Six months ago we wrote a blog that was titled, “Russian Hackers Hacked”
As a Cyber Security company, Enigma Forensics is always interested in the 4W’s and 1H of a Cyber Attack. We would be remiss if we didn’t write a post about the most recent SolarWinds Hack allegedly by the Russians. Did the Russians time this cyber attack at precisely the moment in time when the United States is preoccupied? Amidst the Coronavirus shutdowns, the election results, the holidays, and the COVID-19 relief plan, it’s almost as if this particular Russian Hack completely flew under the radar.
Lately, we have been learning about a series of cybersecurity breaches by hackers, foreign attacks, or bad actors. Whatever, you want to call them the damage they caused is irrefutable. Last year’s SolarWinds hack was directly attributed to the Russian government, and recent ransomware attacks on industries, including energy, food, and transportation, have been blamed on criminal organizations based in or near Russia — possibly with the country’s knowledge and approval
The United States Department of Homeland Security (DHS) is the U.S.federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-terrorism, border security, immigration and customs, cyber security, and disaster prevention and management.June 10, 2021 – The Department of Homeland Security Cybersecurity and Infrastructure Security Agency unveiled guidance for defending against ransomware attacks targeting operational technology assets and control systems, in light of the rise in critical infrastructure attacks.
The guidance joins a host of federal agency and White House efforts to crack down on ransomware and improve threat sharing between entities, as the frequency and disruption of attacks continues to ripple across the country.
From the massive SolarWinds and Accellion hacks, to recent hospital outages and attacks against transportation entities, security leaders are increasing pressure on the Biden Administration to better combat these threats and strengthen the country’s cyber posture.
Employers beware of Trade Secret Theft. A Forensic Expert can reveal a pattern that is indicative of a departed employee. Hire an Expert (HAE) to help track stolen or misappropriated data to lessen the financial loss left in the wake by a former employee.
Departing Employees Steal Data
Employers beware of trade secret theft! The pandemic forced many employers to require their employees to work from home without appropriate cybersecurity measures required to secure sensitive data. The increased vulnerability of company trade secrets has made it extremely difficult to navigate through an employee’s departure from an organization. Enigma Forensics has over 20 years of experience helping organizations navigate through the separation of employers, partners, and employees. Even the most technically savvy employers in the technology sector have issues with trade secret theft. Check out this example!
August 2020, Former Google exec Anthony Levandowski sentenced to 18 months for stealing self-driving car trade secrets
The technology giant Google recently sued their departed superstar engineer Anthony Levandowski. Levandowski helped develop the fast-growing world of self-driving cars and was the primary executive who helped Google to grow in the self-driving car industry. For reasons we can only speculate about, he departed Google to start his own self-driving truck company called Otto.
Levandowski sold Otto to Uber in 2016
Lewandowski’s new company, Otto become the first-ever self-driving trucking company. In 2016, he entered a deal with Uber to sell Otto and joined Uber as a high-ranking executive in its self-driving division. Google’s new self-driving unit called Waymo filed a lawsuit against Uber for trade secret theft. Waymo alleged that through Uber’s purchase of Otto they gained access to Google’s sensitive technology that Levandowski allegedly illegally took on his way out Google’s door.
Levandowski settled with Waymo (Google) in a trade secret theft case
During the trial, Levandowski refused to hand over documents and as a result, became in trouble with the US Attorney’s Office. He eventually reached a deal and was ordered to pay $747,000 in restitution to Google and a fine of $97,000. Levandowski had to declare bankruptcy after another separate court ruling that found him guilty of poaching Waymo engineers. Following the aftermath of the trade secret case against Uber and Levandowski, in September 2020, Levandowski filed another lawsuit. He alleged that the Waymo case negatively affected the Otto deal with Uber, and as a result, didn’t receive the financial rewards that were promised to him. Karma always seems to creep into these scenarios.
The Same Story Over and Over Again
All too often we see the same story played out no matter what the industry, company, or corporation. For top earners, there are only a few options for them to make a change. These are two options that we typically see in trade secret cases.
The first option is to out on their own as an entrepreneur or the second option is to go work for the competition. Once a top earner joins the competition, it’s often only a matter of time before they call on trusted former colleagues to join them. The next step in pursuing employees that departed for a competitor is often hiring a computer forensics expert skilled in trade secret misappropriation investigations. An expert is an unbiased third party that will track down the data that was illegally taken, document his/her findings in an affidavit, and assist with fact discovery. Ultimately, confronting the former employee with clear facts that demonstrate the trade secret misappropriation may lead to an agreed settlement. Often times, litigation continues and leads to a trial with the evidence at issue presented in a court of law. Having an experienced expert on your side can make the difference in the overall outcome.
Enigma Forensics has assisted in many trade secret cases. Hire an Expert (HAE) and Win Your Trade Secret Case! Call Enigma Forensics at 312-668-0333 to investigate.
Electronic Medical Records can make or break a case! Do you want to learn how to unlock an Electronic Medical Record Audit Trail? Check out this complimentary MCLE (1 hour) credit seminar via Zoom, as Enigma Forensics CEO, Lee Neubecker offers keys to unlock the mysteries of the EMR audit trail. Read through this blog to register for this complimentary event.
Please join Enigma Forensics as our CEO, Lee Neubecker, as he presents:
“Keys to Unlocking Electronic Medical Records EMR”
Tuesday, May 25,
noon-1:00 p.m. Via Zoom
This complimentary program is offered for 1 hour of MCLE Credit in Illinois.
Enigma Forensics is partnering with the following sponsors: The Family Justice Resource Center
If you are facing a wrongful allegation, The Family Justice Resource Center can help. The process of overcoming a medically-based wrongful allegation is exceedingly difficult. They offer a place to turn for families facing allegations of abuse and neglect. By learning the keys to unlocking the Electronic Medical Records it will become easier to uncover the root cause of every allegation. #https://www.famjustice.org/
Center for Integrity in Forensic Sciences
The Center for Integrity in Forensic Sciences (CIFS) is the first non-profit organization in the United States to bring exclusive focus to improvement of the reliability and safety of criminal prosecutions through strengthening the forensic sciences. Its educational and service goals span legislation, all facets of the judicial system, and experiential education of tomorrow’s lawyers and scientists. Its innovative approach allows law students and both undergraduate and graduate students in the sciences to work collaboratively, expanding the knowledge and competency of students across that broad spectrum. #https://cifsjustice.org/about-cifs/
Illinois Innocence Project
The Illinois Innocence Project (IIP) is dedicated to freeing innocent men and women imprisoned in Illinois for crimes they did not commit. They advocate on behalf of this silenced population by researching and investigating claims of innocence and providing legal representation and other assistance to prove credible claims of actual innocence. #https://www.uis.edu/illinoisinnocenceproject/about/
Lee Neubecker is CEO and Founder of Enigma Forensics. We are a computer forensic company that focuses on Electronic Medical Records and Data Recovery. We are pleased to offer this complimentary MCLE credited event.
To learn more about the keys to unlocking Electronic Medical Records EMR
EMR Audit Trails as produced by Healthcare Providers during medical malpractice discovery frequently filter out important history of the patient’s medical record. Learn how to compel discovery of the patient’s complete EMR history.
Are you attempting to compel the production of a patient’s electronic medical chart and the complete electronic medical record audit trail?
Medical malpractice litigation today routinely requires obtaining the complete electronic medical record audit trail. Compelling the entire patient’s EMR Audit Trail Discovery is vital to the case. Hospitals, clinics, dentists, and other health providers are required to document patient interactions in electronic HIPAA compliant Healthcare Information Systems (HIS). Electronic Medical Records (EMR) also referred to as Electronic Health Records (EHR) are used almost interchangeably. Requesting and receiving the complete EMR for a harmed party can be a daunting process, especially when health care providers produce voluminous audit trail reports in paper form that lack any clear documentation of exactly what changes were made to the EMR.
HIPAA compliant HIS software providers are required to log all access, review, editing, and deletion of records. Such logs must include a record of the user making the change, the source computer that made the change, the date and time of the records actual creation (this can be different than the date and time stamp that appears on the printed patient chart or progress notes), and all versions of the chart as it existed at various points in time. While the HIS software providers maintain HIPAA compliance, ensuring that deleted or revised patient records remain in the HIS record, those earlier revision instances or deleted (marked inactive) records are routinely left off the patient’s printed EMR. By design, the EMR audit trail reports lack the specific modifications being made and by whom. It is often necessary to formulate your discovery request in a specific way to ensure that all audit trail logs from all of the various HIS-connected systems are produced in such a way that provides a clear understanding of health care events that took place.
The following graphic depicts the typical process involved with retaining a computer forensics expert skilled in deciphering EMR to assist with compelling discovery of the complete patient electronic medical records, including the revision history.
1. Request Patient’s Complete Electronic Medical Records (EMR)
It is important that your discovery request includes important relevant details and enough specificity to ensure you receive a comprehensive production of available information without having unnecessary filters applied. We have seen routine usage of filters such as named users, narrow start and ending dates, departments and other available filters that result in receiving an incomplete production of the patient’s EMR. If you would like a sample electronic medical record discovery request list of items, please call us and we would be happy to share our sample request with you. Engaging our firm early on in the process can help speed things along.
2. Review Produced EMR Records
Reviewing the timeline of events and the complaint to develop an understanding of the critical moments when decisions were made or not made leading to harm to the patient is usually the starting point for engaging a computer forensics expert to assist you. Following the review of the case documents, converting the EMR produced to a more usable format is important before analysis begins. Ensuring that the EMR has been OCR’s, adding page labels to the document if missing saves time downstream and allows for surgical review of voluminous EMR to isolate records of care by date, time, health care provider name, medication, or other activity. Summarizing data and performing focused reviews around key dates and times can provide important insights.
3. Identify examples of withheld records or apparent manipulation
During the review process, it is helpful to identify examples of abnormalities or notations that indicate other data referenced is not contained in the production of the patient’s EMR. Reviewing the complete EMR records produced, not just the critical dates and times, can often help establish normal patterns of EMR and can be used in contrast to critical dates and times where EMR appears to be missing from the record. Skilled and experienced EMR data forensics experts often find indicators of manipulation that may not be readily apparent to someone who is not an EMR data forensics expert. Plaintiff’s medical malpractice counsel should send a written or emailed request to the health care provider to produce apparently missing records. This documentation of asking for the missing data will be helpful later when a motion to compel is filed with the court. Judges always like it when litigants attempt to work things out first amongst themselves before seeking judicial intervention. It is not uncommon that our firm is retained at this stage when the non-expert has reviewed the EMR produced and suspects something is hinky. Having your EMR data forensic expert assist with drafting the follow-on request for missing EMR can help lay the foundation for a later affidavit in support of a motion to compel.
4. Review Supplemental Production of Records if Received
In many cases, healthcare providers will partially respond to a supplemental request for EMR. The production oftentimes still lacks the clear ability to correlate the revision history of the patient’s chart and medical record. The review of all of the EMR produced to date is important in beginning to build the argument to be included in the future EMR expert witness affidavit in support of an onsite inspection of the HIS to obtain the patient’s complete EMR including the revision history.
5. Affidavit in Support of Motion to Compel Onsite Direct Inspection
The EMR data forensics expert must lay the foundation documenting their credentials, what they reviewed, significant findings, notes of any deficiencies in the production, and establishing that additional information not produced by the health care provider may be available from performing an onsite inspection. Direct engagement with the HIS can often reveal additional details such as the actual time or original entry of a notation as well as the life cycle of modification over time showing which device was used to access or modify the notation, what user accessed/modified the record, and the current status of records entered into the EMR. Inactive or deleted notations may be revealed on some HIS systems by toggling the view settings to show inactive records. The sworn statement by the EMR data forensics expert is an important tool in winning your motion to compel and often is filed with the motion, or submitted shortly after and before the hearing on the motion. In some cases, sharing the EMR data forensics expert’s curriculum vitae with the health care provider and the signed affidavit in support of the motion to compel onsite recorded inspection of the patient’s EMR may result in an agreement to allow inspection without the court’s order or an acceptable settlement offer. It never hurts to try.
6. File Motion to Compel Onsite Direct Inspection of the EMR System
Usually, to obtain direct onsite inspection of the healthcare provider’s HIS is a request likely to encounter objections and resistance. Filing a motion to compel and providing a supporting EMR expert witness affidavit can help overcome objections. A federal U.S. District Court ordered a hospital to provide such direct access to a patient plaintiff in a medical malpractice case. (Borum v. Smith, W.D. Ky. No. 4:17-cv-17, 2017 U.S. Dist. LEXIS 109249 (July 14, 2017)). The court’s decision and arguments can be viewed at this link. Onsite inspections can also be performed using remote control/viewing software such as WebEx, Zoom, TeamViewer, and others if the court allows and so orders. Typically, healthcare provider staff or HIS software consultants with administrative access to the HIS will perform the actions directed by the plaintiff’s EMR consultant and allow for recording screenshots of the patient’s EMR as viewed within the software.
7. Court Testimony in Support of Motion to Compel Onsite Direct Inspection
Having your EMR expert present in the hearing on your motion to compel usually takes place in person or via a remote video conferencing tool such as Zoom. Since the outbreak of Covid-19 began to escalate in 2020, courts have become more comfortable with allowing remote experts to appear via electronic video conferencing, making it easier to retain the most knowledgeable EMR computer forensics expert witness without concerns over the geographic location of your expert witness. Allowing the judge to ask questions of your EMR expert witness directly and assist you with responding to any raised objections has been proven to be highly effective in winning the motion to compel onsite inspection of the plaintiff’s EMR.
8. Onsite Inspection
Once the court has granted the motion to compel an onsite inspection, it is important to ensure that any in-person meeting isn’t a waste of everyone’s time. Problems that can arise include the health care provider producing someone to operate the computer terminal who is not knowledgeable about how to use the HIS or that lacks full administrative access to the complete backend databases containing detailed historical information including revision history of the EMR. In some cases, such as Cerner and Epic, some screens can be viewed in the software that will show progress notes and the revision histories including the user name modifying or entering the record and the times the record was updated by the user. In other systems, it may be necessary to access the back-end database system with administrative credentials to perform Structured Query Language (SQL) queries to identify the relevant record history. Having an EMR expert that has experience writing SQL database queries is important when the HIS doesn’t offer a built-in report or display view that can show the complete historical record of events.
9. Review Records Captured Onsite
Following the onsite inspection, it is often necessary to review in more detail the screenshots and video footage documenting the EMR in the HIS. Reports generated during the onsite may need to be compared against earlier productions of EMR to help document any records that were withheld. Where it is provable that the healthcare provider withheld patient EMR, it may be possible to petition the court to order reimbursement of expert witness fees associated with the consulting engagement.
10. Write Final Report
Many times, a final report is not necessary. Typically, once it is established that records were withheld, or it is believed to be known that this may be the case, it is more often than not that a settlement offer is made to the plaintiff when obfuscation or manipulation of the patient’s EMR took place. If no acceptable settlement is reached, writing a final report in the form of a sworn affidavit to detail the delays and extra costs associated with discovery is important for petitioning the court to award expert fees. Other times, the data obtained from the onsite inspection can be presented without a report or sworn affidavit. Photos and videos can sometimes avoid the need to generate a final report.
11. Expert Witness Deposed
Should an acceptable settlement offer not have been reached, the EMR expert witness will be deposed. This typically is preceded by a request for the disclosed expert witness’s communications with counsel and any work product or notes. Working with an EMR expert witness that has been deposed numerous times and has achieved successful outcomes following the given deposition can make or break your case. If the defense counsel can undermine the credibility of your expert, the admissibility of any of the opinions sworn to by your expert may be excluded. If your EMR expert witness is successful at establishing that records were held back or manipulated and provides a reliable deposition in support of those opinions, your case matter is likely to receive a reasonable settlement offer proportionate to the offenses and harm caused to your client.
12. Trial Testimony
It is rare that you will need your EMR Expert Witness to testify at trial regarding manipulation or withholding of evidence. If the facts exist and have been produced, they often speak for themselves. Many healthcare organizations face frequent malpractice litigation. If it is established in the public record that a healthcare organization permanently deleted a patient’s EMR, that organization could lose Medicare/Medicaid funding for not maintaining HIPAA compliance, a problem that could far exceed paying out a settlement to a single aggrieved party.
13. Case Settles
Medical malpractice cases often settle when it has been established that the records have been altered to distort the true record of patient care. Having news reports published detailing how a healthcare organization manipulated historical patient EMR to mask a mistake resulting in the harm of the patient would only invite more litigation by other harmed patients. In the interest of protecting their organization from further litigation and more intrusive discovery, healthcare organizations need to maintain their profitability and minimize costs paid out for ongoing litigation.
When you are getting stonewalled by a healthcare organization and feel that you are receiving cryptic EMR audit trails, or a production that is missing data that should exist, having an experience EMR computer forensics expert witness and consultant on your side can help you achieve a better outcome for your client. If you would like to discuss a case matter with us, we are happy to provide a complimentary consultation. Call us today at 312-668-0333.
Trade secret theft of intellectual property, data misappropriation or corporate espionage is a growing trend. All are considered criminal acts that cost employers and employees millions of dollars and future income. This growing trend has attorney’s teaming up with data and computer forensic experts to find the smoking gun and save their clients a great deal of money. Ultimately saving companies or businesses that may be at risk of closing!
How to Avoid Trade Secret Theft of Intellectual Property and Data Misappropriation?
Corporate trade secret theft of intellectual property and data misappropriation with a competitive international company. All sounds right out of a James Bond movie!
Employee Resigns but Doesn’t Tell He Will Be Working for the Competitor
In September of 2015, an employee of a metal company was caught red-handed at O’Hare International airport with his luggage filled with company documents. That employee was Robert O’Rourke. O’Rourke was unhappy working for Dura-Bar, a McHenry County metal manufacturing firm he started working for in 1984 as a metallurgical engineer and eventually became a salesperson. He accepted a new position for a Chinese competitor named Hualong as Vice President of research and development. When he resigned he didn’t tell Dura-Bar management he was going to work for Hualong company. A company that manufactures cast-iron products and is in direct competition with Dura-Bar. On his last day of work, O’Rourke goes out for drinks with some of his colleagues. He slips up and tells them he is going to work for Hualong.
Departing Employee Downloads Electronic Data and Documents Belonging to the Company.
According to evidence at trial, in late 2013, O’Rourke began several months of negotiations to take a similar job with a rival firm in Jiangsu, China. While still employed at Dura-Bar, he then downloaded electronic data and documents belonging to Dura-Bar without authorization two days before officially leaving the company. The following week, he packed up the proprietary information and went to O’Hare International Airport in Chicago to board a flight to China. Federal authorities intervened at the airport and seized the stolen trade secrets from O’Rourke before he could travel to China. Gotcha!
Employee Charged and Convicted
About four years later, in October 2019, a federal judge sentenced a 30-year employee of a McHenry County manufacturing firm to a year and a day in federal prison for stealing trade secret information while planning to work for a rival company in China.
Hire an Expert (HAE)!
Enigma Forensics has over 20 years of experience. We work with attorneys on recovering and proving trade secret theft of intellectual property and data misappropriation for their clients. Criminal acts such as these can cost companies millions of dollars to defend and recover damages. Companies need to protect themselves by setting up protocols to alert when large quantities of data are being downloaded. To further protect themselves, employers must use non-compete agreements when hiring employees that work with proprietary company information.
Rarely do we hear about trade secret theft and misappropriation in the food industry. It happens! Read about this high profile case involving a famous food celebrity chef!
America’s Test Kitchen (ATK) sues Christopher Kimball for Misappropriation of Trade Secrets
Here is another example of trade secret theft. Check out this blog to see how business and personal emails played a role in the misappropriation of trade secrets. Yes, there is trade secret theft in the food industry!
Who isn’t a fan of cooking shows?
Have you ever watched American’s Test Kitchen (ATK) on public television? In addition to the show, ATK is a multimedia company that has holdings in public television programs such as America’s Test Kitchen, Cook’s Country, cooking magazines and books, and several websites? Who knew? We love watching celebrity chefs like Christopher Kimball and other specialized professionals test the great American recipes like meatloaf, roast chicken, and apple pie!
Trade Secret Missappropriation Lawsuit or Foodie Divorce?
Christopher Kimball was the face and personality behind America’s Test Kitchen and Cook’s Country. In November 2015, Kimball left ATK’s program and started his own program called Christopher Kimball’s Milk Street. When two parties split it’s called a divorce, well, you guessed it, ATK sued Christopher Kimball, the co-founder, part owner, celebrity chef, and the former host of its TV shows. Almost a year later, America’s Test Kitchen Inc. filed a lawsuit on October 31, 2016, as the Plaintiff. They wanted Kimball to change his business model. We call this a foodie divorce.
ATK said Kimball duplicated what he did on the show on Milk Street and that he misappropriated its trade secrets and breached his fiduciary duty to the company. In addition, they claimed that while Kimball was working at ATK as he actively created his new company Milk Street. According to ATK, Kimball stole its collection of recipes, TV show ideas, media contacts, and subscriber information. As a result, ATK sought damages against Kimball and wanted a large sum of all profits that he has derived through the use of the trade secrets he allegedly misappropriated from America’s Test Kitchen. Other defendants named were Melissa Baldino, Kimball’s wife and a former executive director of ATK, Christine Gordon, and Deborah Broide. ATK claimed they aided and abetted Kimball’s breach of his fiduciary duties.
