a federal judge ordered Apple to give investigators access to encrypted data on the iPhone used by one of the San Bernardino shooters, a court order that Apple has fought, accusing the federal government of an “overreach” that could potentially breach the privacy of millions of customers.  That same day, Apple CEO Tim Cook published an open letter, pledging to fight the judge’s ruling that it should give FBI investigators access to encrypted data on the device.  And, the two sides have battled over the issue in court over the past month.

In the meantime, everyone from Google Chief Executive Sundar Pichai to Donald Trump has weighed in on whether Apple should help unlock the iPhone for the investigation.  In addition, Apple claimed that had the passcode to Syed Farook’s iPhone not been reset hours after the shooting (at the consent of the FBI), the company would have been able to initiate a backup of the phone’s data to its associated iCloud account in order to retrieve its contents.  And, PCWorld reported that if San Bernardino County had been using a Mobile Device Management (MDM) service on its employees’ devices, they “would have been able to clear the device’s passcode in a matter of seconds” and the whole issue would have been moot (at least this time).

So, what do you think?  Who is this outside party and will they be able to eliminate the dispute between Apple and the FBI or only delay it?  Please share any comments you might have with us or let us know if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

DOJ and FBI Respond to Apple’s Letter Regarding Breaking Encryption of San Bernardino Shooter’s iPhone: eDiscovery Trends

It probably comes as no surprise that the government didn’t take Apple’s opposition to the Federal order to give investigators access to encrypted data on the iPhone used by one of the San Bernardino shooters lying down.

According to the ABA Journal, on Friday, federal prosecutors filed a motion to compel Apple to unlock the killer’s iPhone.  In its motion, the Department of Justice said that Apple is “not above the law”.  “Apple’s current refusal to comply with the court order’s order, despite the technical feasibility of doing so, instead appears to be based on its concern for its business model and public brand marketing strategy,” the DOJ wrote in its filing, stating that Apple shouldn’t be allowed to “design and market its products to allow technology, rather than the law, to control access to data”.

Then, on Sunday, the FBI also responded to Apple’s opposition.  According to NBC News, FBI Director James Comey said forcing Apple to help unlock the iPhone of one of the San Bernardino shooters is no big deal.  “We don’t want to break anyone’s encryption or set a master key loose on the land,” Comey said in a statement Sunday night, insisting that vital decisions involving safety from terrorists shouldn’t be left in the hands of “corporations that sell stuff for a living.”

In the meantime, everyone from Google Chief Executive Sundar Pichai to Donald Trump is weighing in on whether Apple should help unlock the iPhone for the investigation.  And, Apple is claiming that had the passcode to Syed Farook’s iPhone not been reset hours after the shooting (at the consent of the FBI), the company would have been able to initiate a backup of the phone’s data to its associated iCloud account in order to retrieve its contents.  And, PCWorld is reporting that if San Bernardino County had been using a Mobile Device Management (MDM) service on its employees’ devices, they “would have been able to clear the device’s passcode in a matter of seconds” and the whole issue would have been moot.

So, what do you think?  Do any of the recent developments and statements change your opinion about whether Apple should or should not help the FBI break into the iPhone?  Please share any comments you might have with us or let us know if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Apple in Court Battle Over Access to San Bernardino Shooter’s iPhone: eDiscovery Trends

In a case that pits national security vs. privacy concerns, a federal judge on Tuesday ordered Apple to give investigators access to encrypted data on the iPhone used by one of the San Bernardino shooters, a court order that Apple has vowed to fight, accusing the federal government of an “overreach” that could potentially breach the privacy of millions of customers.

According to NBC News, in a 40-page filing, the U.S. Attorney’s Office in Los Angeles argued that it needed Apple to help it find the password and access “relevant, critical … data” on the locked cellphone of Syed Farook, who with his wife Tashfeen Malik murdered 14 people in San Bernardino, California on December 2.

The judge ruled that Apple had to provide “reasonable technical assistance” (that it had previously “declined to provide voluntarily”) to the government in recovering data from Farook’s iPhone 5c, including bypassing the auto-erase function and allowing investigators to submit an unlimited number of passwords in their attempts to unlock the phone. Apple was given five days to respond to the court if it believed that compliance would be “unreasonably burdensome.”

Apple CEO Tim Cook published an open letter late Tuesday, pledging to fight a judge’s ruling that it should give FBI investigators access to encrypted data on the device.

“We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone”, Cook wrote.  “The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.”

Stating that creation of a tool to unlock the iPhone would be “the equivalent of a master key, capable of opening hundreds of millions of locks – from restaurants and banks to stores and homes”, Cook wrote that “[n]o reasonable person would find that acceptable.”  “Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.”

