Matthew Christoff, EnCE

Subscribe to Matthew Christoff, EnCE's Posts
Contact: Read more about Matthew Christoff, EnCE

Seyfarth Synopsis: As individuals and businesses continue to focus on the rising number of confirmed Coronavirus cases throughout the world and what steps they can take to guard against infection, malicious actors are exploiting those very same fears for their own profit. A dramatic increase in the number of employees working from home coupled with overworked business and commercial IT staff has resulted in a higher likelihood that security best practices may be forgotten or disregarded entirely.

A number of recent examples are discussed below:

1. Phishing

While the U.S. Treasury[1] has issued a relatively simplistic notice warning of an increase in phishing communications with instruction to simply disregard them, the FCC[2] has provided a number of recordings of phishing attempts related to obtaining a complimentary COVID-19 testing kit and scheduling HVAC cleaning to protect against the spread of COVID-19.

Other phishing attempts seen in recent weeks involve the threat actor posing as members of the Center for Disease Control and Prevention or the World Health Organization in an attempt to legitimize their scams.  A common tactic is for these scammers to register malicious domain names (cdc-gov.org and cdcgov.org) that are similar to valid domains (cdc.gov) in order to confuse already worried recipients.
Continue Reading The Impact of COVID-19 on Cybersecurity

In Realpage Inc. v. Enter. Risk Control, LLC, 2017 BL 102339 (E.D. Tex. 2017), the court ordered Enterprise Risk Control, LLC (“Enterprise”) to produce forensic images of devices used by a former Realpage employee to a forensic neutral in order to determine whether any source code was recoverable pertaining to Realpage’s allegations of misappropriation.

Background

After leaving employment with Realpage in 2012, Tom Bean (“Bean”) started his own software development company named IDC. Bean and IDC were hired by former Realpage employee, and active Enterprise employee, Lonnie Derden (“Derden”) to design a vendor compliance application that was “completely different” than the one in place at Realpage. In July 2013, Enterprise hired Bean as a full-time employee and it was at that time that Bean transferred all of his source code for the vendor compliance application from IDC’s computers to Enterprise’s computers. According to Bean’s affidavit, he deleted all versions of his source code from IDC’s computers after the transfer.

Pursuant to this lawsuit, Enterprise made the vendor compliance application source code from July 2013 to the present available to Realpage for their analysis. During their review, Realpage found comments in the source code referencing dates from 2012 and early 2013, which Realpage argued indicated that versions of the source code from that point in time must exist. While the court rejected this argument, they recognized that Realpage’s complaints surround code that existed on or before the date that Bean transferred the source code to Enterprise. The court concluded that “a tailored [forensic] examination is appropriate at this time to determine whether the missing code is recoverable or to enable effective cross-examination as to its destruction.” Id. at *2.
Continue Reading Court Orders Enterprise to Engage in Forensic Imaging and Analysis

shutterstock_505066678On December 28, 2016, New York published a revised version of its proposed “Cybersecurity Requirements for Financial Services Companies” aimed at increasing the requirements and protections for information security, auditing, and reporting for financial institutions doing business within New York state. The regulation was announced on September 13, 2016 as the first-of-its-kind regulation to protect consumers and financial institutions and had intended to go into effect January 1, 2017. However, in response to the 45-day public comment period, a revised version was distributed mere days before the end of the year on December 28, 2016 with an expected implementation date of March 1, 2017.

Although the revised version will be subject to an additional 30-day public comment period, there are a number of key provisions in the current versions that financial institutions should be aware of:

  1. 500.02. Cybersecurity Program: The required Cybersecurity Program will be based upon the Covered Entity’s Risk Assessment (described in §500.09) and must comply with the items described in §500.02(b):
    1. identify and assess internal and external cybersecurity risks that may threaten the security or integrity of Nonpublic Information stored on the Covered Entity’s Information Systems;
    2. use defensive infrastructure and the implementation of policies and procedures to protect the Covered Entity’s Information Systems, and the Nonpublic Information stored on those Information Systems, from unauthorized access, use or other malicious acts;
    3. detect Cybersecurity Events;
    4. respond to identified or detected Cybersecurity Events to mitigate any negative effects;
    5. recover from Cybersecurity Events and restore normal operations and services; and
    6. fulfill applicable regulatory reporting obligations.
  • 500.02(c) allows a Covered Entity to adopt the cybersecurity program of an Affiliate if the Affiliate’s cybersecurity program meets the above requirements and covers the Covered Entity’s information.


Continue Reading Proposed New York Cybersecurity Bill Requires Increased Protections for Financial Industry

Over the past few years, there has been a significant increase in the number of tools available to attorneys to analyze and review electronically stored information (“ESI”) that has been collected from clients or produced by opposing parties. While courts and attorneys continue to become

Over the past few years, there has been a significant increase in the number of tools available to attorneys to analyze and review electronically stored information (“ESI”) that has been collected from clients or produced by opposing parties. While courts and attorneys continue to become comfortable with the use of tools like technology-assisted review, email threading, document clustering, and document categorization to facilitate the actual review of documents, there are a host of top-down methods for analyzing the document population as a whole that can provide helpful insight that would be difficult, if not impossible, to obtain through a document-by-document analysis.

On November 10, 2016, Law360 released an article entitled Data Analytics: How Parties Are Using Tools Beyond TAR that outlined a number of case studies where these “big data” tools can directly assist in identifying potential areas of interest or gaps in available ESI.

Continue Reading Using Metadata Reports and Analytics to Identify Trends in Your Document Population

As part of its Working Group on Electronic Document Retention & Production, the Sedona Conference recently released a “TAR Case Law Primer” that analyzes court decisions that directly or indirectly touch upon issues involving technology-assisted review (“TAR”).

The primer begins with a brief summary of Da Silva Moore v. Publicis Groupe, 287 F.R.D. 182 (S.D.N.Y. 2012), the first published opinion agreeing that TAR is an “acceptable way to search for relevant ESI in appropriate cases.” Id. at 183. Although this opinion approved the use of TAR in that case under the particular facts and issues before the court, many parties were still unclear regarding the method of implementing TAR, the appropriate level of involvement by opposing parties (if any), and whether an agreement must be reached regarding technical specifics of the TAR process.
Continue Reading Sedona Conference Releases “TAR Case Law Primer”