Non-Compete Agreement between ATK and Kimball
It seems that ATK and Kimball did not have a formal non-compete agreement in place. To protect intellectual property, corporations use a non-compete agreement where the employee agrees not to enter into competition with the employer during or after employment. If an employee departs and takes intellectual property without permission that’s considered trade secret theft and misappropriation.
It’s all in the Email!
This case is an example of where most evidence of trade secret misappropriation can be found. It’s all in the email! A variety of emails were attached to the complaint that included notes between Gordon and real estate brokers, between Kimball and an IT consultant covering such issues as how to copy and store tons of recipes. There were emails discovered between Broide and Kimball regarding the media lists; between Gordon and the ATK help desk about whether company scanners would keep copies of documents she scanned.
The Foodie Divorce finally settled!
To all our fellow foodies the good news is that both parties settled. Kimball agreed to return his ATK shares to the company for an undisclosed price. In the end, they agreed to business terms that will allow America’s Test Kitchen and Kimball’s company, Milk Street to co-exist. Giving us foodies the benefit of watching both shows!
Enigma Forensics is a computer forensic company with litigation experts that partner with attorneys to represent plaintiffs and defendants to help prove their case. We dig for evidence of trade secret theft or misappropriation of intellectual property. Most of all we are foodies! We found this story about trade secret theft and misappropriation in the food industry fascinating and wanted to share.
Hiring an expert in electronic medical records (EMR’s) will help uncover record manipulation that will assist law professionals in winning medical malpractice cases for their clients. Check out this blog to see how a Kentucky woman waged a monumental fight against the medical system that failed her!
A site visit by an expert pays off, a Computer Forensic Expert Finds the Smoking Gun in the Electronic Medical Record (EMR) audit trail!
Kim Johnson noticed a lump on her right breast and because her mother died of breast cancer she feared the worst. In January 2015, she went to Fleming County Hospital in Flemingsburg, Kentucky, to get a mammogram. When she received a letter from the hospital that proved she had “no evidence of cancer”, this Kentucky mother of eight breathed a huge sigh of relief. Several months had passed and the lump continued to grow so she decided to get a second opinion. She was horrified to learn she has stage 4 cancer.
Sadly, Fleming County Hospital had sent the wrong letter, giving Johnson the all-clear instead of directing her to return for a follow-up examination. In September 2016, Johnson filed a lawsuit against the hospital claiming doctors misdiagnosed her, and that two employees deleted evidence of the letter saying she didn’t have cancer. How did she know this?
She hired a digital forensic expert!
Ms. Johnson and her lawyer’s hired a digital forensic expert skilled in examining EMR audit trails. During a court-ordered on-site visit, they found employee EMR entries that edited the history and deleted the evidence of the erroneous letter claiming that she was cancer-free.
In the wake of the misdiagnosis by the hospital, Ms. Johnson is left with a long battle with cancer. If her cancer would have been recognized at an earlier stage her quality of life would have been different as a result. She trusted the system and it failed her.
Who protects the patient? The HIPPA law ensures accountability
Required by the Health Insurance Portability and Accountability Act (HIPAA), hospitals and healthcare providers are to maintain an audit trail of all access, entry, and modification of the patient’s EMR to ensure accountability. Hiring a computer forensics expert that has experience with examining Health Information Systems (HIS) and the related EMR audit trails that can make or break your case. Call Enigma Forensics staff today if you think you may have a case requiring similar assistance. 312-668-0333.
Trade Secret theft = loss in revenue. Use your spider sense when someone from your team departs the company. They can unsuspectedly upload electronic data to the Cloud for later use that will drain your company of future revenue and present an immediate loss! Be aware-hire an expert to forensically image the departed employees hard drive. It will save you money and headaches!
Every company will have an employee leave but how do you protect the company’s trade secrets from leaving with them?
It is more common that you know for employees to leave for a competitor. On their way out the door, they will take with them proprietary data that can result in great harm to an organization including; loss of employees, customers, and important revenue streams. If someone on your team recently left your company and is suspected of having joined a competitor, it is vitally important to take immediate steps to protect your organization’s electronic assets.
What types of data do departed employees take?
Enigma Forensics has seen it all! 1. Client Lists 2. Blueprints 3. Historical quotations 4. Programming files 5. Source Code 6. Rebate levels offered from various vendors 7. Supply Chain information 8. Business protocols that competition can replicate
Hire an Expert!
When investigating departed employees the first step is to create a forensic image of the past employee’s hard drive. We recommend NOT to ask an internal employee to perform this task but most importantly hire a qualified computer expert from outside your company. This avoids any underlying loyalty current employees may have for the departed team member. An expert is trained to ensure the chain of custody is preserved so that it can be presented during a trial. Many have learned that hiring an expert is worth every dime!
What are the benefits?
Enigma Forensics computer experts will look for all types of activity that took place, including websites visited, files accessed, files transferred to external media, files uploaded to DropBox or other cloud accounts, concealment activities; encryption, and deletion of electronic evidence.
If your company is on the other side of a trade secret misappropriation litigation, we encourage you to hire an expert that will perform an initial assessment of the new employee’s activities. This will provide you with the benefit of knowing if the employee did something that could prove harmful to your company. It’s not uncommon that misappropriated trade secrets are done without the new employer’s knowledge. Yet, the new employer can be named in litigation as a co-defendant! Ouch!
Enigma Forensics has worked for both the plaintiff and defendant in trade secret litigation. Our experts are CISSP certified, what is CISSP? Certified Information Systems Security Professional. This advanced level of certification is considered the gold standard in the field of information security. It is a globally recognized certification offered by (ISC)2. (ISC)2 is known to be the world’s leading organization specializing in certifications and training for professionals in the cybersecurity domain. Click here to learn more about ICS2. https://www.isc2.org/
Call Enigma Forensics at 312-668-0333 for a complimentary consultation.
The universal implementation of electronic medical records (EMRs) has become the single most important piece of evidence used in medical malpractice litigation. In response to an EMR Discovery request, healthcare providers use various filters to create useless or hard to read data. Hire an expert to help you weed through the audit trail and to present Discovery requests relevant to the case.
Healthcare providers use filters to withhold electronic medical data when complying with a court order and producing EMR audit trails. During the discovery period, EMR audit trails are commonly used as the single most important piece of evidence in medical malpractice litigation. Knowing evidence is in the details, has led to a chess game of filters proving “Not all electronic medical records (EMRs) productions are created equal!” Figuring out how electronic medical records (EMRs) are filtered is a game changer!
Follow the filters!
When counsel requests a patient’s electronic medical records (EMRs) to review for evidence, the production is often delivered in non-electronic limited formats, such as; scan documents, PDF, or image files. Filters provide limited format productions of (EMRs) therefore it becomes extremely difficult to read and find evidence. Are hospitals and healthcare facilities doing this on purpose? Are they filtering their production to include irrelevant information with very little details about the event in question? They are not making it easy that’s for sure. In truth, they are complying with the court order and producing files that include the electronic health records of the plaintiff. They’re just not providing data information in its completeness. Using filters to produce audit trails is fairly common, but for the injured party and representing counsel these tactics are extremely excruciating. Requesting electronic medical records (EMR’s) is now a challenging game of filtering chess!
Forensic Experts know how to request data essential to your case.
It is quite common that hospitals and healthcare facilities use a variety of filters that will result in an incomplete production. When forensic experts study the production headers they uncover filters that were used to produce an incomplete EMR audit trail. Experts know how to ask for relevant data and dig deeper to find evidence.
Filters, Filters, and More Filters!
Date filters that are applied could exclude alteration of records after the event took place. We suggest the best practice is to use the earliest known date prior to the medical event as a starting point and place the end date the same as the current date of the request. Pushing the end date to reflect the current date will show who looked at the record post-event.
Department filters will only return records that are from one particular department, such as radiology or another department.
Employee filters include specific employees of the healthcare facility. If an EMR record only shows entries related to a physician’s user IDs this can be problematic. It’s important to know all of the names and user IDs of all healthcare providers that visited the patient.
Workstation filters are specific to desktops and/or workstations and could be the cause of incomplete production.
Location filters are used by healthcare providers to limit the full scope of production. It is not uncommon for physicians to access important medical records remotely. This could cause manipulation of data by remote access and filter out data after the event in question.
Enigma Forensics has years of experience developing requests for electronic medical records (EMRs). Our experts know how to ask the right question to retrieve the necessary data to be used as evidence. Save yourself time and expense and hire an expert! Our experts are CISSP certified (Certified Information Systems Security Professional) that provide testimony as a professional witness in a court of law.
Please call Enigma Forensics at 312-669-0333 for a complimentary consultation.
Have you or someone you know been involved in medical injury or accident? Do you want to win your case? Or…If you’re an attorney and have questions about a case involving medical malpractice, read this blog and contact Enigma Forensics for the “W”.
Were you or a loved one involved in a medical accident or injury? Are you an attorney who is representing an injured client?
If the answer is yes, take immediate action and file a Discovery request or subpoena to access all of your Electronic Medical Records (EMR). Why is this important? In order to prove injury or malpractice and win your case it’s imperative to discover what took place and the actions that caused an event. Your electronic medical records or EMR audit trail will document what transpired. EMR audit trails will include prescriptions, tests, treatments, transfers, operation notes, nurse practitioners and doctors notes and a ton more. Electronic Health Records (EHR) are rich with data information describing the care that was provided and decisions that were made good or bad. Some medical record systems such as Epic have sticky notes that are traditionally not part of the formal patient permanent electronic record. Those sticky notes are required to be stored by the Health Insurance Portability and Accountability Act (HIPPA), but are not part of the discharge report showing the patient electronic medical record history. The data does exist and working with a qualified medical record forensic expert can help you to gain a more complete record of the patient encounter with the health care provider.
What else does Electronic Medical Records (EMR) include?
Electronic Medical Records and the patient medical record audit trail include the original record and will note any modifications. It will also preserve dates, times, who accessed the record and whether the record was printed, viewed, deleted or otherwise modified. Many of the systems today, such as; Epic, Cerner, Meditech, All Scripts and others have reports that can be downloaded to reveal vital information about who has authorization to access and audit electronic health records.
Medical dictations are another vital piece to the puzzle. Dictation files are sometimes sent to third party transcription service providers as raw audio files called WAV files. After the WAV files are received they are typically transcribed to text files and fed back into the electronic health record software system. When modification of the patient medical record occurs after an injury or malpractice took place, comparing the transcription WAV files to the produced chart may help reveal alteration to the patient medical records.
Patient Electronic Medical Charts are often Incomplete. You could lose your case!
When electronic medical record discovery requests are made by plaintiffs to healthcare providers, it is common that the production lacks the complete patient medical record history. Healthcare providers facing litigation commonly provide a minimal amount of data in an often useless format. The form of production is often scanned copies of previously printed our documents or charts. Codewords for health care providers, departments and procedures often make interpretation even more challenging. Having an experience EMR computer forensics expert can help provide a more accurate interpretation of the complete Electronic Health Record (EHR) for the harmed patient.
The Health Insurance Portability and Accountability Act of 1996, or HIPAA is a federal law which requires your medical records to be retained for six years at a federal level. However, most states also have their own medical retention laws which can be more stringent than HIPAA stipulates. Check out this government website to learn about how different states interpret this governance. https://www.hhs.gov/hipaa/for-professionals/privacy/index.html
How important are faxes? This could win your case!
In some cases, Electronic Medical Records (EMR) are faxed to outside providers either to or from your primary physician. Software vendors such as Forward Advantage provide automated faxing capabilities integrating with the existing health care information management systems and patient medical records. It’s vital you request all communication between facilities to help prove or disprove what and when medical knowledge was presented to the provider to make an informative decision relatable to an event.
Let’s say you have already requested an EMR audit trail for a patient. Did you know that the Electronic Medical Records (EMR) audit trail you received contains cryptic codes that you will not be able to comprehend. It’s extremely helpful to request all of the underlying data dictionaries that will provide the definition of the codes used referring to the friendly name, including, the healthcare provider’s name, department, computer used to access the EMR, procedures, treatments, tests ordered, drugs prescribed and lab results.
Did you know that medical data is required to be retained for six years?
Do you want to to win your case! You need Enigma Forensics experts on your team! Hire a professional forensic expert to assist in writing a Discovery request to obtain, preserve and analyze ALL of the electronic medical records and to help you obtain the complete EMR audit trail. We can help uncover the truth of what took place and help tell the court the story about what happened to you or your client.
Call Enigma Forensics at 312-668-0333 to schedule a complimentary phone call to discovery how we can assist.
Enigma Forensics experts investigate, preserve and recovery data to prove or disprove Trade Secret Theft. We have assisted many clients in financially recovering what was stolen from them or to help clear their name. Are you interested in learning more about trade secret theft? Check out Tesla’s latest law suit against a former software engineer.
A large portion of our business is forensically recovering and preserving data that is vital in proving or disproving trade secret theft. Enigma Forensics experts love to follow Tesla! We love the look of their beautifully engineered electric cars and we’re very interested in Elon Musk, the controversial character behind the engineering. Who is now labeled the most wealthiest man in the world. Our interest was piqued when we heard about Tesla’s latest lawsuit and that prompted us to write this blog.
On January 22, Tesla filed a lawsuit against Alex Khatilov, a former software engineer over Trade Secret Theft and Breach of Contract. Tesla contends that within days after Khatilov started his position on December 28, 2019, he began stealing thousands of highly confidential software files from Tesla’s secured internal network, transferring them to his personal cloud storage account on Dropbox to which Tesla has no access or visibility.
How did Tesla discover this trade secret theft or misappropriation of data?
On January 6, Tesla’s information security personnel detected Khatilov’s unauthorized download of a complete set of all the automation scripts produce by the Quality Assurance Engineering team for WARP Drive over the last twelve years! He was confronted the next day via Microsoft video chat due to Khatilov working remotely because of COVID-19 restrictions. Khatilov claims he installed a Dropbox desktop application to his Tesla issued laptop to allow him to upload administrative files to his personal Dropbox. He swore over and over that he only transferred administrative documents and then when he finally shared his screen with Tesla investigators he could be seen deleting the Dropbox files while on video chat confirming he had willfully destroyed evidence.
Why all the fuss?
How important are these scripts? These scrips are unique to Tesla and run on WARP Drive, the backend software for much of Tesla’s business. These files consisted of “scripts” of proprietary software code that Tesla has spent years of engineering time to build. When executed, these scripts automate a broad range of functions throughout Tesla’s business and only a few select employees have access to these files. It gets better! This is the good part…Khatilov contends he forgot about downloading thousands of confidential files!
The reality of this trade secret theft or misappropriation of confidential data is that Tesla has no way of knowing whether Khatilov copied the scripts onto a thumb drive, a mobile device, or a cloud based storage or most importantly sent them to another individual. To understand more thoroughly how important these “scripts” or trade secrets are…They map out Tesla’s innovations! Making them extremely valuable and beneficial to any competitor.
What measures ensure against trade secret theft or misappropriation?
Tesla limited the “scripts” access to only members of the Quality Assurance Engineering team in which Khatilov was one of forty employees to have access. The engineers that have access are not permitted to download scripts to the cloud or personal devices. This makes us wonder how Khatilov was able to download data!
Only eight people within the Tesla company are approved to grant access to these scripts.
Each engineer signs an extensive employment agreement and agrees to policy conditions of their employment with includes a non-disclosure agreement (NDA), that holds each employee to the strictest confidence of proprietary information, technical data, trade secrets so on and so forth.
The NDA also states that upon termination or departure each employee will immediately return to the company all original document electronic or hard copies.
Each physical facility has restricted access to only authorized personnel that are monitored by security guards and cameras.
All visitors must check in with security, sign a NDA, submit to a photograph and be escorted by an employee.
Tesla also used password-protected and firewall-protected networks and servers that are only accessible to current Tesla employee with the proper credentials.
Moral of this story is…
Even high level technology companies has issues with trade secret theft. If your company suspects something like this, immediately hire a computer forensics expert to electronically preserve data of soon to be departing or a departed employee that has already left the company. Enigma Forensics can analyze data that was misappropriated or stolen to help clients recover financial loss.
Enigma Forensics offers step by step advice on what to do if you cell phone has been lost or stolen.
Enigma Forensics has recently received many calls regarding lost or stolen cell phones. So we put together 7 easy steps on what to do. You may have been involved in a crime where someone stole your phone or you could have lost or misplaced your phone. Either way, you know the feeling, it’s a sinking panic in the pit of your stomach. There’s no doubt it can be devastating! Here are some easy steps you can take to avoid this monumental headache. First a foremost DON’T PANIC. Take a deep breath and think logically through these steps.
Step 1 – You’ve discovered your cell phone has been lost or stolen – ask a friend or someone close to use their phone to call your number. If that doesn’t work try to locate your phone on another device that is connected to your Mobile App. Then text your phone. If it’s lost someone might be a good samaritan and want to return the phone. If you were involved in a crime contact the police department and file a report.
Step 2 – Check out your Mobile App or your phone’s native “find my phone” feature. If you have other devices in your home, log on, and try to use the locator.
Step 3 – Call your cell phone provider to inform them of a lost or stolen phone. They can assist you in what actions you need to take next. If you have insurance on your phone you will be able to replace it with minimal cost.
Step 4 – If you have any banking, or other important financial Apps on your phone contact them immediately to let them know your predicament. Most banks allow you to pause your financial cards while you locate your phone. Notify the credit reporting agencies to put a freeze on new accounts being opened in your name.
Step 5 – Always back up your cell phone. We know, this is easier said than done! You can make it easy on yourself if you schedule a calendar date and set a reminder.
Step 6 – If you lock your phone and rotate your passwords this could help avoid most of the headaches involved.
Step 7 – Have your cell phone carrier revoke your old SIM card to prevent any outside party from texting your contacts from your cell phone or another cell phone they may use with your SIM card.
Finally, keep calm and face each step with determination to resolve the matter.
Will 2021 become the year of heightened cyber security? What will it take for the U.S. Government get their act together? Here we are reported yet another cyber attack that gained entry through a supply chain. 2021 Year of Cyber Security!
As a Cyber Security company, Enigma Forensics is always interested in the 4W’s and 1H of a Cyber Attack. We would be remiss if we didn’t write a post about the most recent SolarWinds Hack allegedly by the Russians. Did the Russians time this cyber attack at precisely the moment in time when the United States is preoccupied? Amidst the Coronavirus shutdowns, the election results, the holidays, and the COVID-19 relief plan, it’s almost as if this particular Russian Hack completely flew under the radar.
The attackers gained entry by using a software update sent out by Texas-based software company SolarWinds, which counts multiple U.S. government agencies as customers. In early December 2020, the news media reported at least 200 organizations, including U.S. government agencies and other companies around the world, have been hacked as part of this suspected Russian cyber attack.
The New York Times reported on December 13, 2020, “The Trump administration acknowledged on Sunday that hackers acting on behalf of a foreign government almost certainly a Russian intelligence agency, according to federal and private experts — broke into a range of key government networks, including in the Treasury and Commerce Departments, and had free access to their email systems.” We can’t find any reporting on what information was stolen.
Who raised the alarm?
It looks like FireEye, a computer security firm first raised the alarm about the Russian cyber attack after its own systems were compromised back in early Spring of 2020. What perfect timing to stage an attack considering the whole country is preoccupied with the rise of the pandemic! FireEye discovered a supply chain attack that was accessed through SolarWinds Orion business software updates in order to distribute malware that they called “SUNBURST.” Experts agree this is the work of highly-skilled actors and was performed with significant operational security. But, the real issue is why didn’t the government cyber protection agencies that are sworn to protect recognize the breach? It took an outside company to inform them of the cyber attack.
Where was the Cyber Attack aimed?
In this case, the U.S. government agencies seemed to be the target. As noted before, the hack was done through what is called a “supply chain attack,” in which malicious code is hidden in legitimate software updates and meant to target third parties. Could it have been the Chinese masquerading as the Russians? President Trump laid claim that there was potential it could have been the Chinese and not the Russians.
When was the Attack Noticed?
As reported by the New York Times, in a statement after a briefing for committee staff members, Senator Ron Wyden of Oregon, who has often been among the sharpest critics of the National Security Agency and other intelligence agencies, said that the Treasury Department had acknowledged that “the agency suffered a serious breach, beginning in July, the full depth of which isn’t known.” But no one will say just how serious the breach was!
Today, as reported in the Hill, the headline reads, “Intel vice chair says government agency cyber attack ‘may have started earlier’.” Sen. Mark Warner (D-Va.), the vice-chairman of the Senate Intelligence Committee, said on Wednesday, December 30, 2020, that the cyberattacks on U.S. government agencies reported at the beginning of the month may have begun earlier than previously believed.
How did the Hackers Hack?
The hackers used malicious code inserted into legitimate software updates for the SolarWinds Orion software. This allowed the hacker to remotely access the victim’s electronic environment. In order to avoid detection, they used a very small footprint and went to significant lengths to lay low and blend in. Very stealth-like in nature! The malware attacked slowly and moved with precision, covering its tracks and using tools that were hard to detect. Does this sound familiar?