Yesterday, the Today show covered the dispute as its top story – even before covering the election and Donald Trump (imagine that!).  A link to the video and more on the story is available on the NBC News site here.  The experts interviewed on the show expected to court battle to continue for some time.

So, what do you think?  Does Apple have legitimate concerns or is it their duty to assist the government and create a tool to unlock the iPhone?  Please share any comments you might have with us or let us know if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

“We Don’t Need No Stinking Badges” – On Facebook: eDiscovery Case Law

If you’re near my age and love movies, you probably love the classic Mel Brooks comedy Blazing Saddles.  My favorite quote from that movie is when the bandido says “Badges?  We don’t need no stinking badges!”*  Apparently, there’s a new trend where people post pictures of their employee badges on social media.  Guess what that leads to?  Hacker access into their employer’s facilities.

According to an article on Forbes.com (Here’s Why Your Employer Gets Nervous When You Post Pictures On Facebook), there’s a new trend on social media where people are posting photos of their new employee ID badges called “badge bragging”.  Not surprisingly, according to Brian Varner, Cyber Security Services at Symantec, this trend can give a cyber criminal enough information to compromise personal or company security systems.

One example he cited involved a person who just started a new job at a prestigious hospital. He posted a photo of his new employee ID badge on social media. With just that photo, a hacker could copy the security bar code and make a fake badge to gain access to various systems. Also, the hacker would know the employee’s full name, department he worked in, his education, and the date he started.

Varner identified a few best practices that included developing a policy for employees that addresses posting images or details about work activities online, making security training a part of new employee onboarding and regular reinforcement of good security “hygiene” with constant communication to reinforce best practice behavior.

It’s amazing the ways that hackers can get personal information these days – avoiding security breaches is more challenging than ever.

*By the way, here’s a little trivia: this is not the first time that quote appeared on film or TV.  Most people think the Blazing Saddles quote is taken directly from the classic (not comedy) movie The Treasure of the Sierra Madre.  But, that quote is a little bit different (“Badges? We ain’t got no badges! We don’t need no badges!  I don’t have to show you any stinking badges!”).

The exact quote actually appeared first in an episode of the sixties TV comedy show The Monkees (the first episode of Season 2 in 1967, 6 1/2 years before it was used in Blazing Saddles).  Maybe Mel Brooks was a fan of The Monkees?  Stump your friends with that little piece of trivia!

So, what do you think?  Does your organization have policies in place regarding information shared by employees on social media?  Please share any comments you might have or if you’d like to know more about a particular topic.

Image Copyright © Warner Bros. Inc.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

In The Era of the Data Breach, Pandora’s Box Could be a Flash Drive: eDiscovery Trends

Here’s an interesting pop quiz for you.  Which option would you pick?

You’re waiting for your train. You spot a flash drive on a bench.

Do you:

  1. Pick it up and stick it into a device?
  2. Leave no stone unturned to find the owner, opening text files stored on the drive, clicking on links, and/or sending messages to any email addresses you might find?
  3. Keep your hands off that thing and away from your devices, given that it could be infested with malware?

Believe it or not, in a recent CompTIA study, 17% of people chose options 1 and 2 – hey, free thumb drive! Wonder who lost it…? – and plugged them into their devices.

According to an article in Naked SecurityCurious people can’t resist plugging in random flash drives, by Lisa Vaas (and by way of Sharon Nelson’s excellent Ride the Lightning blog), CompTIA recently planted 200 unbranded, rigged drives in four US cities – Chicago, Cleveland, San Francisco and Washington, D.C. – leaving them in high-traffic, public locations to find out how many people would do something risky.  Over one in six did.  And, apparently, the younger you are, the more likely you are to do so: 40% of Millennials are likely to pick up a USB stick found in public, compared with 22% of Gen X and 9% of Baby Boomers.

If you think that’s no big deal, in 2011, Sophos analyzed 50 USB keys bought at a major transit authority’s Lost Property auction, finding that 66% of them – 33 in total – were infected.  So, the risk is high.

CompTIA also commissioned a survey of 1200 full-time workers across the US, finding:

  • 94% regularly connect their laptop or mobile devices to public Wi-Fi networks. Of those, 69% handle work-related data while doing so. This isn’t surprising: past studies have found that most people (incorrectly!) think that Wi-Fi is safe;
  • 38% of employees have used their work passwords for personal use;
  • 36% use their work email address for personal accounts;
  • 63% of employees use their work mobile device for personal activities;
  • 41% of employees don’t know what two-factor authentication (2FA) is;
  • 37% of employees only change their work passwords annually or sporadically; and
  • 45% say they don’t receive any form of cybersecurity training at work.

Perhaps more training will improve these numbers, though; you would think not plugging in an unknown flash drive into your device would be common sense.  Apparently, not for everybody.

So, what do you think?  Do you have any of the above habits that leave your data vulnerable?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.