Check out another Enigma Blog
Related Articles – Recent North Korean Hack on Google
EMR or EHR are synonymous. Both are medical records. The electronic medical records or EMR reveal an audit trail of what transpired during a medical or health visit. Each record is unique and tells a story about the patient. We are experts that can assist you to win your case!
Electronic data records are taking the place of the old school hard copy files and completely revolutionizing the way data is gathered and stored. Electronic Health Records (EHR) or Electronic Medical Records (EMR) are synonymous with each other. (EHR) is data that includes the patient’s vital information such as an address, medical history, allergies, immunizations, lab tests results, radiology images, and vital signs, also, personal statistics like age, weight, sexual orientation, and insurance information. (EMR) is an individual’s private health data that is stored in a protected database only accessible to medical personnel in compliance with The Health Insurance Portability and Accountability Act (HIPAA) regulations. EHR’s or EMR’s make patient charting easier and results in fewer errors and keeps this delicate personal information private and secure.
Medical data can be manipulated!
Medical data can be altered and inserted into EMR systems and made to look like it was there all the time or not there at all. Medical malpractice lawyers rely on EMR audit trails to tell the story of either side of a case; the plaintiff or the defendant. Medical records are marked by metadata or raw data. This data is developed separately from the EMR system making manipulation detection visible by reviewing the raw data and the database logs. Metadata can also be described as underlying data, like a digital footprint that creates an audit trail. In order to analyze raw data, you will need to hire Enigma Forensics; we are experts in the field of electronic medical records (EMR) or (EHR).
During a forensic review of EHR’s or EMR’s, we can authenticate or reveal backdating, back charting, data editing, or falsification of records. We have been on both sides of medical malpractice cases and almost always save our client a considerable sum of money. We work closely with the attorneys involved to help with eDiscovery verbiage and assist with what to look for.
Enigma Forensics are experts in collecting and understanding electronic medical records or the EMR audit trail. Check out this blog to view our list of EMR Discovery Questions.
Electronic Medical Records (EMR) can be tricky! In most cases, during eDiscovery, you get what you ask for and only what you ask for! Every Discovery request involving a healthcare provider has unique aspects that need to be considered.
Enigma Forensics is an established Computer Forensic Expert Witness firm that has been involved in many medical malpractice cases and specializes in interpreting electronic medical records (EMR) audit trail or audit logs. Our staff has extensive experience with numerous EMR applications and can assist you with navigating through the challenges of EMR Audit Trails and/or Audit Logs. Electronic Medical Record a.k.a., EMR audit trail or log is the answer to who knew what when, in essence, it tells the story about what took place during the treatment of that patient.
The following is a list of important questions to file for the demand for eDiscovery for Electronic Medical Records, in a medical malpractice case.
Provide the name of all medical software applications utilized to store [Patient Name]’s Electronic Medical Records (EMR).
For each medical software application that contains [Patient Name]’s EMR, please provide the specific version of the software as well as the name of the company that produces the software during the relevant time period beginning on [beginning date] through the present date.
For each medical software application that contains [Patient Name]’s EMR, please indicate if any of the specified software applications were migrated off to a new platform and what the current status is of [Patient Name]’s EMR on the original system.
For each medical software application that contains [Patient Name]’s EMR, please provide the application administrators that have full access to the stored data and audit trails.
For each medical software application that contains [Patient Name]’s EMR, please provide all user and administrator manuals for each of the medical software applications.
For each application that contains [Health Care Provider Name]’s EMR, please provide the current retention settings for the audit trail for all patient’s EMR. Are the privacy log retention settings sent to a secondary audit log (e.g., Fair Warning)? Is the secondary audit log retention configurable within the systems and/or applications?
For each application that contains [Health Care Provider Name]’s EMR, please provide the earliest date that [Patient Name]’s EMR appears in the application’s audit trail.
Please provide the complete EMR audit trail for [Patient Name] detailing any health care provider’s access, review, modification, printing, faxing, or deletion activities in a comma-delimited format with any and all corresponding native files that may relate to the Electronic Medical Record for [Patient Name] as required by the Health Insurance Portability and Accountability Act § 164.312(a)(1). Such an audit trail should include the original values and new values for any alteration of the EMR and shall indicate the user making the change and the date and time of the change.
Please provide the data dictionary for each software application containing [Patient Name]’s EMR. Such dictionary shall include the username key that maps the real names of individuals to their unique user login account IDs for each medical software application containing any EMR for [Patient Name] as required by the Health Insurance Portability and Accountability Act § 164.312(a)(2)(i). Additionally, any lab test, codes, or other short-form identifiers included in [Patient Name]’s EMR Chart or EMR audit trail should be provided as part of the data dictionary production.
Please provide any and all original voice transcription recordings that were made by [Health Care Provider Name], or any other staff that related to [Patient Name].
Please provide any other native electronic files or emails that relate to [Patient Name] in the native format with an index containing the original unmodified metadata for each of the native files or emails produced.
Please provide any DICOM files that were captured as part of [Patient Name]’s treatment by [Health Care Provider].
Please provide electronic records of any outbound faxes and/or other methods of communication that were utilized by [Health Care Provider Name] to [EMR Recipient], in its native form with a corresponding comma file listing containing all available metadata in a delimited format with the corresponding file path to the native file produced for each record.
Please provide the name and title of the person most knowledgeable for the [Health Care Provider Name]’s software/auditing and compliance system.
What customizations and settings were active at the time when the plaintiff was admitted into the hospital? What privacy-related logging is in place for each such system and/or application? Are privacy log retention settings in place for each such system and/or audit log?
Was the COVID-19 Pandemic a wake up call for those businesses who are dependant on the world’s supply chain? Let’s face it everyone is dependent in one way or another on the world’s supply chain. But do we really understand what’s going on? Check out this video blog as experts take a look at the supply chain and the impact of COVID-19.
What’s going on with the world’s supply chain?
Enigma Forensics is wondering about the impact the Coronavirus/COVID-19 pandemic has had on the world’s supply chain. Lee Neubecker sits down (virtually) with Geary Sikich from Logical Management Systems. Both agree the spread of Coronavirus/COVID-19 has been a wake-up call for the world.
First of all, we think it’s safe to say everyone is feeling the impact of COVID-19! It has been devastating for every human being on the planet. What have we learned? Supply chains that carry life-saving products were pinched off and that presented a huge shortage sending the medical professionals and government agencies scrambling to provide much-needed protective medical supplies. Many businesses are dependent on global sourcing and have now found themselves facing hard choices amid the supply chain disruptions.
Both Lee and Geary, agree shipping is an under-reported issue that has been negatively impacted by COVID-19. We all know the story of stranded cruise ships that were quarantined at sea and as a result cruise ships became super-spreaders of the virus. But, what about the shipping industry? Specifically, cargo, oil tankers, and container ships. We know these types of goods transports have limited crews, to begin with, and now we have learned that some of these ships have been quarantined at sea. If they make it into port they are quarantined based on the fact the products they are transporting could possibly be infected. Check out this video to learn more about the COVID-19 impact on the supply chain.
Was COVID-19 pandemic a wake up call?
Lee Neubecker (LN): I am here today with who is that? Geary Sikich, you wore your mask.
Geary Sikich (GS): Yes I’ve been completely protected with this mask.
LN: Is that comfortable?
GS: No, it’s hot and it is made out of rubber. So it’s to kind of a, not the greatest mask in the world if you choose to wear one but it’s good for comedy and it’s almost Halloween so.
LN: So how much did that set you back?
GS: $10 on Amazon
LN: Now how’s the breathability of that thing?
GS: Actually the breathability is pretty good. It actually is pretty good. Then, the biggest issue you face with it is just that you’re going to have body heat kind of contained. If you don’t wear it for a long period of time or you don’t have headphones on you should be okay.
LN: So I had you on the show today. I wanted to ask you some questions about what impact the COVID-19 pandemic is having on our trade environment with imports and exports.
GS: So in general, as the pandemic started to evolve, we saw the impact in a number of different areas. There was a lot of impact on the cessation of imports by countries China, for example, ceased and used force measures to stop oil shipments from coming in. The US has had a big backlog on all their ports, because of concern over making sure that what’s coming into the country is not tainted. The bigger impact and this was one that really is kind of been under-reported if you will, has been that the shipping industry., now take cruise lines out of it ’cause they got a tremendous amount of media coverage with cases there. But what we have is a real issue with shipping, the ships that are container ships, bulk ships, cargo ships of all types, including your large oil carriers. There is a limitation of people who serve on those ships, crews. There’s been a lot of crews that because of Coronavirus/COVID-19 infection on a ship have been quarantined out at sea. And so we’re seeing ships being taken off usage because they’re sitting being quarantined. We’re seeing so a disruption in the supply chain because of a key component of the supply chain, not related to the end products or the originating product.
LN: So all the just in time delivery and assembly is really a parenting problem we say can’t rely on the GPS and calculated travel time.
GS: And actually there’s been another issue that’s come up with, with the systems on ships because of cybersecurity obviously, and in a general way, but they’ve had a tremendous impact in those areas because of that. So shipping has been hit majorly as has air transport because airlines have cut back so tremendously on flights.
LN: All right so in terms of some of the supply chain security programs they have out there, what are you seeing that companies are doing to protect their supply chain implementing these programs?
GS: A lot of what I see right now is that companies are trying to find alternative suppliers so that they can have a broader base of supply chain. So from where we were single-source supply, we’re now looking at moving towards multiple source supply so that they can continually keep a feed of supply coming in.
LN: Yeah because I’d imagine if certain regions experienced the COVID-19 outbreak more, that would disrupt the supply either going to or coming from that region.
GS: Yeah, and you think about things like border closures, you think about things like the inspection process, the concern over whether or not there is going to be contamination coming in in a cargo container you know, may have.
LN: Are they having, in some cases are they having the ships quarantined when they arrive?
GS: In a lot of cases
LN: Before they are unloaded?
GS: Yeah and that impacts tremendously because you got to take a look at the shipping industry and the cargo shipping. They have gone from smaller cargo ships to mega cargo ships. And these mega cargo ships can have, you know, a lot of containers, hundreds of containers if not more. And the problem is when you lock in a ship like that, your shipment may be one of many that gets stuck. And when you take that size ship out of service you can’t replace it very quickly because what happens in the industry is very simple. They’ve gone to larger ships to carry greater amounts. So economy of scale, and they’ve taken the smaller ships and as is now the case with the cruise industry they’re in yards in India and various other countries and shipbreaking yards. So they’re completely being taken apart and they’re no longer part of the service of shipping that’s out there. Now so replenishment of the container, the vessel, is going to have an impact. And if you take one out, you don’t have an easy replacement for it.
LN: Geary well, thanks a bunch for being on the show. I really appreciate it.
GS: Thank you Lee I appreciate your time.
To Learn More About Logistical Management Check out this website
What do bacterial wipes, shields, social distancing, gloves, and safe drop boxes have in common? These are some of the COVID-19 precautionary steps Cook County Clerk Karen Yarbrough has implemented for election day on November 3rd.
Cook County Clerk Karen Yarbrough along with her team has worked hard to make many precautions to each polling place in the City of Chicago to guard against COVID-19. Clerk Yarbrough sits down with CEO Lee Neubecker of Enigma Forensics to discuss the COVID-19 precautionary measures that will be put in place to keep the voters safe on election day.
COVID-19 Precautions by Cook County Clerk Karen Yarbrough
Lee Neubecker(LN): So I’m here today again with Karen Yarbrough Clerk of Cook County. Karen, thanks for being on the show.
Clerk Karen Yarbrough(CY):My pleasure Lee.
LN: And today, we’re going to be talking about election day voting, what you should know what steps the clerk’s taken to help ensure that you’re safe and protected from COVID-19. So Karen, tell us some of the steps you’ve taken to help protect the poll workers and voters for the upcoming election day.
CY: Well Lee, the primary election really gave us a really good bird’s eye view of what we needed to do. What we were unable to do. We had ordered over $30,000 worth of equipment for our poll Watchers and our judges and the public. And it didn’t show up and we get it. They had diverted it to the first responders. So using that as a guidepost, we are prepared for November election. In our warehouse currently, we have gloves we have masks, we have shields, we have the bacterial wipes. We have everything that we need for this election. Additionally, we plan to mark off in the polling places. There’s the six foot we’re going to social distance and the same thing with the machines. We’re going to social distance those. People can feel safe and secure and their vote is going to be the same way.
LN: So what if it rains on election day?
CY: Well, what if it rains? We’re going to do what we always do. We’re going to take an umbrella We’re going to go to the polling place and we’re going to put our umbrella up and we’re going to go and vote.
LN: Well, hopefully enough people early voted, and voted by mails.
CY: We’re hopeful. We’re encouraging people to early vote but what we’re seeing that there’s still some people who want to show up on election day and that’s their right. and we’re going to honor that.
LN: So should people bring their own Sharpie or pen when they come to the polling place?
CY: If they feel more comfortable bringing their own pen by all means, bring it. But I can tell you that we will have a sufficient number of pens. We plan to clean them between each use so that everybody can be safe. I want my workers to be safe as well as the voters.
LN: So what are you doing to help protect people against COVID 19 transmission that comes from being bunched in lines while waiting?
CY: Well, there won’t be any bunching in lines, okay? First of all, they’re going to be socially distance at least six feet apart. So there won’t be any of that bunching that’s…
LN: So you have lines on the floor?
CY: No we’re going to have, we’re going to have yes, absolutely lines on a floor inside the polling place and even outside the polling place even if it rains.
LN: Are they doing temperature checks?
CY: We are not.
LN: So do you think, should we be concerned about a potential spike in cases in Cook County, following election day?
CY: You know we were during the primary, we were concerned about that, but not one person, not one judge and that one person that we know of were affected. And we certainly didn’t have what we’re going to have in November. So I really don’t think so. We’re going to take every precaution to make sure that people are safe. I will be out there all day, election day as I usually am. I go to the polling places, I talk to the judges to see if there are any problems. We have a team of people who will be out there that day to problem solve and troubleshoot. So I fully expect things to go well on election day.
LN: So if people aren’t sure where they vote, how can they find out?
CY: They can go to the best website in the world. And that is cookcountyclerk.com all things election your trusted source.
LN: Great, well thanks so much. This is great, you’ve reassured me, however, I’ll be voting by mail this year, but I’m certainly hopeful that many other people did as well. So that the lines are short and fast for everyone.
CY: We’re suggesting that people come up with their own plan of what you’re going to do. If you’re going to vote early and drop it in the mailbox if you’re going to get your ballot and drop it in one of our safe drop boxes or if you’re going to vote on election day find a plan, make a plan and then exercise your right to vote.
LN: And what should people do before they come in to the election poll?
CY: What should they do? Well, they should wash their hands. They’re going to have to do that. We’re going to have that bacterial stuff that you use on your hands, but we’re going to have gloves too. People are going to be safe. They’re going to feel very very comfortable when they come to the polling place.
LN: And they should wear a mask when they come.
CY: They should absolutely.
LN: And if they forgot their mask?
CY: And if we’re going to give them another one.
LN: So most importantly vote. Thanks for helping keep us safe Karen.
CY: Thank you.
To Learn More about the COVID-19 Precautions Check out Cook County Clerk’s website
How much would you freak out if your Amazon Prime order would take over a week to be delivered? Check out this discussion to find out more about GPS vulnerabilities and related concerns about the impact on international shipping trade.
Global Positioning System (GPS) Vulnerabilities
GPS Cyber Attacks in the shipping industry would cause billions of dollars in damage to the world’s economy. Just how vulnerable are the GPS systems in the shipping industry? Enigma Forensics CEO Lee Neubecker and Geary Sikich, Principal of Logical Management Systems, report on a GPS Cyber Attacks on maritime shipping lanes. Together, they analyze the vulnerability and offer solutions to thwart cyber attacks.
The International shipping supply chain is the main artery feeding the world’s thirst for importing and exporting food and manufactured goods without it the world would starve. According to the International Chamber of Shipping, (see link below) the maritime transportation system transports by sea approximately 95% of the goods internationally traded. With most of the goods and services dependent on maritime trade, it’s easy to see how important it is to safe keep the vulnerabilities of the GPS systems.
Check out this video to view a Realtime GPS Cyberattack
Transcripts of Video Follows
Lee Neubecker (LN): Hi. I’m Lee Neubecker and I’m back here with Geary Sikich on my show, thanks for coming back on Geary.
Geary Sikich (GS): Thanks Lee for having me. I appreciate it.
LN: So, what do you want to talk about today?
GS: Well, we can talk about transportation issues, we can talk about Coronavirus issues related to anything and everything.
LN: How about the cyber attacks that you were talking about earlier that took place in some of the cargo shipping.
GS: Yeah, I was just going to mention that we’ve had a number of incidents over, well, since March that I think would’ve occurred regardless of Coronavirus or not, but we’ve seen more and more shipping being attacked in cyber attacks with ransomware, with other types of interference. So, we’ve seen an uptick and there’s a lot of vulnerability and susceptibility within the shipping industry in that regard. They just had one this week.
LN: Yeah. You know, you brought that up and I remembered there’s a video I want to share with you.
LN: Back when the USS McCain underwent a cyber attack, well, they had a collision, and I speculated that it was a cyber attack. I want to just show you the clip and see if you see what I saw. Hold on just a second, share screen. Okay. Got the screen on. This is an AIS video which is posted, it shows commercial traffic.
LN: And I’m going to jump forward to what we see here at this point in time. This is the USS McCain which is not on the commercial public tracking system, and the blue line here is actually the Alnic which changes course at the last minute and collides. So I’m going to play it real quick. You can see the Alnic.
LN: Okay, what did you notice happen at the precise time of the collision?
GS: Well he went almost directly at the ship. It was like a 90 degree turn.
LN: Yeah, watch it one more time here. And so it was minutes before the course changed. Many of these cargo ships are under, you know, autopilot GPS drive.
LN: Now, I want you to look, I want you to look right here. See this ship here? Run Hang 98?
LN: That’s a Chinese ship. It’s within, it’s within Bluetooth, Wifi, GPS spoofing range of the Alnic. And now watch at the exact time of collision. It disappears. You see that?
GS: Wow. And–Yeah, that’s kind of…
LN: Yeah, so, anyway, I reported this previously to the Department of the Navy at the time but there were a number of incidents happening that made it look like these vessels under autopilot were having, at the last minute they were suddenly changing course and colliding into ships. So this whole GPS hacking is still, you know, still a real risk, and that’s why now, you know, the military said that this was an issue with the men on deck not paying attention to what’s around them, but at the time, I don’t think that the Navy expected friendly cargo ships to suddenly collide towards them.
GS: Yeah, to veer off course like that.
LN: On short notice. So, I suspect now that the Navy has protocols to help anticipate this type of thing happening and to protect our servicemen.
GS: Mm-hm. That kind of goes along with the studies that they’ve done on the utility side of the house with the generation equipment. Your converters, your, you know, the big boxes that essentially transfer power from power plant to the grid system. And they’ve seen that you can take those over via the cyber for, you know, the cyber window if you will.
LN: We even had the issue with the Boeing Max 8’s when they were having all those problems. And the chip that was inside the plane is a combination hybrid chip that’s both electromechanical and digital, and if you, if you direct sound waves at that chip, at the natural frequency of the chip, you can cause the chip to malfunction or even be damaged. So it’s possible that a sonic attack was launched either while the plane was on the ground, to damage that chip, or it could even happen in air. So I suspect that, you know, the Max 8 is undergoing rigorous testing before they bring those back up.
GS: Yeah, I would think that that’s got to be, I mean, just the entire cyber perspective, it’s got to be an area where private sector and public sector need to coordinate and, you know, share information, but also figure out a way to begin to protect. Now, the interesting aspect with this is that I talked to a couple of colleagues recently, former military, and they’re all saying now that there is a developing new strategy where instead of being reactive that the US may become proactive, if you will, and preempt a lot of attacks. So they may become more aggressive in terms of cyber security in an offensive way versus a defensive way. Which is really interesting because at what point does that become so expansive that we find ourselves, you know, locked in a cyber conflict.
LN: Yeah, like let’s take the GPS, the potential for GPS hacking is there.
LN: By having multi-antenna detection systems, you could have on the front of a vessel and the back of the vessel, you could have two antennas attached to a computer, and if it detected a sudden change over in the GPS coordinates that didn’t align with the distance between the two, you could know that that vessel’s in a region where someone’s screwing with GPS. And then, if you have enough vessels with this technology, you could triangulate and locate the source of the emission. And that would be something that could be proactive to identify are there vessels out there on the water that are emitting and trying to overpower the global satellite GPS signals with local signals? And that would be very useful to know because you could track down, you know, the source. And it doesn’t mean that the, the source ship might not even know that their equipment’s compromised. So, it’s a lot more complicated that simply assuming that the vessel generating the signal, that the operators of that vessel are behind the attack.
GS: So, it would be wise to not sync them right away .
LN: That would be good. Well thanks for being on the show. I appreciate it.
GS: Thanks Lee for having me. It’s a great topic. I’m sure that this is going to get much more press over time.
How does voting by mail work? Are you worried about voting mail fraud? Check out this video blog and you will be so much smarter after.
How is voting by mail going to work? Is it safe to vote in-person or should I vote by mail? All of your questions are answered in this video blog with Computer Forensic Expert Lee Neubecker and Cook County Clerk Karen Yarbrough. They will help put your mind at ease!
Lee Neubecker (LN): Hi, I’m here again with Karen Yarbrough, the clerk of Cook County and she’s responsible for administering elections and making sure that your vote counts. Karen, thank you for being on the show again.
Clerk Yarbrough (CY): Again, Lee. Thank you.
LN: So, today we’re going to talk more specifically about voting by mail.
LN: What do you have to do to vote by mail?
CY: Well, the first thing you have to do is be a registered voter. What a concept, right? Be a registered voter and then have a place where you want your ballot to be mailed to.
LN: Okay. So if you want to get that ballot, how can you get a vote by mail ballot?
CY: You apply at the best website in the world cookcountyclerk.com and you apply there. You will be sent a ballot and hopefully you will review your choices, make your choices, you’ll sign the envelope, it’ll be a postage paid envelope for you and mail it in. Or you have the option of if you don’t want to mail it in, we’re going to have over 60 boxes in which… They will be inside of the early voting places. And you’ll be able to drop those in the box. Now, I want to tell you that they’re inside because some people have suggested that, “Oh, if they’re out in the middle of Michigan Avenue, somebody could just cart it off.” We’ll not be in the middle of Michigan Avenue. They will be inside the polling places and they will be attended to by one of our election judges.
LN: Great. So you can either drop it off at the polling place or you can drop it in the mail?
LN: And, what is the deadline on when you can last request a ballot to vote by mail?
CY: Whatever that deadline is, don’t use that deadline to do it today, okay? Today is the day that you should request your ballot. We’ve heard some stories about the post office, although we feel like they’ve been doing a pretty good job and regardless of the noise you’re hearing from Washington, turn it off, fill out your ballot, send it in or drop it off at our locations.
LN: And So as long as it gets postmark stamped by November 4th, it counts, correct?
CY: November 3rd. Yes.
LN: Okay, November 3rd.
CY: Yes, yes.
LN: So as long as it gets stamped by November 3rd, the ballot counts?
CY: That’s absolutely correct.
LN: So drop it off at the post office if you’re concerned, but people should try to drop it off early so there’s time-
CY: We want people to apply now for their ballot. Get their ballot, review their choices, pop it in the mail or else drop it off at one of the drop boxes at our early voting sites.
LN: So, you could also think of voting by mail as doing your part to help control the spread of COVID-19.
CY: I agree. And we’re suggesting, especially to seniors, seniors are very… They want to be social and that’s what many of them have told me. They like showing up on election day. So I’m suggesting to them to use my website, cookcountyclerk.com order your ballot, review your choices and either mail it in and if you want to be social, drop it off at one of our drop boxes. You’ll be able to wait to our judges that you’re used to seeing on election day, but you’ll be able to not stand in line and pop it in our dropbox.
LN: Good. So, let’s say that someone’s at a situation where they got the ballot, they have it at home, but it’s election day. Is it better for them to drop that vote by mail ballot at a poll box or is it better to go in and vote in person?
CY: They should go ahead and vote in person. Even though that ballot, we know that ballot, they have that ballot and the fact that they lost it or they don’t have it, that’s okay. Come in, vote, but there’ll be voting provisionally. And what we do is that spoiled ballot, as far as we’re concerned, that ballot is spoiled because they’ve already voted. Each and every voter in Cook County has a unique voter code that is you. And anytime it shows up, that’s where you get the one person, one vote. We’re not again, having Mickey Mouse to vote in these elections, okay?
LN: So, you think that there’s any truth to voting by mail leading to a fraudulent outcome of the election?
CY: There’ve been countless studies done on fraudulent voting and elections. And I don’t know why this year this is such a focal point. These studies have suggested that less than one point, whatever percent, it’s just not happening, it’s red herring, it’s not happening. So we’re not going to… Although we’re going to prepare for anything like that, it’s just not true.
LN: All right. And one last thing, can you tell everyone again what the website is they need to go to, to request the vote by mail-
CY: cookcountyclerk.com the best website in the world that you can use to get the real deal. No fake news there.
Cook County Deputy Clerk John Murkovic has worked hard to secure the electronic voting system. He’s made it hard for cyber hackers to throw a wrench in our election process. Learn what measures he has implemented against election hacking.
Cook County Deputy Clerk John Mirkovic focuses on securing the electronic voting systems from election hacking
Enigma Forensics, CEO Lee Neubecker and Cook County Deputy Clerk John Mirkovic discuss election hacking and measures that have been taken to help secure Cook County for the upcoming 2020 Election scheduled for November 3rd, 2020. The two discuss past hacking attempts during to 2016 election cycle on the Democratic National Committee, including phishing attacks that compromised numerous campaign workers.
Lee Neubecker (LN): Hello, today I have John Mirkovic from the Cook County Clerk’s Office. He’s the deputy clerk and he oversees all the technology and communications working with Karen Yarbrough, and today I’m going to be talking to him about protecting the vote from cyber attacks. First, I wanted to start off by recapping what happened in 2016. Hillary Clinton’s Campaign Chairman, John Podesta, was phished with an email on March 19, 2016. And what had happened is he forwarded an email to a staffer that had replied with a typo. The staffer said this is a legitimate email versus what the staffer should have said is this is an illegitimate email. So he did the right thing by checking first, but he probably should have picked up the phone and not relied on email. So then he went and he clicked through and reset his password. And the type of attacks that are happening right now is such that when you click a link, sometimes it will pretend to be Office365 or Google, and it will want you to put your username and password in so that you can see the document. Well, in fact, those sites are getting your credentials for later cyber attacks, or they’re trying to put malware on your computing device. So what happened after that? In April 2016, hackers created a fake email account and spearfished 30 Clinton staffers. They sent a spreadsheet that had the name Hillary-Clinton-favorable-rating.xlsx and that attachment was designed to make the staffer want to click. So these are social engineering attacks on campaign staff. And then later DCLeaks was registered, and all these emails were published and put out there, which was very damaging and probably changed the outcome of the election in 2016. So I have John here, and John, I want to ask you, what steps has the Cook County Clerk taken to prevent similar attacks here in Cook County?
Securing Electronic Voting
John Mirkovic (JM): Well, I think one is that we don’t make it so easy that you can change credentials via one email that way. So, what happened to Mr. Podesta, it would have required a few more steps in our agency, which is usually good, I guess, but it was such a clever attack. There’s almost no way to stop something that clever, and that relies on someone’s sense of urgency and emotion. So we, in our office, we work with Cook County on our email servers, so we would reach out to a different office to work with that. So the ability to make it hard to change emails, for example, you know, it can be frustrating sometimes but you know, you realize when you build those layers up if they frustrate you that means they’re going to frustrate an attacker as well so that’s one way.
LN: So deployment of frustration, a government staple, right?
JM: Yeah, the old help desk.
LN: Well, having these processes in place though, by design they help protect people and make it more difficult for hackers to get in. So that’s great. There’s been a lot of talks about potential hacks coming on election day, should voters be concerned that their vote’s going to be hacked on election day?
JM: I think they should be more concerned about the disinformation campaign that is going on about hacking voting machines in Illinois, and that we have the misinformation from nebulous foreign state actors, but they’re actually people in this country who are being paid. You know, they think they’re working for a news agency, but it’s some shell and all they’re doing is spreading misinformation, especially in Illinois. You know, we’ve had to refute notions that our ballot marking devices are connected to the internet and that anybody can get in there. So to answer your question, we use a lot of layers of security and some of them, and the main one is we don’t even give ourselves the ability to update these machines on election day or in the field, which again that frustrates us, but we also know that if there’s no way to communicate with those machines by us even, then no one else can, so.
LN: Isn’t there also a simultaneous paper audit trail for the voting machines?
JM: Yeah, so voters in suburban Cook County should be really happy with the system we have in Illinois, which requires a paper backup of every vote. So voters in the suburbs may remember, I don’t know if they had them in the city, but they may remember the sort of receipt paper printers that were built into the machines and they would kind of scroll really quick and show you what you voted for, but it really wasn’t user-friendly, so.
LN: John, just finally, should voters be concerned about election equipment being hacked on election day?
JM: Well, you know, depends where they live. If they live in a state that isn’t as committed to security, I think that people should ask questions and these are the right types of questions to ask, and if you live in a state and you find out your ballot marking device or voting machine is connected to the internet, you should be worried about that. In Illinois, that is not the case and we don’t even use the open internet for any transmission of data, we use secure cellular networks that can work one-way communications and send encrypted data that cannot be tampered with in transit. So voters should ask questions and, but they should also be mindful of who’s causing them to ask questions, and if that person is playing on their emotions.
LN: Great. Do you think that early voting and vote by mail will help reduce the potential impact of election day hacking?
JM: Yeah, I believe so. If you think about centralized versus decentralized targets. You know, an election where you have ballots being cast in 400,000 different locations, as opposed to 1,000, that’s a bigger attack vector and harder to, you know, for a foreign adversary to manipulate really. So it’s really, a mail election sort of really makes it hard for a hacker to find a way to get in there, so I think that vote by mail does make election safer.
LN: Great. Well, thanks a bunch for being on the show, I really appreciate you taking the time to come on.
Do you have concerns about voting in person? Cook County Clerk Karen Yarbrough urges everyone to vote early or by mail. Make a plan and plan your vote. It’s easy peasy!
Cook County Clerk Karen Yarbrough sits down with Lee Neubecker, President of Enigma Forensics to discuss the do’s and don’ts of early voting in the Cook County election and how to receive your mail-in ballot.
Early voting begins on October 19.
Lee Neubecker (LN): Hi, so I’m here again today with Karen Yarbrough, the Cook County Clerk, and we’re talking about the election that’s coming up. And today’s topic is specifically about early voting. Karen, thanks for being here.
Clerk Karen Yarbrough (CY): It’s always a pleasure, Lee.
LN: We’re actually seated roughly 12 feet apart from each other, practicing social distancing.
CY: Yes we are.
LN: And we can actually look at each other while we talk, which is nice.
CY: Yes we can.
LN: So tell us a little bit more about why people should consider early voting this election.
CY: You know Lee, I used to always pride myself in voting on election day. There’s something exciting about voting on election day. The camaraderie, seeing people you don’t see, you know, particularly every day. However, I got used to voting by mail because it’s convenient. And so people should, with this particular election, they need to make a plan and then plan their vote. I’ve already made that plan. And I plan to, I’ve already requested my ballot. I expect it in the mail any day now. And I plan to review my choices and I plan to drop it in a dropbox.
LN: Great. So when can you vote early in Cook County and the city of Chicago?
CY: So in Cook County, you can early vote on the 19th of October. There are some dates, October 7th, I believe for somebody who’s not registered to vote, they can actually register and vote on the 7th of October. In the city of Chicago, they will be starting that process on October first.
LN: So is there a website that people can go to if they want to get a–
Where to find more voting information
CY: I’m glad you asked Lee. All the information that you’ll ever want to know is at cookcountyclerk.com. Everything is there. Go to that website, click on elections, and you’ll see an array of information there that can answer each and every question that you ever have for elections for this particular election.
LN: And I know that the last election cycle that you told me about that, I actually did it. It only took less than, it was about a minute time–
CY: If it takes that long.
LN: And the ballot came and it was easy. What was nice is I had time to look up the different races. I could use my computer, I could do my research and be thoughtful with access to more than my smartphone. So I could actually read things while I was voting. So it was a nice experience.
CY: Easy peasy, that’s what I say. And, you know, you can give some time to actually looking at your selections. You can go online and research the candidates and make good solid choices.
LN: Yeah, and just so you know, my daughter voted for the first time in this election and we took her to early voting in person. And I asked could I early vote instead because I was there and he said I could but it would be a provisional ballot that wouldn’t get counted until later. So I thought that it seemed, at least, there was a check and balance. Your team knew that I had already requested a mail-in ballot and they had that checkup. But if I wanted to vote in person, I could have, you know, so like, if I lost my ballot, I could still vote. It’s just the provisional ballots don’t get counted until later.
CY: Yeah, and We want people to understand that process too because I’m suggesting to people to go ahead and order a ballot, go ahead, fill out the application. Like you said, it only takes a minute or so to do that. When your ballot comes, make a determination at that point do I plan to, you know, fill this out and mail it in or do I plan to drop it in our dropbox? Or do I plan to maybe do like some others who have suggested to me that they planned the, planned doing that would be their backup plan, just in case they can’t get to the polling place on election day. So I’m encouraging anybody and everybody to please, you know, order your ballot, get your ballot, do your research and obviously vote.
LN: So you can actually take your mail-in ballot and if you’re concerned that it’s going to be held up at the post office, you can drop by any polling place?
CY: We have, right now, over 60 early voting sites. And so if you’ve gotten your ballot and you want to drop it off at a dropbox, you can do that. You do not have to stand in line and we’ll have one of our election workers standing right there.
LN: So outside there’s actually–
Drop Boxes for Mail-In Ballots
CY: Inside, inside there will be a box that you can put your ballot in and there’ll be somebody right in front of that. You will not have to stand in line.
LN: Okay, so what if someone lives outside of Cook County?
CY: Somebody who lives outside of Cook County, you mean that maybe somebody in the military. That’s what absentee voting is all about. And you know, we’ve been doing that since the Civil War. Complete your ballot, send in for your ballot, complete your ballot and mail it in.
LN: Do you have any concerns about people voting more than the once?
CY: We do not because we put a number of things in place to make sure that kind of thing does not happen. One thing, we have election judges that, you know, they’re sworn in and they review every single signature. You know, you have to sign, so they will do that. Each person has a identification number, okay, that’s only germane to you. So that way we know it’s you. So if Mickey Mouse shows up, Mickey Mouse is not going to be able to vote because Mickey Mouse does not have this voter code that we have. Finally, you know, we have a, we’ve just gone through every idea and had people to kind of test, to make sure that we are ready for the November election to make sure that people, you know, do the right thing. And that’s what we’re telling them to do. Do the right thing. At the end of the day, too, we also do, we check out 5% of the ballots to make sure, you know, after the election, that they’re right on target.
LN: And so finally, when is the last time, the last date that you can request, that you can actually go in and vote early?
CY: The last time that you can go in and vote early actually is November 3rd which is election day, okay, They can vote that day, but the day before. So that would be November 2nd. Don’t wait and do it then. Do it early.
LN: Well, thanks a bunch for being on the show. I look forward to talking to you again soon.
Why doesn’t Divvy Bike Share System use the same GPS technology as Lyft? Isn’t Divvy managed by Lyft? We have more solutions for Divvy Bike Share Security. Check this out!
We were wondering how safe is the Divvy bike-share system security? Enigma Forensics has been following the Divvy bike story. We love the idea of the ease and accessibility to rent a bike but don’t want the criminals to ruin this city-wide opportunity.
Divvy Bike Share System
The Divvy Bike Share System is a great resource that has been open for business 24 hours a day, 7 days a week, and 365 days a year. All different shapes and sizes of people are able to use bike share to commute to work or school, explore the city, attend appointments, meet up with friends, and everything else in between. The beauty of the Divvy bike-share system is that it offers affordable transportation and features bikes that can be unlocked from one station and returned to any other station throughout the city. This all sounds like a great program for the city but the recent looting in Chicago has led to occasional lockdowns on Divvy Bike usage. We thought we would take a deeper dive and discover how safe is the Divvy Bike security.
Divvy Bike Issues
Divvy has been plagued with several issues that not only include difficulty in docking at stations that allow bikes to be obtained when legitimate riders fail to fully dock and lock their bikes. It has also been reported these docking issues lead to a significant amount of stolen bikes used in crimes. To make matters worse, additional ways to obtain access to a Divvy bike can be easily accomplished by using a stolen credit card to unlock a bike. How? There isn’t a two-factor authentication required to unlock a bike and the credit card system doesn’t require the entry of the billing card member’s zipcode. The lack of security allows the ability to use anyone’s credit card which makes it easier for the thief to steal a bike. By adding these two simple changes; a two -factor authentification and zip code requirement Divvy could dramatically improve the situation.
The latest crime that has Divvy in the hot seat with local Chicago Aldermen, happened on the morning of July 27, 2020, when an 82-year-old man was carjacked in Streeterville by a group of Divvy bike riders. After they stole his car they left the Divvy bikes at the scene. We assume these bikes were stolen and if so it makes criminal activity in otherwise safe neighborhoods a lot easier. Additionally, you may have noticed abandoned Divvy bikes while traveling through the city of Chicago. If you see an abandoned Divvy bike, do the last paying rider a favor and dock the bike to prevent racking up hourly charges. These issues have bubbled up to a few Chicago Alderman who has informed Divvy of the complaints brought forth by their constituents.
During our research about current docking station flaws, we found this article from The Chicago Reader. The article’s title, “FOIA’d emails reveal an ongoing citywide epidemic of Divvy thefts.” Chicago Reader wrote the culprit is the hasty decision by Divvy to remove a critical piece of security hardware from Chicago’s docking stations. They reported the security device that was removed had been making it difficult for users to dock bikes at the end of their rides. By removing the device it also made stealing docked bikes easier. https://www.chicagoreader.com/chicago/divvy-bike-thefts-chicago-security-hardware-removed/Content?oid=58659144
Enigma Forensics agrees with a solution to integrate GPS locating technology so that stolen bikes can be disabled remotely. Once the thieves know that are being tracked and the bike will be disabled, it will curtail the problem. Another solution we found that could help improve the situation is alerting users via a phone alarm if they fail to lock their bike properly.
Use GPS Technology
Divvy doesn’t utilize GPS technology to track the bikes down and release the last rider from the costs. Since Divvy Bike Share is supported by Lyft, why can’t they adopt the bikes to include GPS technology and install digital cameras at each station to help record criminal behavior? After all the Lyft drivers use GPS! We urge Divvy to install a better credit card payment system using two-factor authentication and requiring the billing zip code associated with the credit card to be entered. GPS technology will allow remote locating of lost or stolen bikes with remote brake locking technology that would curtail illicit use of bikes and theft. These are potential solutions that we hope our Alderman will be able to move forward to help keep Divvy bikes a program for all Chicagoans.
Phishing, Ransomware, Endpoint Security, IoT Devices and Cloud Jacking. What do they have in common? Top Five Cyber Attacks we are concerned about and you should be too!
The frequency of cyberattacks is growing. The following is Enigma Forensics’ top five cyber attacks that you should be made aware of.
Phishing Attacks are specific forms of email or text messages that are targeting victims to gain access to their personal information. Phishing messages often try to induce the receiver to click a link to a package shipment delivery message or other seemingly legitimate hyperlinks. It acts like a harmless or subtle email designed to get victims to supply login credentials that often become harvested by the attacker for later use in efforts to compromise their target. Sometimes phishing emails spoof the sender to be someone who has already been compromised. Once compromised, often times the compromised user’s mailbox is used to relay other outbound messages to known individuals in their saved contacts. This form of attack earned its name because it masquerades as an email of someone you may know and because you know the sender, you are more likely to nonchalantly open the email and click on the attachment to learn more about the content. With a click of a mouse, BOOM you can be compromised. This is a very easy and effective scam for cybercriminals. Warning: Do not open attachments or forward chain emails!
Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge. The cybercriminal then holds the stolen information for ransom, thus the name! They may ask for a ransom payment in the form of digital currency such as bitcoin. Whether or not the victim pays the ransom depends on what information they have stolen or what criminals have threatened to do with the stolen information. Warning: Do not visit unsecured sites!
Remote Worker Endpoint Cyber attacks are currently the most popular because of the number of employees working from home caused by the Coronavirus. In the month of March, many workers were sent scurrying to their homes without companies placing proper cyber protection protocols. Employees are using their personal devices to conduct work and often are not fully patched, updated, and using encryption to protect their home devices against cybercriminals. Many company executives have been targeted at their homes, where they are much less likely to have commercial-grade firewalls designed to protect endpoints and company trade secrets.
IoT Devices attacks are a popular vehicle used by cybercriminals to establish a beachhead for launching lateral attacks across a home or work network. IoT devices involve extending internet connectivity beyond standard devices, such as desktops, laptops, smartphones, and tablets, to any range of traditionally dumb or non-internet-enabled physical devices and everyday objects. Embedded with technology, these devices can communicate and interact over the internet. They can also be remotely monitored and controlled. IoT Devices should be segmented and on a different network than corporate work from home devices. IoT devices pose a great threat because many of these devices lack automatic update processes and can become a beachhead for cybercriminal attacks in your home.
Cloud Jacking will increase with an estimated growth of cloud computing to be a $266.4 billion dollar industry in 2020. The idea of cloud storage makes one believe it is an improved option rather than the traditional on-premise computing storage. This will and has become a major security concern and has created a strong urgency to increase the creation of cloud security measures. Cybercriminals will up their game and cloud jack data information whenever possible. The race in on to see who does it cloud security better; the good guys or the bad guys. To protect against Cloud Jacking cyber attacks, organizations should enable two-factor authentication options, such as Google authenticator.
Two-factor authentication requires two of the three following means of authentication:
Something you know (A password)
Something you have (A key fob or cell phone authenticator)
Something you are (Retina Scan, Facial recognition, fingerprint)
FBI deputy director David Bowdich said “The sale and scope of the hacking activities sponsored by [Chinese] intelligence services against the US and our international partners is unlike any other threat we’re facing today.”
On July 7th, the United States Department of Justice (DOJ) filed a criminal indictment against Chinese cyber-criminals who acted as both self-employed criminals and employees of the Chinese Ministry of State Security (MSS).
Their names are Li Xiaoyu and Dong Jiazhi both are former classmates and chums. They attended an electrical engineering college in Chengdu, China. Li and Dong worked as a tag team to combine their technical training to hack the computer networks of a wide variety of victims. They included companies engaged in high tech manufacturing; civil, industrial, and medical device engineering. The theft didn’t stop there! They stole and replicated intellectual property and important trade secrets from businesses in the educational, and gaming software development; solar energy; and pharmaceutical sectors. Their stolen booty included information about military satellites and ship to helicopter integration systems, wireless networks, communications systems, high powered microwave systems, laser system technology, counter chemical intelligence, and finally, COVID-19 vaccine bio-development information. They left no stone unturned and literally left their criminal digital fingerprints everywhere.
The United States Department of Justice (DOJ) indictment includes 27 pages of a long laundry list of cyber-criminal attacks starting from 2015. Li and Dong were elevated to the top of the list when they were recently discovered looking for vulnerabilities of certain biotech and pharmaceutical companies who are researching and developing Coronavirus / COVID-19 vaccines.
Basically, China is using their students as cybercriminals to steal, and copy their way to technological advancement instead of developing their own. How did they gain such vital and important information?
Li and Dong used web shells, particularly one called “China Chopper.” This widely available and easy to use hacking tool provided the attackers with remote access to targeted business networks. They would also run credential-stealing software to grab user names and passwords. By creating easy access into a victim’s systems, they would copy the data they wanted to steal into an encrypted Roshal Archive Compressed file (RAR). Like other archives, the RAR file is a data container storing one or several files in compressed form. Windows Operating Systems has a default setting that allows a folder to be created and stored where the “Recycle Bin” is located, making it almost invisible to system administrators. Li and Dong operated within the “Recycle Bin” and create extensions such as “.jpg” to make those files appear as images. Thus, disguising the stolen data. The Ministry of State Security (MSS) allegedly provided the two with Zero Day hacking tools that could be used to penetrate corporate networks.
Once they stole the data they would bring it back to China and either sell it to the highest bidder or as directed and allegedly provide it to the MSS. After they breached a company they would go back and re-victimize the same company or organization they attacked in the first place. In addition to hacking and extorting U.S. technology companies, the two allegedly attacked messaging platform tools favored by Hong Kong protestors. The attackers appear to have motivations other than pure financial extortion strengthening the DOJ’s position that the attackers are connected to the MSS.
Are Contact Tracing APPs ethical? Are you willing to give up your private data to help slow the spread of the Coronavirus? Check out what these experts have to say!
Apple and Google have the capability that allows cell phones to communicate with each other. Contact Tracing Apps use this capability and have been developed to find and alert the contacts of people infected with the Coronavirus / COVID-19. As soon as someone gets sick with Coronavirus, the APP could alert you if this is someone you have been in contact with. Alleviating the length of time it takes for a real live Contact Tracer who is doing the tracing. Basically, this is widespread human GPS tracking, that presents many privacy issues involving potential data breach, information storage, and sharing sensitive personal data. Should sensitive medical information and individual locations be available on an APP? Do you believe this type of electronic contact tracing is ethical?
Check out this video to listen in on experts as they consider the amount of data that is being collected and what it means for your data when you download a Contact Tracing APP.
Video Transcripts Follow
Lee Neubecker (LN): Hi this is Lee Neubecker from Enigma Forensics and I have Debbie Reynolds back on the show, thanks for coming back Debbie.
Debbie Reynolds (DR): Thank you for having me, very nice to be here.
LN: So I’m very interested to hear more of what your research is regarding contact tracing apps, and what you think that means for individuals that might put these apps in their phone. Tell me a little bit about what’s happening right now with the industry and how contact tracing apps are working.
DR: Yeah, so Apple and Google created a capability so that phones can communicate with each-other via beacon. So that they can store information on phones, or have phones bounce off of one another, so that if someone downloads a contact tracing app or registers there, if anyone who also has the app, it will be able to trace back, y’know, how long they spent with certain people and tell them whether they feel like they may have been exposed in some way, and tell them either to quarantine or go seek treatment in some way, or get tested. So it’s pretty controversial, the contact tracing app, for a couple of different reasons. One is, people are very concerned about privacy, like giving their potential medical information to a company that’s not a medical provider, meaning that they’re not protecting the data the same way. Also, as you know, Bluetooth technology isn’t exactly super accurate in terms of the distance that you are from someone, so the delta, in terms of how accurate it can be, may be way off. It may be several meters off, the phone can’t tell if you’re six feet apart or whatever, so I think that they’ve tried to tune that up with this new API that they created, but still, based on the science, we don’t know that it’s actually accurate or not.
LN: So you could still have a situation where, if you put one of these apps on and you’re outside biking, and you bike within 8 to 10 feet of someone who later does have it that you’re getting notified that you have to quarantine on a false basis. That’s a potential outcome of using an app like that, correct?
DR: Yeah, but I think that the way they having it now is that it’s supposed to register you spent more than 15 minutes near that person, so, y’know.
LN: Okay, that’s good to know.
DR: But let’s say you’re parked in your car and someone’s parked next to your car, so you aren’t physically near, y’know, you aren’t in any danger from that person but you wouldn’t know, just because your phone says you’re close to them. They don’t understand the circumstance that you’re in, to be able to tell that, so. I think people are concerned about, a lot about privacy, them taking the data or how the app is actually going to work, and it’s going to work differently in different countries. So what they’ve done is create this API, this capability that’s put on everyone’s phone, and then if you download the app, the app which you use will use that API to actually do this beacon exchange on people’s phones. So, that’s kind of what’s happening right now, is different countries and different places are implementing it in different ways, and some are really pushing back on them because they don’t have really any good guarantees about privacy, or data breach, data breach is a huge issue.
LN: Yeah, I mean, our Government’s never had data in their custody compromised ever, right? wink..wink
DR: Right, that never happened, exactly, so-
LN: You’re having your maps of where you’re walking, your GPS records-
LN:time of day, your movement and that is going to Google and Apple, and under certain conditions they’re passing that data on to the CDC or other entities, law enforcement, enforcement groups.
DR: Well their concern is that data, because it’s at a private company, will get merged with other things, like let’s say your insurance carrier, or your medical, y’know, you get dropped from your insurance because you have this app-
LN: You drive too fast.
DR: No because you have this app, and they think that you may have been exposed, or you’re a higher risk, or a bank doesn’t want to give you a loan or something, because you have this app on your phone. I’ve been hearing a lot of different scenarios people are concerned about. But I’m curious, from your perspective, in terms of how certain things are stored on phones. I know beacons is a really big idea, but maybe you can explain a little bit about how Bluetooth actually works?
LN: Yeah, well Bluetooth is a near band wavelength that allows for peer-to-peer networking. Bluetooth has been exploited in the past to be able to take over devices, so it’s, a lot of people don’t like to have their Bluetooth on continuously because you’re opening your phone up to potential attacks, cyber attacks, via Bluetooth. You’re also broadcasting, when you have Bluetooth on you’re also broadcasting your MAC address identifier, your Bluetooth unique address and there have already been issues where retailers in London at one time, they had kiosks outside that would track the shoppers and they’d know how long they were at certain stores, and they’d use that information to serve custom video ads to people as they’re shopping and walking by.
LN: So there’s privacy implications and security implications of having Bluetooth on all the time.
DR: Yeah, and that’s a big concern. So I know when I first heard this, about them doing this contact tracing, I was wondering like how exactly would they get the proximity right, and because we have no visibility to that we really don’t know, right?
DR: So we just have to sort of trust the black box and see what happens, to some extent, but I, for me I think my opinion is that contact tracing is a profession, it’s not an app. So, there are people who do this as a profession, only, let’s see, 55% of people in the world don’t even have smart phones, so you’re talking about a capability that’s only for 45% of the people, and not all those people are going to actually volunteer to get these apps.
DR: So it doesn’t really help to contact, for people who do contact tracing, except it adds another layer that they have to work with because they still have to track people whether they have cell phones or not.
LN: It’s interesting stuff, thanks for bringing that to our viewers’ attention and thanks for being on the show again.
DR: All right, thank you so much, I really appreciate it.
Working from home? Have you been transferring files between work and personal computers? Be aware of the security risks that are out there. Experts talk about how to protect your company’s private data. Where should you start to make sure your remote workforce is secure? Listen to these experts!
Using Your Personal Computer to Work From Home
Let’s face it, these are weird times! Never before have we had the bulk of the country’s work force sheltering-in-place and working from home. We’re going on four months battling the spread of COVID-19. Workers have resigned, been terminated and furloughed and many have sensitive trade secrets loaded on their personal computers. Experts Lee Neubecker and the Data Dive Debbie Reynolds discuss currents situations and different audits they have performed for companies to retrieve intellectual property and company data. Check out this blog with transcripts.
Video Transcripts Follows
Lee Neubecker(LN): Hi, this is Lee Neubecker from Enigma Forensics. And I have Debbie Reynolds, the data diva back on the show from Reynolds consulting. Thanks for being on. Thank you so much for having me Lee. So what are your thoughts about the shift and changes that have happened over the last couple of months with everyone being stuck at home with their computers?
Debbie Reynolds(DR): I think it’s a interesting issue now, because as you know, even before the pandemic, there were people working at home. But now since there’s so many more people at home, it’s bringing up other security risks, especially with devices. And I’m sure you know, you probably explain more of your experience about working especially a forensic with people who are remote. And some of the challenges with those machines, especially, you know, the same people. They’re either working from home, people are getting furloughed or people are losing jobs where they’re, they’re not in the office. But they still have equipment. So I’m curious to see what you think about all that in terms of the device, the equipment, and some of the risks that come with that.
(LN) We’ve had a number of projects happen during this period where workers either have resigned, they’ve been terminated, or they’ve been furloughed, and there’s a need to get the company data back. And sometimes that data is on their personal computers. Other times the data is on a company issued laptop, but there are companies are just starting to get back to work. And there’s a whole host of issues. If you have sensitive trade secrets, and confidential electronic data on an employee’s personal or work computer, and you don’t have physical custody of that, there’s a real risk of that data getting disseminated to a new employer, maybe leaked online to the web, or maybe even you know, someone’s kid at home installs a game that opens up malware that puts those trade secrets at risk.
(DR) You know, we know a lot of people working from home, and a lot of people are using, I think the statistics said, the majority of people, maybe a slight majority, are using their own computers to, you know, tunnel in via VPN or whatever. But we all know that people still, under a lot of circumstances, let’s say they’re printing, or they have a file they want to, you know, leave locally or something. What is your advice from a forensic perspective? ‘Cause we can, we always see a lot of data co mingle together, unfortunately, where the personal and people’s business stuff maybe, you know, together in some way, so what is kind of your advice for people working at home for stuff like that?
(LN) If an employee’s is being asked to work from home, they should ask for a work issued computer.
(LN) Also you should be using a virtual desktop of sorts.
(DR) Right. Yeah, exactly. But you’ve seen I’m sure you’ve seen a lot of situations where you’re asked to do forensic work. And there is a lot of personal stuff, even on a company.
(LN) Yeah, we’ve had situations where people have, despite having work issued computers, they’ve still connected their personal computer up to corporate resources, office 365. I’ve seen situations where there’s drives that are syncing to personal, former employees, personal computers, and even though the accounts are severed, so it can’t continue to sync, then all that data might still reside. So we’re doing audits right now for clients to look for, you know, what devices are synchronizing with corporate data stores, and some of those devices. You know, there really needs to be accounting and audit to match up those devices to ensure that only accounts of active employees are syncing and that those devices are company issued devices, not personal devices because it poses a real risk. It’s a problem that could be preempted by issuing, you know, work equipment, not co mingling work and home stuff.
(DR) Are you seeing problems where people are, let’s say they have a phone. And they have like, for example, let’s say they have an Apple phone and they have a iCloud account. And the phone belongs to the company, but their iCloud account is their own personal account where you have problems getting those passwords.
(LN) Yeah, for the most part, we’ve had compliance and I’ve worked to try to help solve the problem, you know, the employee might have stuff they need. And usually what we’re doing in most cases where we have co mingle data, where we’re giving the employee or former employee the opportunity to put all their personal stuff onto a drive that will then do a search against and then we’ll wipe, wipe, completely wipe, the original device. They’ll sign a certification of sorts, and then they’ll only copy the stuff that they, that they copied off that we verified, didn’t contain trade secrets, and they’ll pull that back down to the computer. But that relies on some level of trust that if the employee or former employee signs, a declaration or affidavit saying that they returned everything that they’re being honest.
(DR) Do you have people that are concerned, especially in the legal field about people doing remote document review, and having sensitive documents viewed on their computers at home?
(LN) Well, I think that’s a legitimate question. And you know, if, if companies are outsourcing document review, they should be asking the provider, provider questions about, you know, how, what steps are you taking to make sure that those endpoint reviewers aren’t using computers that are compromised? In many cases, companies are using independent contractors as their reviewers and they’re not issuing corporate equipment. So that that’s a real risk that the whole ediscovery industry really needs to grapple with, because someone’s going to get burned at some point in time, especially during this, this pandemic with, you know, resources taxed and people working from home.
(DR) I have one more burning question for you, actually. And this is about BYOD. What do you think? Because the pandemic, do you think more companies will start to do more or less, bring your own device things as a result? I think we’re going to see a lot of problems come out of BYOD devices where companies see the problem of losing control of their data. And, at least with the larger companies, I think you’re going to see probably more strict, more strict enforcement of using corporate resources. I mean, there were many companies right before Illinois shut down went into effect they were ordering laptops going running out to, you know, retail stores to quickly grab whatever they could, so they can issue laptops to their employees. And, and so I think you’re going to see, I think you’re going to see a movement away from BYOD in the future.
(LN) I agree with that. I think it’s been a long time coming. I don’t know if you remember when they were first doing this, you know, at first companies were giving people devices, then they decided well we’ll save money will be out BYOD Now it seems like a pain in the neck to deal with it. And it’s all these risk issues. So I really feel that they’re going to start to go back the other way.
(DR) Now, well there’s a cost associated with BYOD. And now people are furloughed and all your sensitive data is on former employees, personal computers. So then you’ve got to hire a forensic expert like me to try to work through to get the data back and to solve that problem, which, you know, it might have been much easier to issue a 500 dollar laptop to employee, then to have them synchronize that ’cause they’re going to pay more than $500 dollars to try to solve the problem of getting their data back. So after we get through this next bump in the business cycle where companies are paying out to have to retrieve their data, I think you’ll see that most CFOs will see it’s smart sense to issue corporate laptops and to block access to BYOD devices. But thanks for the question. It was a good one.
(LN) Thank you. Fascinating. Thank you for sharing.
Check out our COVID-19 Statistics – Track your county!
Social media and cell phone forensics can play an important role in thwarting criminal activity. Check out this conversation between Cyber Forensic Expert Lee Neubecker and Data Diva, Debbie Reynolds. You will be so much smarter afterwards!
Snap Chat, Twitter, Facebook: Social Media and the Importance of Cell Phone Forensics
Lee Neubecker and Debbie Reynolds, the Data Diva, discuss the role of law enforcement in capturing social media posts when trying to thwart the bad guys coordinating a riot or the more recent looting incidents in Chicago. During this difficult time in our nation, what is the role that cell phone forensics should take? Did you know that Apple phones have the ability to automatically shut down when stolen and have a beacon that will detect the location of the phone making it easy for law enforcement to come knocking on the thief’s door? Check out this video to learn more about the role of social media and cell phone forensics.
Transcripts of Video Follows
Lee Neubecker (LN): Hi, it’s Lee Neubecker, and I have Debbie Reynolds back on the show, Debbie thanks for being on remotely.
Debbie Reynolds (DR): Thank you for having me.
LN: So I asked you to come on so that we could talk a little bit about some of the recent lootings that have happened in Chicago and other areas across the country. And what could be happening, as it relates to cell phone forensics and how law enforcement can be using that to get to the bottom of how these coordinated attacks are being planned and who might be involved.
DR: Most of what I know about this is basically what you told me so, why don’t you just sort of share what your experience has been so far in the current environment, and then we can talk from there?
LN: Sure. Well, right now, I know that some of the looters that were apprehended had cell phones on them. We don’t know exactly how the information is being used by law enforcement, but technically, an example of things that could happen could include, doing forensics on the cell phone, identifying Snapchat handles they have communicated with, looking at text messages, looking for Twitter accounts and postings. And potentially, what I saw happening during the last week, at least in one instance, there was a post made to Twitter by a user that made a reference to doing a gig at Urban Outfitters on the West Side, and roughly a few hours after, that post went out on Twitter, referencing Urban Outfitters, Nike’s, Liquor and other things. Around four hours after that, looting that went on at that store, so that handle that posted and anyone else that reacted to that post could certainly have been alerted to the potential for mass looting in a coordinated way via social media.
DR: Yeah, I think even though the police do have capabilities to do that type of tracking and tracing, they they do heat maps of certain things. The problem is that these incidents, if they are coordinated, they happen pretty quickly so it’s sort of hard for them to kind of preempt it. But as you said, always, they have capabilities, right? To do anything with like cell phones that they capture, but they also have capabilities to do things like geofencing about who was in the area at certain time. So, a lot of what they’re doing is not necessarily preemptive or pre-crime is more of, if something is happening or has happened, they can go back and try to backtrack or trace or… If there are people on the scene they can apprehend whoever is there that’s doing whatever and they sort of build it out from there, right?
LN: Yeah, but just the other day, someone was captured and apprehended in… They got caught because they were posting their raid via social media, and they had a live view of them going to bomb, they were threatening to bomb the place and looted, taking cash registers and the stuff was, this someone that was not from Chicago, I think from downstate, somewhere that came in and came in with a goal to create problems and had a past history of that, but the person had the audacity to post it to Facebook, and the FBI just busted them and they’re indicted now.
DR: I don’t know why people share such things on social media. Because yeah, they do track and trace that. But, a lot of the things especially as I saw, it seemed like a lot of stores that have things like mobile phones have been attacked. And as you know those things are pretty easy to trace back. So I don’t know how far people–
LN: Apple had LoJack, in all their phones at the retail store, and so people who took those phones likely those phones likely got located but-
DR: Oh yeah, definately.
LN: I don’t know that that’s happening at the the cheap cell phone stores, the burner phones.
DR: Well, yeah, those are… No, I mean, they probably… If anything, obviously may have serial numbers and stuff like that but, once you… Whether it’s broken, or people change sims or whatever, it’s harder to track that stuff down. But yeah, the Apple phones, yes. They wouldn’t have very much problem. I think as I heard, I read that what Apple had done is for all the phones that were stolen from them, they were able to lock those down. And then it had a screen on there so that you actually couldn’t use it. So, that’s what I heard was happening with Apple.
LN: Yeah, well, they also have the ability to beacon out and send GPS location so-
DR: Oh, absolutely.
LN: People who are buying stolen Apple phones might find someone knocking on their door, law enforcement.
DR: Yeah, it’s probably not a good idea to buy one off the street at this point. So yeah.
LN: Yeah. Well, any thoughts on your concerns if the privacy issues that might relate to mere surveillance on people and tracking social media posts and actually getting in and subpoenaing phone numbers that were taxed to help try to prevent looting from happening?
DR: Well, okay. I guess that’s a couple of different things rolled up into one. So, obviously I’m concerned with mass surveillance, especially if it is capturing information not accurately or targeting people who may not have even been involved. So for example, a cell phone can’t tell like let’s say for instance, you’re standing at a corner and I’m at the stoplight. It says we’re next each other, but we’re not together. So, a cell phone tracking can’t really tell that so eury people who aren’t involved, who are innocent, who are especially in this regard, peacefully protesting, having them be adjacent to other people doesn’t mean that they were involved so-
LN: Lets just say though, for instance, that they found that there was a string of businesses hit, the Foot Locker, then Denny’s Liquor, CVS and Walgreens.
LN: There were a group of 20 people that all pinged off the four cell phone towers at the same times, and we’re in close proximity to that and a few other people were ID’d, would that be enough to justify surveillance on people where there were four cell phone towers in common across a range that put them all in the vicinity of where looting took place?
DR: I’m not sure if it would justify surveillance, so to speak, but I think that if they have other evidence, it may help them target those people more closely but, in terms of sweeping people up in surveillance exercise, I don’t think that’s going to happen unless they have additional information. So, let’s say they have information just like you said, like, okay, these people are in the vicinity and then they posted a picture on Facebook with some loot gear that they got, that would be enough, I think, to justify surveillance but just the fact, surrounding the vicinity, that’s probably not enough to go on, I don’t think.
LN: I appreciate your opinions and thoughts on this. It’s a difficult time right now and hopefully we’ll have stability and we’ll have people held accountable on all fronts, not just the leaders.
Enigma Forensics has been busy tracking week to week COVID-19 cases in each Illinois county. We are thankful of our Medical Professionals. Thank you to everyone for all you’ve done to reduce the spread!
Illinois as a state has been trending in the right direction. Only 8 counties reported cases in excess of zero the week before last week and more than 20 cases the last week show weekly growth. These counties should continue to ramp up additional testing availability and contact tracing to keep the state on track as a whole. 9 counties showed a reduction in a week over week reported cases. Click through on the County Name to see the time series chart depicting the daily counts and 7 days trended average.
Data captured from IDPH website daily. Data as of 6/24/20.
Great Lakes Naval Station is leading as the top Zip code in Illinois experiencing the highest week over week growth rate of new COVID-19 confirmed cases. Click the Zip Code to view the daily and weekly average trends of new cases. In the City of Chicago, West Garfield Park is the hot zone where cases shot up 233% over the previous week.
Illinois Governor JB Pritzker instituted that face masks be worn while inside facilities open to the public beginning on May 1st, 2020. Just a little over 2 weeks later, new cases of COVID-19 plummeted and began a downward descent. Proving that wearing masks helps stop the spread of the Coronavirus / COVID-19.
The other US States that have failed to require a mask to be worn when entering public facilities are experiencing consistent growth of the virus. The data proves that after instituting a mask requirement, roughly 14 days later, cases begin to abate or descent.
Daily Confirmed Positive COVID-19 Cases in Cook County Illinois
Daily Deaths from COVID-19 in Cook County Illinois
Daily Confirmed Positive COVID-19 Cases in Tulsa Oklahoma
We are proud to announce Lee Neubecker was once again nominated by his peers as one of the world’s leading practitioners in the Digital Forensic Expert field. Congratulations Lee!
Congratulations Lee Neubecker!
Enigma Forensic’s President and CEO Lee Neubecker was nominated by his peers as one of the world’s leading practitioners in the field of Digital Forensic Experts and is listed in Who’s Who Legal Investigations 2020 publication as such.
Since 1996 Who’s Who Legal has identified the foremost legal practitioners and consulting experts in business law and investigations based upon comprehensive, independent research.
Who’s Who Legal Investigations publications said, Lee Neubecker, is a “great expert” who receives widespread plaudits from sources who note he is “one of the most visible people in the field”.
Nominees have been selected based on comprehensive, independent survey work with both general counsel and private practitioners worldwide.
Chicago has entered Phase 3 of the Re-Opening of Chicago Plan. Are you wondering where the recent hot pockets are located? Check out our COVID-19 Statistics to see where the infection continues to grow.
The following top Illinois Zip Codes that are largely Hispanic are continuing to climb with COVID-19 outbreaks. This data is based on the daily changes in total reported confirmed COVID-19 cases by Zip Code obtained from the Illinois Department of Public Health statistics page. The reported counts include data from 6/12/20, 6/13/20 and 6/14/20. These are the top Zip Codes in Illinois where 15 or more cases have been reported between last Friday and last Sunday.
Of those identified, Hispanic majority zipcodes account for 50%+ of the remaining hot pockets where COVID-19 infections continue to grow. Majority White Zip codes follow with 7 out of 26, followed by Black Majority Zip Codes at 6 out of 26 Zip Codes.
Small businesses are getting hit hard. Starting with government directed closures due to the COVID-19 pandemic and now the most recent looting and protestor damage. Small businesses are more vulnerable than ever. If you own a small business be on the lookout for cybersecurity threats and learn more on how to protect your business.
Small Businesses must on the lookout for cybersecurity threats!
Small businesses have been besieged on all fronts. First, out of left field they were struck by COVID-19 and the loss of business. Then knocked down by the most recent violent protests. All these hits create multiple vulnerabilities to yet another threat; cybersecurity attacks. Now more than ever, small businesses need to be aware of an impending cybersecurity breach. Enigma Forensics focuses on cybersecurity and would like to share what are the most common cybersecurity threats and how small businesses can protect themselves.
What are the most common security threats?
There are three common cybersecurity threats each small business owner must be aware of; Malware, viruses, and phising. Malware is an umbrella name for a software designed to attack and destroy computers, servers, and to obtain client information. Malware can be engineered in many different malicious ways. Viruses are designed as a computer program that replicates itself and inserts code into your system to modify existing programs. It basically creates havoc in your system and is extremely difficult to delete. Phising is inserted by a clicking on or opening an email that presents itself as a legitimate email. It sparks curiosity and plays on the simplest of emotions.
What are some easy tips for small businesses to protect themselves?
Enigma Forensics encourages everyone to purchase cybersecurity insurance. This can help defer costs if you are attacked. We definitely suggest to hire a professional to assess your system and identify risks. Another less costly tip is to change your passwords. Make them as difficult and unique as possible and don’t store them on your systems. Be sure to include mobile device security if you or your employees check emails on mobile devices. Train your employees to recognize cybersecurity threats and how to avoid and report them.
Enigma Forensics related articles
See the link below for The Department of Homeland Security guide
How can we put an end to this protest? Cell phone forensics is the key to finding out who is organizing violent protests and looting by checking social media sites. It’s that simple!
Chicago Police Superintendent David Brown recognizes social media contributed to the rise in looting
Is Cell Phone Forensics the key to ending the looting? Chicago is reeling back from the third day of unrest and violent protest. Not only are we healing from a global pandemic we are now faced with the threat of violence in all of our neighborhoods. On Monday, we witnessed the third day of violent protest. It was reported that law enforcement arrested approximately 699 people and sadly, 2 people who were shot and killed in Cicero. Feelings of anger, frustration and despair are common threads that bind all of us. The question on everyone’s mind is when is all this going to stop? The Chicago Police department is dealing with a great deal; protecting the neighborhoods and at the same charged with stopping violence. The same violence that was started by a deadly police action.
Many have heard on mobile scanners that hundreds of people driving in caravans are traveling into the city from outside Chicago. Some believe these caravans are organized on social media and are encouraging violent protest and looting. Forensic technology can stop this type of organized violent protest. Once a bad actor has been apprehended, law enforcement needs to perform remote cell phone forensic analytics to discover social media posts, connect friends and followers to thwart passing of information. This is a new age of technology and our police department needs to be able to trace violent networks of people to respond in real time as to prevent personal attacks an property damage.
Enigma Forensics is an expert cyber forensic company that offers forensic imaging of cell phone, laptop and other electronic devices. We are able to analyze the electronic footprint left behind and provide detailed tracing to assist in litigation.
More about expert technology and cell phone forensics
Open for Business! Chicago is entering Phase 3 of the re-opening of Chicago plan. Some employees are continuing to work from home and others are no longer employed. How should a company get their devices returned or information removed from an employees device? Hire Enigma Forensics to be the go-between.
How to Retrieve Company Information from Employees no longer with the company?
What does Phase 3 mean for Chicago? Mayor Lori E. Lightfoot just announced Chicago is going to open up on Wednesday, June 3. Hip Hip Horay! Will Chicago be the bustling town ever again? Let’s hope so.
Even though many employees will be going back to the office, some employees will continue to work from home. What about the employees who are no longer continuing on with the company and have company information and uncompleted work on their personal electronic devices? How does a company retrieve that information?
These are all valid questions and you can bet that most companies were not prepared to address. How should a company go about getting their devices or information removed from an employees personal device?
Your first step should be to call and arrange a pick up of the electronic devices held by the former employee. If you are having difficulty retrieving your company property Enigma Forensics has the answer. In some instances calling on a third party to be the go-between can smooth out any ill feelings. Enigma Forensics can help retrieve property and perform a diagnostic review of the electronic devices. We can identify if any information has been copied or sent via email to an unauthorized third party.
In the future, companies should develop a confidential agreement outlining key information. It’s necessary to virtually adapt if necessary the off-boarding procedure, disabling e-mail, account access, and confirm inventory. Enigma Forensics emphasizes even though the employee is remote be consistent and conduct an exit interview and always utilize e-signature. Be Safe Chicago and Let’s Open UP!
Issues when working from home are bubbling up. Are you working from the dining room table on important company information? We discuss the importance of forming a work from home policy.
We have reached a new era of remote business at levels few companies ever planned for. We all know, COVID-19 has driven businesses and their employees to operate from makeshift home offices. As a result, many issues when working from home have been exposed. In some of our past blogs, Enigma Forensics has provided insight to trade secret theft and given direction on how to protect company trade secrets from cyber attacks. In this blog we will address the current issues that have risen since we are all working from home.
First and foremost, the mass exodus from the business office to the home office was done at the flip of a switch. Working from home took many companies by surprise, sending employees home expecting this to be a short period of time. Most companies didn’t have time to prepare a proper security plan. In an effort to offer more accessibility to their employees some companies loosened their security standards to allow faster and more convenient access for employees. Some encouraged employees to use their own personal devices. These procedures have increased the risks that companies will be cyber attacked and offer opportunities for trade secret theft and loss of business confidential information. To lessen these possibilities companies must develop policies that address the risks.
Enigma Forensics suggests creating a work from home policy to inform employees of their obligations. Companies need to communicate how important it is to stay secure and that the future of the company depends on it. Employers must insist each employee maintain a two-factor authentication process to secure sensitive information. Each employer must restrict unauthorized access to company data. In other words, keep the kids off the company’s computer. It’s also imperative to prohibit the use of unauthorized third party cloud storage sites, and to make sure to apply security software to protect company data. Most importantly, no sharing of company devices.
Some more simple procedures companies can implement to protect their end points include:
Ensure endpoints have patch software and security updates applied monthly
Audit and enable Windows Defender or other Antivirus Solutions to protect end points
Ensure computers accessing company data are set to auto lock after five minutes of intactivity
Provide employees with dedicated work only equipment
Audit and ensure satellite workers have a firewall protecting their endpoints from potential attackers
Kids at home with not much to do may be interested in installing the latest video game on your computer which could introduce security vulnerabilities at home.
Enigma Forensics also suggests developing an inventory of what employee has access to which files. Know who is printing confidential information, and identify if family members have access to the same devices. Once all this is mapped out, a risk assessment needs to be conducted. Identify which employees have access to sensitive information should be prioritized and secured appropriately.
Eventually we will all be back working in the office but COVID-19 has exposed the need to increase security and to learn more about how your employees are utilizing company owned devices.
To Learn More About Trade Secret Theft Check out our blog below
Where do you stand? Stay sheltered in place or open up? We all have felt the pain of this pandemic. Is it time to open up are restaurants? Enigma Forensics wants to know your thoughts.
Is fear holding us back from moving forward?
Where do you stand? Shelter in place or open up! Is fear holding you back? If you don’t know what’s going on in the world today apparently you have been living under a rock. It seems so long ago when Enigma Forensics Lee Neubecker and Geary Sikich, President of Logistics Management Systems warned of what was to come and further outlined what would be the global impact. Enigma Forensics started posting our first post about COVID-19, Coronavirus: The Global Impact was on March 6.
Mayor Lightfoot announced today that Chicago will not be able to open restaurants for outdoor seating on May 29. It’s different than what the state has outlined. As stated by the City of Chicago, we will be following “Protecting Chicago” framework. The City will be using this guide to govern Chicago’s reopening process amid COVID-19. The framework – organized into five phases in alignment with the State of Illinois’ “Restore Illinois” plan – will advise Chicagoans on how to safely exit from shelter-in-place while continuing to prioritize the health of our most vulnerable residents.
Did we anticipated COVID-19 spread to the U.S. to wreak havoc like it has? Absolutely not. Even though this is a play book that has never been written before, Lee Neubecker drew upon his cyber forensic skills and made it the company’s focus to track information on the rise of positive cases and deaths. Our intention was to save lives!
Illinois is now ranking third for COVID-19 cases behind New Jersey (#2) and New York (#1). According to the Illinois Department of Health, as of 5/21 Illinois has (102,687) Positive Cases and (4,607) Deaths and (672,723 ) Tests performed. Over all, according to the Center of Disease Control reports, the US has (1,581,903) Positive Cases, (93,806) Deaths, and (301,341) Recovered Cases.
Education trumps fear. Wear a mask and wash your hands. Based on these numbers, where do you stand? Stay in shelter in place or open up?
It started when…CDC: Center for Disease Control announced first COVID-19 case in the United States. Jan. 21.
The chart below shows new COVID-19 confirmed positive cases in Illinois. This data has been filtered to include only Zip Codes that report 100 or more positive cases and is reversed sorted by the 2 day trailing growth rate, highest to lowest.
Notable top communities outside Chicago include Des Plaines, and new to the top 10 list:
In early April, Latino communities in Chicago experienced a fast growing number of COVIS-10 Cases.
As of 4/14/20, the Top Fastest growing Illinois Zip Codes reporting new COVID-19 cases shifted disproportionately to Latino populations based on the ethnic racial makeup of those Zip Codes. The CDC needs to immediately begin releasing detailed data on actual confirmed Coronavirus positive cases and deaths by Zip Code to help effectively target emerging hot pockets. There remains no available data reporting death’s by zip code impacting the Latino community.
Of the 710,648 people that live in the top 10 Zip Codes (2014 Census estimates from https://zipdatamaps.com/), the racial break down of these combined communities is as follows:
This new data suggests that Mayor Lightfoot’s campaign targeting African American and other communities has been highly effective at slowing growth rates in many majority African American and other neighborhoods where English is broadly spoken. The growth rates in majority Latino neighborhoods suggests similar outreach efforts and analysis is needed targeting Latino neighborhoods where the virus is growing at the highest rates across Illinois.
Yesterday, a coalition of Latino leaders issued a press release calling on such a well needed outreach campaign to address the unique cultural and language needs of the Latino communities.
Other observed trends from yesterday’s data is the emergence of University Village into the top position for fastest growing Zip Code statewide at an alarming rate of 27% daily growth over the most recent 2 day period. We speculate that this may be a result of UIC and possibly the increase in availability of rapid testing in that zip code.
Our analysis of the top fastest growth Zip Codes that all have experienced an average growth rate at or in excess of 10% led us to cross reference the population. Of those fastest growing 19 Zip Codes from 4/10 to 4/12, the combined population is majority Hispanic. This finding doesn’t negate that the black community is being devastated by this pandemic in greater numbers at present in Chicago, but does suggest transmission rates may be greater within the Hispanic community. This information means that communities with rapidly growing Coronavirus cases need to take immediate steps to ensure essential workers are being provided appropriate training, protective equipment and rapid testing. Many businesses in economically struggling communities are failing to protect their workers and customers and this needs to change promptly. Resources need to be prioritized to brown and black communities being disproportionately impacted by this outbreak.
Population Totals for the 19 Fastest Growing Coronavirus Confirmed Positive Zip Codes in Illinois
Yesterday I spent time driving into some of the Zip Codes that were experiencing the greatest growth rates that reported 100 or more Coronavirus confirmed positive tests. I observed a lack of social distancing with many young African American men not practicing social distancing or wearing protective masks or gloves congregating outside various essential businesses like retail stores and liquor stores. I observed an instance amongst young male Latinos as well. I observed problems at shopping centers with essential staff not having protective clothing or enforcing social distancing at the entrances or inside their stores. Customers entering stores generally are not wearing protective wraps around their faces.
It appears that these locations are economically disadvantaged largely. The residents of these zip codes need help in being educated on prevention measures to curtail the expanding growth rates of the Coronavirus. Businesses operating may need government inspectors to enforce social distancing recommendations through outreach. Ticketing of individuals willfully disregarding social distancing measures in larger groups may be necessary. The State of Illinois should prioritize deployment of the new Rapid 5 minute test equipment to suspected Coronavirus patients in these zip codes to more effectively curtail the growth of the virus to the general surrounding population. Essential service workers need to be wearing protective covering of some sort to help minimize and slow the virus transmission. A ban on shopping to customers not wearing protective coverings may need to be considered in the highest growth areas to protect those residents.
Six out of the top ten zip codes in Illinois with the highest total confirmed Coronavirus confirmed positive cases are majority black / African American population centers. Income, population, density and race appear to be factors in test positive rates. Incarceration rates by zip code we plan to look into as well to see if there appears to be a correlation. African Americans make up a disproportionate part of the prison population. This seems to be impacting them at a much higher rate.
Chicago’s Enigma Forensics Data Analytic and Cyber Security Expert Lee Neubecker has identified top counties in the country that should consider going on lock down because of the alarming climbing numbers. Some of these counties may not know they are approaching a dangerous risky situation. Lee has been taking a deeper dive on the most recent Coronavirus stats identifying the most at risk counties. Lee was way ahead of CNBC’s report that President Trump has called for classifying Coronavirus risk county by county!
Check out this video to see if your County is on his list!
Estimated Confirmed Positive Cases One Week Out = 3/27 Confirmed Cases * (1 + Average Daily Growth Rate)* (1 + Average Daily Growth Rate)* (1 + Average Daily Growth Rate)* (1 + Average Daily Growth Rate)* (1 + Average Daily Growth Rate)* (1 + Average Daily Growth Rate)* (1 + Average Daily Growth Rate)
Note: The average daily growth rate will slow before exceeding the max population. E.G. IN-Marion will not continue at the experienced average 245% daily growth rate.
The Transcript of the Video Follows:
Kitty Kurth (KK): Good morning! Today we’re here with Lee Neubecker from Enigma Forensics. A renowned data analyst, computer forensics expert, and inquisitive mind. Lee’s been thinking about the corona virus and looking into data. The data that’s out there in the world and taking it in, and looking at how we can analyze this data and what we can learn from it. Lee, tell us about what you’ve been doing.
Lee Neubecker (LN): Yes well, like everyone else I’ve been holed up at home in my basement and I’ve been wanting to think about, what can I do to help impact positive change, and what can my team do. And we decided we wanted to use our time to help minimize the spread of the virus and to help minimize death, so that’s my new mission that gives me something to wake up for and do, because certainly in the short term most client work is on hold because the courts are closed.
KK: So what, yesterday you released some data, can you tell us about where you got the data, what it was, and what it means. What you did with it, what it means.
LN: Yes, well like everyone else, I’ve been looking at the John Hopkins data map and they have a really nice visualization tool that lets you see the data as it’s updated. And I was examining their site and I discovered they had a GitHub repository where they’re uploading every day around 7pm central time. And as I looked at the data, I thought, you know there’s some interesting things that probably could be done that aren’t happening yet, such as looking at the penetration rate. If the county data just became available of the reporting, I looked out at the census and found some data from the census that included the population by county. So I started mapping out the population by county so that I could come up with something that I’m calling penetration rate. Which is essentially, what percent of the population has tested positive for the virus. And that information’s useful because it can give us some idea of, you know, how saturated will things be. Unfortunately though, the testing kits aren’t widely available so, it’s difficult to know for certain what’s happening as it relates to testing. More telling though is the data relating to deaths of corona virus, and that’s something that I was looking at this morning. And it has some, you know, really interesting things to talk about.
KK: What did you find when you were looking at that data? And the data you released yesterday, didn’t it show that there are 10 counties that are particularly in dire straits, or will be in dire straits, where the county officials should telling everybody to stay home.
LN: Yeah here’s my data model, are you able to see that? On screen, great. So, what I did is I thought, let’s look at locations that have 10 or more positive tests, and have, what are top 10 locations with 10 or more positive tests, that have the greatest rate of daily growth. And those are areas that no one’s talking about right now but I thought it was important to talk about that because they may think they’re safe. They may not know that someone’s begun passing the virus in the community. And so, you know, I identified places like Jackson, Michigan, which isn’t too far from where my family members are. They may not know there that they have a problem. They may not have public health professionals like Cook County has, dedicated to looking at the data. So, I thought it was important that we get the word out to some of these communities, that they’re emerging very fast with their growth of corona positive tests.
KK: There were some new data that you looked at last night, and some new things that you found, what did you find today?
LN: I wanted to look at where are people actually having deaths reported. So I looked at, where are there three or more deaths in the US. And because the tests are less reliable, you know, the confirmed test because there aren’t enough tests out there. But the places where people are actually starting to die, those are the places that are going to need a lot of medical supplies and help. And so today I published a new list of 29 locations. Let me resort this here by death rate. And death rate is a calculation, you know, how many deaths relative to the population. So for instance, in Dougherty, Georgia. They have the highest death rate, which may mean they’re in dire need of medical supplies. But they’re a very low population area.
KK: Georgia is one of the places that nobody’s been talking about at all. LN: Yeah and you can see there that, their population’s 87,000 roughly. They’ve had six deaths, but in terms of death rate, they’re at the top of it. So, you know, the public needs to look at what’s going on there. Are they keeping their kids at home? Are schools still open? Now those are important questions. Are people cavalier about it? You know, what’s the characteristic of the people who passed away? Are they all in a nursing home? There’s a lot of other things that can be looked into here. KK: Is there a cluster, are they all in one place? Or are they people that are out circulating in the community?
KK: Is one of them the letter carrier? And then Louisiana has a high death rate and we heard about the fact that there are numerous cases there. Washington State it looks like is also high. New York, New Jersey. Connecticut is really growing it looks like. But then Colorado, no one has talked about that this one county in Colorado, El Paso County seems to have a really high rate. And Milwaukee, Wisconsin. People aren’t really talking about that either.
LN: If you look at Cook County, Illinois. What this is showing in my opinion is that despite the fact that we have a lot of cases, our health care system is keeping up, and keeping people from dying. So, you know, looking at how LA’s performing, what’s LA getting in terms of resources, and what’s the quality of their health care versus Dougherty, Georgia, or King, Washington, or some of these other places. You know, it’s very disheartening for instance to see Dougherty, Georgia, they’re at a 71% increase in testing over just a few days. That’s a average daily increase. They’ve actually, you know, more than almost tripled in just a few days.
KK: And again, that’s something that at least in the national media, no one is addressing Georgia. So, you know, we don’t know. I hope Georgia realizes they have a problem but no one else has talked about the fact that Georgia has a problem.
LN: The White House did say yesterday, that they wanted to try to address the counties where the hotspots are. So these are the hotspots. Some would say we should be doing this at the state level, and not focusing just on the county. But these counties definitely need attention.
KK: These counties need attention but what I heard the White House also say was, “we’re going to let counties be free if they’re not affected, then they can open up for business again.” And I don’t know about other states but here in Illinois, people go across the Cook County, Lake County, Cook County, DuPage County, Cook County, Will County borders pretty frequently. And sometimes several times in a day. So I don’t see how a plan to let places quote open up for business on a county by county basis could be helpful.
LN: Yeah but, you know, one of the things that I’ll be looking at as I update data. We’ll be looking at what’s going on in these counties. Are they sending alert out to people? If people aren’t aware that they’re having a daily increase of 128%, like Marion, Indiana. Their increase rate is alarming, 128%.
KK: And I don’t know about today, but historically Marion has been a place with a lot of manufacturing, and if people are working side by side in factories, that could be a huge problem. Thank you very much, and we’ll put up another post tomorrow and the next day as more data becomes available. Thank you Lee Neubecker and Enigma Forensics.
These US Counties are experiencing fast growth and have surpassed 10 reported cases. They are ranked by daily growth rate and are growing at an alarming rate.
Enigma Forensics is a Chicago based Computer Forensics, eDiscovery and Cyber Security firm that specializes in performing complex data analytics. In an effort to help inform the public, we have developed a data model to perform more meaningful comparisons of the latest data released and compiled by John Hopkins University to their GitHub Repository. Beginning on March 23rd, 2020, more robust reporting by U.S. County became available. We have matched this data up to population estimates by County obtained from the U.S. Census estimated as of July 1, 2019.
Disclaimer: There remain issues with matching up some of the Counties that use a different naming convention in reporting compared to the naming convention used by the U.S. Census. As such, some Counties reflecting no population will be updated as this data is refined. The latest compilation of data shows the average daily rate of increase in Coronavirus confirmed tests. The top ranked Counties should immediately take action to curtail further rampant growth of the virus.
These U.S. Counties Need to take Prompt Action to Curtail the Spread of Coronavirus COVID-19
Updated 3/26/20 8:41PM to include new data for these 10 Counties released 3/26/20 GMT. See below:
Enigma Forensics President Lee Neubecker wonders why politicians are not following the same CDC directives that we have to. Lee interviews Geary Sikich, President of Logical Management Systems. What are your thoughts? Check out this video interview.
The Transcript of the Video Follows.
Lee Neubecker (LN): This is going to be a short segment about why Congress, Senate, the President, why they’re not practicing, even the governor, why they’re not practicing the recommendations to keep separation and they’re doing these press conferences full of people putting everyone at risk when they can use tools like Zoom and still have the communication but not have the personal interaction. I mean, the Senate’s likely going to all have this thing soon and because they have to vote in person, that’s going to be a real problem if they can’t get something passed and they’re all sick.
Geary Sikich (GS): Yeah, you know, they broached that yesterday during one of their news conferences and Trump was saying that he would like to see them be able to operate remotely but he was saying that it might be a constitutional issue where that may preclude them. They may actually have to show up.
LN: But maybe they could debate everything on a tool like-
LN: Zoom or WebEx and then come in to cast their vote one at a time in isolation so that they’re not around each other.
GS: Yeah, I think that’s … They should be investigating a lot of different options, but they’re not
LN: Why is the president standing next to his advisors, you know, within a foot of them. You have the vice president, the president. They’re all standing next to each other. They should be … The need to have everyone crammed into the White House briefing room, they could be using technology and spacing out so that people aren’t on top of one another.
GS: Yeah, I mean, even if you noticed the media on TV, when you’re watching the news and whatnot, like-
LN: So they have one blank seat. But that’s not six feet away.
GS: No, but I’m saying the media on TV has got separation, like this morning I’m watching NBC on morning news, and they’ve got them sitting. You know, it’s just a wider angle for the camera, and it wouldn’t be that difficult because I’ve noticed the same thing in every press briefing I see, whether it’s the president or the governors, or any of them. There is a kind of a cluster of people around them, which is typical of the way it used to be and it’s not advisable now.
LN: Yeah, but it’s certainly something that should be looked at. I think it’s important that we do everything we can to keep the infection rate from spiking quickly. We know in Italy, when it spiked the way it was, the death rate goes up to 10%.
GS: Yeah, Italy is, it’s scary because everything they have done, they, unfortunately, got … got into it a bit late because they kept their borders open way too long and they allowed things to kind of transpire that now puts them into, you know, the situation being number two as far as fatalities and as far as case rate. Once they started, and they’ve shut down the entire country, now they’re actually shutting down the transportation systems within the country to try to contain this.
LN: It’s something else. And then with spring break, all the students coming back from Florida, California. They’re all at the beaches. This is going to transfer, and they’re going to be bringing their family members a special gift home.
GS: Yeah, it scares me about the fact that we allowed the spring break festivities to go on the way they did, that the governors weren’t a little bit more proactive in that regard, and that the people themselves… Granted, you’re young, you feel like you’re invincible. But the reality is, you’re not. And the once-in-a-lifetime spring break is not all that great as it is. Having not gone to any spring breaks when I was in school, other than the trip out West and whatnot, but … the value of it is far offset by the jeopardy you put yourself in from a health standpoint.
LN: Yeah, absolutely. Well, thanks for coming on the show again to talk about this.
GS: Great, enjoyed it. Well, I’m sure we’ll see each other again virtually.
President and CEO of Enigma Forensics, Lee Neubecker remotely converses with Geary Sikich, President of Logical Management Systems, to discuss the current state of impacts the Coronavirus has brought to citizens taking shelter at home. Data experts Lee and Geary explain statistics state by state and expose interesting facts for those states that have implemented shelter at home policies.
The Transcript of the Video Follows.
Lee Neubecker: I am here today, again with Geary Sikich, reporting from my basement. Geary is the principal of logical management systems. I am the president of Enigma Forensics. We’ve been talking on our show previously about the Coronavirus and the impact. And today we’re going to be talking a little bit about the current data trends and what’s happening. Geary thanks for being on the show remotely.
Geary Sikich: Thanks Lee it’s kind of an interesting way to work.
LN: It’s the new reality probably for a while, huh?
GS: I think for, yes, a little bit more than two weeks that’s for sure.
LN: Yeah, so I want to pull up some of the data that we were talking about earlier. A spreadsheet that we had here. Is that up on the screen for ya?
LN: Okay, great. So it’s showing that, this is data that was obtained from the John Hopkins website. They’ve got a place where you can download the historical data. Which I showed you a little earlier. Let me just pull that up. So what you see here, you can go on the map tool. You can actually scroll by clicking on the tab. Internet’s running a little slow. We discussed that previously.
GS: Welcome to the world of not enough pipe.
LN: Yeah so you might not have noticed it but there’s a little section that says admin one. If you hit the right arrows you can scroll through and cycle through and see the data reported differently. First it’s by country, and we’re now at 41,708 in the US. When you click, you can see the total. It’s running very slow today.
GS: Yeah John Hopkins, I know that one of the issues with their website is so many people are using it. That it, by this time of day it starts to slow down a bit. So it’s kind of a challenge to get in there and see the data as it stands. But I just noticed on the statistics for today, that the US stats at noon, when I checked I was doing a webinar today on hospital pandemic planning and drills. And US infection rate has jumped up pretty substantially.
LN: Yeah I want to show you some specifics of concerns as we drill down. I pulled the top 10 states And you can click here, you can see by states and regions. You can see New York is getting devastated right now. Then Washington, and then Cook County Illinois here is running right up next in line. But what I found interesting is as you pull the historical data out, but you can get off, we can see, here is New York. That’s a pretty scary curve, and it’s a trajectory that doesn’t suggest it’s going to get any better any time soon. And then you have Illinois, New Jersey, and what not. But what was real interesting is we had a cross. Illinois is this line right here on the screen there. Illinois is, where is Illinois here. We got, actually what I did is I pulled out New York so I could get more zoned. So excluding New York, you can now see what’s going on. And Michigan, that didn’t have a band until they just announced today that they’re instituting a lockdown. But Illinois, more dense, more likely to get a contagious outbreak than Michigan in my opinion. Because they quarantined early enough, you start to see that at least so far Illinois holding out. Now I think that number’s going to jump up. I think that the number, they haven’t fully reported the count for today yet. But it was interesting to see both Louisiana and Michigan and Florida jump up and surpass. And right now, Florida doesn’t have a ban in place. Georgia doesn’t have a ban in place. What do you think’s going to happen with Georgia?
GS: Well I think what your statistics are showing, and it’s interesting is that the early adopters of shelter in place and working remotely, etcetera, cut the bands, if you will. The early adopters of that are finding that social distancing is actually working. The late adopters who have yet to come to the point of doing shelter in place and what not are finding much like the parallel with Philadelphia and Denver during the Spanish Influenza, Denver closed the city very quickly, very little in terms of issues that they had. Philadelphia on the other hand kept everything open and actually did a parade to try to raise money for bombs for World War One. And as a result they had a significantly higher infection rate. And so I think you’re seeing a parallel in terms of history and what’s happening today. So I would say that those states that are late adopters are probably going to see a higher rate of infection. The other thing it would be, is if we can, you’d have to do some manipulation on data with this but is to look at those states which have large cities. Chicago, New York City, Los Angeles. Some of the bigger cities are going to have a significantly bigger concentration of casualties, if you will. That is going to result, it results from the fact that people are living in close proximity in those cities. The other aspect is that, if you think about it, a lot of downtown populations don’t have the, how do I put it, the infrastructure to do a lot of at home cooking. So it’s either they don’t have the storage facilities for food or they just don’t cook because restaurants are so plentiful. And suddenly we’re finding that with restaurants closed and other things being shut down, as far as businesses and what not, that there’s a greater dependence for people to be a little bit more self-sufficient, if you will.
LN: Yep, it’s certainly going to get interesting here. Well, thanks for coming on the show again and talking about this. I’m sure we’ll have some more things to talk about again soon.
Cyber technology and preparedness experts Lee Neubecker and Geary Sikich talked about a business continuity plan way ahead of the COVID-19 virus hitting the US! What does the next couple of weeks look like? Tune in to find out.
Business continuity! It’s official, COVID-19 is upon us and the country is basically on lock down. Government restrictions are everywhere. Just about 15 days ago, Lee Neubecker and Logical Management Systems, President, Geary Sikich talked about what was going to happen when COVID-19 landed on our shores. It’s like they wrote the sequence of events!
Lee and Geary are trained experts in the field of cyber technology and preparedness. They foretold businesses will have employees work from home if they have a job that allows them to telecommute. They discussed different unique challenges businesses will experience when executives and employees take work computers home and remote in. Check out this video interview to learn a few interesting tips on business continuity.
Part 2 of the Coronavirus or COVID-19 & Business Continuity
Lee Neubecker (LN): Hi it’s Lee Neubecker, President of Enigma Forensics, and I’m back on the show here with Geary Sikich, President of Logical Management Systems. We’re continuing our discussion on business continuity planning as it relates to the Coronavirus, thanks again for coming back Geary.
Geary Sikich (GS): Thanks Lee for having me.
LN: So, can you tell everyone what other businesses are actually experiencing that are now at the stage where they’re dealing with government restrictions, either in China, or even in Seattle Washington, and what the reality of the challenges faced by businesses in communities where the corona outbreak is magnifying and spreading.
GS: Sure, the big one everybody is surely aware of was China and some of the things they did, in what people were calling “draconian measures”, which is essentially the quarantine that they set up. They literally lock down roughly about 56 million people and it got to the point where it was from the household where you were staying. They would allow one person to go out and buy whatever food you needed for the day. If that person didn’t have a mask on they were sent back, so no food, so that’d be a big impact. The employers for those employees who are now locked in on a quarantine basis set with empty factories and at about two weeks into that a lot of these employers were saying, “I can’t pay my people because my factory is not operating and I’m about to go out of business”. So, the impact is big in that regard. Just recently in France, the Louvre closed, and it’s closed now indefinitely as of this morning in response to a protect the potential of coronavirus expanding. Italy, there’s closing schools in Italy, they closed schools in China, also in South Korea. They’re doing similar things what we’re faced with here in the States is a very similar situation that is yet to unfold in its dramatic effect. But if we start to see the Coronavirus expand in the States, plan on seeing things like school closures plan on seeing things that are not going to be available on the shelf because the grocery stores are going to be emptied.
LN: That introduces a whole other element of risk, because for those parents of kids that have to be home many of those parents are only going to be able to work from home if they have a job that allows them to telecommute, and there’s, you were talking to me earlier about some of the unique challenges that have happened when executives take work computers home and they’re remoting in, and the one example I remember you saying was that with kids home alone and they have time on their hands, they’ve sometimes gotten into their parents’ computers and if those computers aren’t secure and they go to a game site, and they get hit by malware, the corporate network could be taken out.
GS: Yeah and it’s happened we’ve had it with the clients in different parts of the world where the company organization said it’s a great idea. We’ll set up a mini situation where you can work independently from home here’s a secure computer and over a course of time not much is happening and so, the secure computer becomes something of well we don’t let the kids play games on it and nothing’s going on so I’m not too worried, not realizing the potential exposure that they’ve put themselves in from a vulnerability standpoint. One of the key things, and I think this is a point that we need to emphasize, is that the criminal element people who want to do bad things has really taken advantage of the Coronavirus situation in a lot of different ways. By actually being able to interject malware in posing as a legitimate information site so here you want information on the Coronavirus, I’m here, and the next thing you know you’ve got malware downloaded into your system. So huge impact areas and in that regard.
LN: Yeah, I think that the whole notion of planning and thinking through how your business would respond if your employees weren’t able to come to the office is something that every organization should be doing now because it certainly is it’s not a question of if the virus will spread, it’s a question of you know how quickly and how large of an impact. We don’t fully know what is going to happen in every community with the weather, whether there will be better treatments available or not but we do know that it’s a risk and it makes sense to prepare for not having to have your workers come into your office, and how would you respond to that?
GS: If you think about it in this context to leader there’s some real issues that you need to really begin to assess it all in a lot of detail. So, from a risk assessment standpoint, one obviously you want to look at how do I build contingency plans for us to work remotely whether it’s you working at your home or at a remote location that the company hires to have you know staffed. That’s great if you’re in the Information and Technology business or you’re in the financial sector you’re in a nonindustrial sector, how do you close down a steel mill and tell your employees we’ll go to this other place and work because there’s not the same facility. Here’s the real interesting thing that it but I think it’s a critical point and this is where we begin to start to realize risk management needs to begin to look at some things differently. One, you’ve got a facility it goes into lock down because of quarantine, no employees there. What’s your vulnerability for that facilities now sitting vacant. You have people maybe who want to break in? You still got your computers and other systems there that I would assume can still be hacked into in some way shape or form and you’ve got a lot of potential sensitive information.
LN: And physical security becomes important in that case definitely.
GS: But how you do that if you’re under quarantine and you can’t bring in physical security per se.
LN: There’s a whole issue if you have in our next segment, we’ll talk a little bit more about what businesses should be doing now to be cyber ready for having employees where they can work remotely. We’ll talk about some of the strategies that you can take now to help maximize your readiness for such a circumstance where you have to either reduce your workforce and create space, or have people work completely remote. So, thanks for being back on the show.
GS: Thank you Lee, I enjoyed it.
To View Part 1 of the Coronavirus
Other Related Articles
Official Website of Homeland Security and their Business Continuity Plan
Keeping yourself safe in these trying times is a tall order. Clerk Karen Yarbrough says to use your common sense and practice social distancing, wash your hands and don’t touch your face.
The Corona Virus COVID-19 is upon us! We knew it was coming and Cook County Clerk Karen Yarbrough says let’s practice common sense. The health and well-being is the utmost importance for Clerk Yarbrough. She recalls lessons from her mother, wash your hands, don’t shake hands instead fist or elbow bump, sneeze into your elbow and don’t touch your face. Clerk Yarbrough sits down with Enigma Forensics CEO & President Lee Neubecker to discuss the safety measures the County has installed to keep the polling places safe. Check out this video blog with transcripts.
Cook County Clerk Karen Yarbrough says the 2020 Election will be safe!
The Video Transcript Follows
Lee Neubecker: Hi. It’s Lee Neubecker. President of Enigma Forensics. We’re a Chicago-based computer forensics and cybersecurity consulting firm. And I have the pleasure, again, of having the Cook County Clerk Karen Yarbrough on our show, to provide some common sense advice on what you should do at home and in the workplace to keep yourself safe from this Corona Virus outbreak concern.
Clerk Karen Yarbrough: Thank you, Lee, for opportunity to be here. I think we need to get across to people if they use their basic common sense and remember what mom used to say, they would probably be just fine. Now, 80% of the people who would even contract this, they’re going to be fine. It’s the folks whose systems are compromised, are the ones that probably are going to have some trouble. But, listen. When you sneeze, don’t sneeze out like that. Do it in your arm. Do it in your arm. Okay? Don’t touch your face. Don’t touch your face. I do it all the time. But, don’t touch your face. Don’t shake hands. We’re doing the bump these days. And the hand-bump. Yeah, we’re doing all of that. You know, some of this is basic. Okay?
LN: It’s space.
LN: Normally, you give me a big hug when I come in.
CY: No hugs.
LN: We did the elbow bump.
CY: Yes, that’s right. No hugs right through here, okay? Sorry, I’m a hugger, but I’ve just kind of pushed away. And the other we thing we just implemented today in our office, we usually have our meetings and everybody comes to the meeting, and everybody’s in the room. Everything’s closed up. So today we decided that we weren’t going to do it that way. We’re going to do it remotely. So, wherever you are, you tune into the meeting, and we’re going to have the meeting. So they have a name for that. It’s called social something…
LN: Social distancing.
CY: Distancing! That’s it, That’s it! So, that’s what we’re doing. And, little by little, as people get used to things, we’ll be fine.
LN: I think it makes sense to try to do this stuff before you have no choice.
LN: You can work out the kinks.
CY: Yeah, yeah. So far, so good. In our office we’ve had our challenges with some folks who have called off, said they’re not going to vote. I mean, they’re not going to… They can’t participate, they won’t be judges and that kind of thing. But we’ve been able to backfield them in. So I feel real good about March 17th. I think too, everyone should prepare for the likely event that as this thing continues that schools could be closed. That hasn’t happened yet, and it’s been evaluated on a case-by-case basis, but that’s a logical decision but that’s a logical decision that might be necessary in the future. And, so thinking about that now and thinking about if that happens, can I still answer my call at work maybe on my smartphone?
LN: Yeah. I think we’re going to adapt. I think we’re going to adapt to using smartphones
CY: Thank you Lee!
Other related videos in Cook County Clerk Karen Yarbrough Series
Clerk Yarbrough sits down with Lee Neubecker, President & CEO of Enigma Forensics to discuss the current state of affairs. Clerk Yarbrough assures everyone voting on Tuesday, March 17 voters will be met with a clean and safe environment. Come and Vote and March 17!
Cook County Clerk Karen Yarbrough Gives Safe Voting Practices
Cook County Clerk Karen Yarbrough would like voters to know her staff is taking every precaution to make all voting stations a safe and clean environment. On top of her list, everyone should wash your hands! She says all voting staff will continuously wipe down all surfaces and are trained to keep the stations clean. Clerk Yarbrough urges everyone to remember the rules your mother gave you!…Wash your hands, sneeze into your sleeve and if you have a fever stay home from work, don’t go out and stay in and take care of yourself. Clerk Yarbrough sits down with Lee Neubecker, President & CEO of Enigma Forensics to discuss the current state of affairs.
Check out this video interview to find out what precautionary steps the Clerk’s department has taken to make sure each voting office stays safe.
Election Day is on Tuesday, March 17
Lee Neubecker: Hi, this is Lee Neubecker, president of Enigma Forensics, computer forensics firm based here in Cook County in Chicago. And I had the pleasure of having our very own Cook County Clerk, Karen Yarbrough, here on the show to talk a little bit about what her office is doing to help keep people safe, in light of the recent corona outbreak. Karen, thanks for being on the show.
Clerk Karen Yarbrough: Thank you, Lee. Well, you know, this is a really busy time for us and we have a number of, we have our regular employees and then we have a lot of people, almost 8,000 people, who will be involved in the election on the 17th. So we want everyone to be safe. So in the office, what we’re doing is, first of all, we’re educating people. Now, some of this stuff is just common sense. I mean, people should know to wash their hands. They absolutely should know that. They also should know that if you have to sneeze, you don’t sneeze out like that, you go like this, okay? I mean, didn’t your mom teach you that? I mean, mine did, so. So the education or bringing it back to people on how we can keep safe. So our people have, they have obviously Purell. They have the gloves if they want to wear them. They also have, they clean their work stations. So we have everything that they need and we have a big influx of people for several reasons and especially in vitals and in elections and so we want everyone to be safe.
LN: So with the election fast approaching, I know that previously you were on the show to talk about early voting, in trying to get people to pull a ballot so that they could vote from home. It’s too late for that now, but what would you advise that people should do as they’re heading to the polls?
CY: Well, hopefully they’ll have a card or some information on who they want to vote for. They’re going to find our brand new voting machines there and it’ll probably take them all of two or three minutes to vote this time. So the ease of voting, they’re going to find friendly faces there and people who are willing to help them. We have the touchscreens and we also have paper ballots if people want to use ’em. But we’re encouraging people to use the touchscreen. If you want to use your finger, then you can wipe your finger off with, and we have everything there. I mean, absolutely.
LN: Like Purell?
CY: Absolutely, we have everything there. They could use a pen to do this, you know. They could use their, bring their own pen if they want to fill out a paper ballot. So, you know, again we’re telling people use some common sense here as it relates to, you know, today and all through the last few days, what I’ve been doing is going to the early voting polling places and so I’ve met all of the judges and I see the way that they’re greeting people. They’re not shaking hands, they’re doing fist bumps or arm bumps. Yeah, like that or whatever, but they are not shaking hands. So, you know, as I’ve looked, and we’ve been looking at, watching what’s coming out of Washington, what’s coming out–
LN: Even here in Chicago
LN: Yesterday we had the Prudential building had their first case.
CY: Yeah, how about that? How about that? But you know what? For the most part, 80% of the people who contract it in the first place, they’re going to be fine. Children are going to be fine. It’s people who have compromised systems that have the problems. And older people. I get all of that, but people can be safe and they can be competent, use common sense and be safe.
LN: Yeah, like not jumping on an airline when you know you’ve tested positive. I don’t think you should do that if you have Corona Virus.
CY: Don’t come to work sick. We’re sending people home. Anybody’s around there sniffling or what have you or they don’t feel well, if they have a fever. If you got a fever, you ought to be at home. You shouldn’t be with us.
LN: And just because you have a fever, you shouldn’t be flipping out thinking you have Corona Virus.
CY: Not at all, not at all.
LN: They say that you need to have three specific symptoms combined to worry about it. You need body aches, fever, plus respiratory problems. So if you don’t have all of three of those, don’t bug your doctor. The doctors are under control.
CY: Don’t panic.
LN: Unless you, if you have a fever that runs awhile, call but don’t. Then you should assume that you have Corona Virus.
CY: I’m hoping that we get some better information out of Washington, though. There have been mixed messages there, so let’s hope that we can get better information out of Washington as well as what we need. I noticed that out governor was pretty frustrated about his inner workings with the federal government on what we need in Illinois. So let’s hope that they get that together.
LN: Yeah, absolutely. Well, thanks for being on the show again.
CY: Thank you.
Watch related videos to this series with Cook County Clerk Karen Yarbrough
Cook County elections are on Tuesday, March 17. Cook County Clerk Karen Yarbrough assures everyone voting will be efficient and safe Check out these voting tips!
Every Vote Counts
Cook County Clerk Karen Yarbrough says tip number one – be prepared! Tip number two-do your homework on the candidates before you come in and vote. Lastly, it’s ok to bring your notes with you. She ensures that every precaution will be taken to make sure everyone is safe!
Clerk Yarbrough is excited to report, Cook County has all new voting machines that will streamline the voting process. She adds if you would prefer to use the old paper ballot they will have those available too. In addition, the new barcode system will accurately tally and record of voters ballot, which will make counting votes extremely efficient. After the election, Clerk Yarbrough says the office will do a full audit and confirm that every vote is counted She assures everyone voting will be safe and there will be plenty of antiseptic and gloves available! Watch this video as Lee Neubecker interviews Cook County Clerk Karen Yarbrough and asks about voter tips.
Tuesday, March 17 Vote for your Candidate!
The Video Transcripts Follows
Lee Neubecker: Hi, it’s Lee Neubecker, President of Enigma Forensics. I’m a cyber-security and computer forensic expert witness, and our firm’s based here in Chicago within Cook County, Illinois. And I have the pleasure of having our very own Cook County Clerk, Karen Yarbrough, appearing on the show today to talk to all of you about what you should know, what you should do, as you head out to vote in the next few days. Karen, thanks for being on the show and thanks for sharing these tips.
Clerk Yarbrough: Well, thank you Lee. Thank you for the opportunity. We wanted to be able to tell people what they can expect when they come to vote. For people who come to vote each and every time, they usually know. They, you need to be prepared, and one way you can prepare is by having your own notes on who you want to vote for. We have brand new machines this time, and those machines, it’s going to be a whiz. Everybody has told me they love the new machines. For those who are uncomfortable with using touch screens, we’re going to have the regular paper ballots. But, if you’re prepared to vote, it should take you a few minutes to just go straight through that ballot. And, you know, usually people have problems with all of the judges, do your homework before you come in.
LN: Well, it certainly will help speed up the lines and reduce congestion.
CY: Certainly, certainly.
LN: Also wearing gloves, if you’re really concerned, there’s nothing that prevents you from wearing gloves to vote.
CY: Not at all, we’ve seen a few. You can wear glasses. We’ve seen a few people with gloves on. We’ve seen a few people having their own pens because they plan to pull a, you know they want a paper ballot. So we’re going to, you know, bring your own pen if you’d like. We’re going to, at every station, we’re going to have the bacterial .
LN: The Purell?
CY: Yes, we’re going to have that. We wipe down the stations after each.
LN: You must have got yours early.
CY: Yes we did, yes we did.
LN: You were prepared.
CY: Yes, we wanted to be prepared. We wanted to be prepared. We were hearing about what was going on, and we know that we have one day to do the election actually. We have all of these days for early voting, but we have that one day and we got to get it right.
LN: Now, I’ve heard that there were some concerns regarding the barcode on some of the ballots that gets printed that that could be.
CY: I have no concerns about that, okay. The great thing about our new equipment is while you’ll put your ballot through and the barcode is there, but we have a record of each and every one of those ballots. If we have to go back, and we do, we go back and we review to make sure things are right.
LN: So, on paper it’s doing more than just the QR code. It also has the friendly names printed out.
LN: Is that correct?
CY: Oh absolutely, yes.
LN: So the concerns that some people had were that, I think the concern was that the barcode could be different from what’s printed. But if that were the case, you’d be able to audit that after the fact.
CY: And we do a full-blown audit at the end of every election just to make sure.
LN: So someone voting, they’ll be able to actually see the print out on paper.
CY: They will be able to have that in their hands. They’ll be able to check their choices and then they will cast their own ballot, not us but them.
LN: And so it gets scanned and digitized, but then the physical ballot gets locked in the box, correct?
LN: So, there’s a dual system.
LN: I think that makes a lot of sense.
CY: It does, it does. And it gives people peace of mind. You hear all of these stories about well, my vote may not count, and this. I mean, all kinds of things. So to prevent those kinds of things, we have new equipment, and we have a new process, and I think people are going to like it.
LN: Great, well everyone get out there and vote. And, thanks Karen for all your work on this to help make sure election day goes smooth.
Jacob Meister vows to help those who don’t have access to electronic court communication to enable them to help themselves. He is running for Cook County Clerk of Circuit Court. Access to Justice is what Jacob Meiser stands for!
Election Day March 17
Cook County Clerk of Circuit Court Candidate Jacob Meister vows to bring access to justice. He’s concerned for those who aren’t represented by a lawyer in the system, who don’t have access to electronically file in the court system, who can’t afford internet access, or they simply don’t have a computer or most of all they don’t know how the electronic filing system works. These are folks without financial means and denied access to justice. Jacob Meister has a plan that will ensure everyone has access to justice.
Cook County Clerk of Circuit Court Candidate Jacob Meister, the real deal! Lee Neubecker interviews Jacob Meister to learn more about what makes him tick. Check out this video to learn more. You’ll be glad you did!
Meister says…Access to Justice to those who can’t afford it!
The video transcripts of Access to Jacob Meister follows
Lee Neubecker: Hi, I have Jacob Meister back on my show. Jacob, thanks for coming in again.
Jacob Meister: Thank you, Lee.
LN: So Jacob’s running for Cook County Clerk of the Court, which is one of the largest court systems in the U.S. One of the things that you talked about before is bringing about justice and access to resources necessary. What would you do to help those incarcerated have access to the information they need to defend themselves?
JM: Well, you know access to justice is one of the principal themes of my campaign because as Clerk of the Circuit Court, I’d be presiding over the second-largest court system in the country as Chief Operating Officer. And as we’re moving towards, for instance, electronic filing, there are efficiencies that are achieved. But at the same time, for those people who aren’t represented by a lawyer in the system, all of a sudden they find themselves where they used to be able to mail in their court filings, all of a sudden they’re required to file electronically into a system. It’s very bureaucratic and hard to use. So as a result, those individuals, maybe they don’t have internet access, they don’t have a computer, they don’t know how the electronic filing system works. They’re denied this access to justice unless they travel down to a courthouse during business hours, and stand in line for sometimes an hour or two, just to get assistance to file into the system. One of the things that I will do as a clerk is to provide computer filing kiosks in every library in Cook County, so that individuals who are faced with a lawsuit that they have to file a response, can do it on evenings and weekends, they don’t have to take time off of work. They can go down, and we’re going to be training reference librarians who understand the electronic filing system, and will be able to provide assistance, showing individuals how they can upload into the system so that people can file and access 24/7.
LN: So you’ll be partnering with other governments that are there, the City of Chicago, other municipalities, to actually train their staff, so that if someone doesn’t know, they’ll have the convenience of going to their local library, instead of having to take off work to come downtown.
JM: Correct, correct. And we’ve got hundreds of libraries in this county. And they’re all potential points of access to our justice system. And as we move to an electronic system, we can increase the number of points of access, and start allowing people in their own neighborhoods to access justice. And that’s really important.
LN: What about those incarcerated that are in the Cook County jail, and what not, is there access to resources there presently?
JM: Absolutely, well absolutely. You know, one of the big problems we have is that the Illinois Department of Corrections has around 600 prisoner appeals pending in Cook County alone, where prisoners appeal their convictions. Maybe they’re trying to overturn the conviction or change the sentence. And right now, records access is so limited that some of those prisoner’s appeals have been pending for more than a year without the clerk’s office being able to get the record to the appellate court, and the appellate court can’t do anything without a record. That is a travesty. So accessing justice is important. I want to have a robust case management system so that those records are accessible, and can be assembled, and that we’re keeping complete files electronically so that they can be transmitted up to the appellate court, and won’t be getting lost.
LN: Great. Thanks for being on the show, this is really helpful.
Cloud-based storage of an organization’s data attracts cyber hackers like bees to honey. Hackers take time to study and find flaws to breach, extract and sell personal information data. Data Experts Lee Neubecker and John Blair discuss cloud data compliance and legal regulations put in place to protect cloud-based data.
Compliance and Privacy Laws
Cloud cyber risk goes hand in hand when storing data on the Cloud. New compliance and privacy laws have been enacted to protect this cloud-based private information. The State of Illinois has passed a privacy law that specifically addresses how companies gather and store private data.
The Illinois Policy Group, an independent organization that generates public policy, explained that in 2008, Illinois enacted the BIPA, the most stringent law of any state regarding the consent, notice and disclosure procedures private entities must follow when collecting, storing or using people’s biometric information, such as fingerprints, iris scans and face prints. This law forces companies into compliance and makes them more responsible for the collection and storage of private data ultimately, decreasing exposure to cyber risk.
Data Experts Lee Neubecker and John Blair say because of BIPA companies are now more aware of how they secure and store data. They discuss other data compliance and privacy laws such as; California Consumer Privacy Act (CCPA) and Health Insurance Portability and Accountability Act (HIPAA) and how these laws help regulate the healthcare industry and other organizations when storing consumer data, and vendor data in the cloud ultimately protecting the consumer. Watch this video interview to learn more.
View Part 2 of our 3-Part Series on Cloud Data
Lee Neubecker: Hi I am back again with John Blair. We’re continuing our discussion on cloud security and helping to minimize your cyber risk of having data in the cloud. And today, we’re going to be talking more about some of the compliance and regulatory issues and legal issues that companies face that are having their data and customer data, vendor data in the cloud. So, John, can you tell me a little bit about some of the regulations that impact the healthcare sector specifically?
John Blair: Yeah, the primary one is going to be HIPAA and associated as subsequent acts like HITECH and things like that that augment HIPAA and some of them more clearly defined some of the rules and regulations, primarily Security Rule and Privacy Rule. So those are going to be the ones that primarily come into play, but there are also individual state versions of healthcare acts that you need to abide by and each state has one so you also need to abide by the state regulations as well.
LN: Interesting. So it really, if a company’s operating in multiple states, they have a lot of issues to be looking at.
JB: They have a lot of regulations to be aware of and to be compliant with, yep.
LN: So I know here in Illinois, we have the Illinois Biometric Information Protection Act, otherwise known as BIPA and that’s been creating a lot of stir with Facebook recently had a settlement.
LN: And apparently Illinois Residents that have Facebook accounts might be entitled to around $200 per person.
LN: If you are in Illinois and have Facebook, so possibly you will be notified.
JB: Yeah, Illinois is the only one.
LN: And do you think it will be through Facebook Messenger?
JB: I do not but Illinois because of that law, Illinois residents are the only ones that are getting anything out of that lawsuit because of that, specifically because of that law.
LN: Got it.
JB: So I don’t know the details of the law but on the surface, it seems to be headed the right direction.
LN: Right, essentially they took the position that your biometric information, unlike your cell phone or your social security number, you can’t change it.
LN: So if that data becomes compromised such as your facial vector map,
LN: Or your fingerprint or your DNA, that you can’t swap it, it’s part of who you are.
JB: Right and those, you know, we’re finally headed in the right direction where it’s being considered personal.
JB: So which I totally agree with.
LN: We also had just last month the California Consumer Privacy Act, known as CCPA went into effect and that’s got a huge impact on anyone who does business with California residents.
JB: Yeah, that is yet to, I think people were preparing for that prior to that but it’s going forward, I’m sure there’s going to be a lot of repercussions from that because there’s going to be obviously companies and entities that don’t prepare well for that and are going to get caught up in it because it covers, California is a huge state, a lot of people so there’s going to be some lawsuits.
LN: So it’s also been such that if you’re making medical devices for consumers and you have that information, relaying over 3G, 4G networks, we’ve got CPAP machines, pacemakers, all other types Of information. LN: All kinds of monitors
LN: And that information going to the cloud, if you’re a California resident and that information gets breached, it could be used by marketers or it could be used In other ways to target people.
JB: Yeah hospitals are going to need to really step up their game with respect to that particular regulation. Hospitals traditionally are a little bit behind technically speaking from an IT point of view, they’re very much on the bleeding edge from a medical device IT point of view but they tend to lag behind because you can’t, it’s hard to afford both
JB: But this is going to, you know, how they allow individuals or access to their networks, what they allow in and what they allow out because that’s the channel these medical devices use is going to be very, very important that they get more control over those things.
LN: So as it relates to healthcare, what are some of the concerns about when a data incident is discovered to actually turn out to be a data breach, what types of reporting and notification requirements are unique to the healthcare sector?
JB: Well, first and foremost, you need to evaluate the situation and then have in conjunction with your legal team and compliance teams, establish whether or not you do officially declare it a breach which means you need to investigate it, you need to involve any vendors that were involved with that data because it may have been the vendor that you’ve contracted with that actually had the breach of the disclosure and not you but since they’re your vendor, you’re also on the hook and that flows all the way up from business associates, which is what those two entities will be up to the covered entity who actually owns the data. So after a thorough investigation and consultation with legal and compliance, a determination needs to be made whether or not you’ve formally declared a breach. And if so, then there’s all kinds of HIPAA standards that come into play about notification to the government, notification to each individual affected by the breach, what needs to take place with respect to that notification, there’s a timeline involved that needs to be met. So there’s all declaring it a breach is a very formal and arduous task.
LN: Yeah, not a pleasant one.
LN: In our next segment on securing data in the cloud, we’re going to be talking more about when a breach is discovered, some of the issues related to reporting the breach and what that can mean to an entity, especially if it’s not handled correctly. So thanks for being on the show again.
JB: Thanks, Lee.
View Part 1 of our 3-Part series on Data Cloud Storage
Coronavirus is here and leaving death and destruction in its path. Lee Neubecker and Geary Sikich uncover the Coronavirus and its global impact on businesses worldwide and what it means for us here at home in Chicago.
Coronavirus is here and globally impacting our world. Human beings are dying and the toll keeps rising more and more each day. That is the horrible truth of disease! Besides causing human pain and suffering the Coronavirus is also causing disruption and impacting many businesses that are dependant on each other. What does the impact look like? Forensic Expert Lee Neubecker and President of Logical Management Systems Geary Sikich dissect Coronavirus and the huge global rippling impact. For example; Chicago recently canceled the Housewares Show at McCormick Place which typically draws over 60,000 attendees. Everything associated with that conference will feel a significant downturn. ie. hotels, travel, transportation, local food, and beverage. As a result of this global business disruption, there will also be an increase of vulnerability and these experts anticipate an increase in cyber activity. Watch this video interview to learn more about other global industries impacted by the Coronavirus.
Part 1 of our 2-Part Series on Coronavirus
Lee Neubecker: I’m here today with Geary Sikich. He’s the president of Logical Management Systems, a cyber and business continuity consulting expert. And I’m Lee Neubecker, the president of Enigma Forensics. We’re a computer forensics firm that provides investigative assistance with matters involving litigation or otherwise investigations. Today we’re going to be talking about the Coronavirus and the global impacts. Thanks, Geary, for being on the show. Geary Sikich: Thanks, Lee, for having me back.
LN: So, Geary, can you tell everyone what’s happening right now globally, as it relates to the business environment in impacted nations?
GS: Well, the current state of affairs is that Asia is in a situation where Coronavirus continues to kind of expand. It’s expanding at a lesser pace in China, but it’s accelerated in places like South Korea and in Japan. And we’re starting to see it, obviously, move from those Asian countries into the Middle East. Iran has a huge issue with Coronavirus. Italy has another big amount of people that are confirmed cases versus cases under observation. So there’s a significant amount of human impact there. On the business side, this has disrupted a lot of businesses in just about every way you can imagine. So, the shipping industry? Tremendous disruption there. Airline industry? Tremendous disruption there. A lot of flight cancellations and other things. We’re seeing now sporting events, conferences, conventions, all kinds of things that are essentially money-makers in the normal sense, but also dependent on a tremendous chain of support to bring off. Suddenly a conference is canceled, and now you have hotels affected, you have transportation systems affected, you have all the food services affected. This kind of rippling through a lot of areas is causing a very very big concern with, not only businesses but governments. How do you control it and what do you do in this situation?
LN: So, here in Chicago, we have the Chicago Housewares Show canceled. Recently many vendors were coming from other nations where there’s a travel ban. And that impact certainly impacts the workers that are at the hotels, The audio workers.
LN: And whatnot, their hours get cut.
GS: Yeah, the interesting part about that is that when you begin to look They had on the news the other day, They had on the news the other day, was talking about the cancellation of this convention. 60,000 people come. And obviously there’s a lot of work that’s done: Setting up booths, displays, and all the other things that go along with it. Suddenly, he’s out of work for a period of time until the next convention comes in or maybe doesn’t come in. But that ripples through to hotels, food services, restaurants, your taxi cabs, your Ubers, your Lyft, your everything associated with coming to a place for a conference or a convention. So a huge impact. But then you also have So huge impact.
LN: But then you also have and these deliveries are now delayed because of the dockworkers that load up the equipment
LN: And these deliveries are now delayed where they have restrictions in place.
GS: And an interesting sidelight to that is that you look at the shipping industry and the amount of material that’s shipped by the containers those ships carry are what they call 20,000 TEU which is a 22-foot equivalent unit. Or 20-foot equivalent unit. Anyway, it’s a size that they have. If you look at that aspect, one of the things that some companies are starting to encounter, and I think you’re going to see more and more of this, is that because of delays in shipping, suddenly the container supply is not as available because your container, Lee, that you shipped, full of your product is sitting out in the ocean waiting to dock at my port, but it can’t come in because it’s quarantined? And now that container is going to sit. But John’s company needs a container to ship his product. Can’t get it because your container’s the one he would’ve normally gotten. So huge impacts in terms of ripple effects in a lot of it. So the average time that the container holds goods, in terms of the number of days is increased markedly. And the existence of the containers largely
LN: So the average time that the container holds goods, so there’s a shortage. Right. And if you think about this in another context, the number of things in the containers, it’s not just computer chips,
GS: Right. Roughly, and I heard a figure that was kind of astounding to me, but about 80% of all the containers are full of perishable foods.
LN: Oh yeah, certainly.
GS: You’ve got your bananas, and oranges and things that we don’t necessarily get in Chicago in the wintertime ’cause we don’t grow them.
LN: Oh yeah, certainly.
GS: You’ve got your bananas because it’s no longer fresh. I’ve got to decontaminate the container. because we don’t grow them, in terms of how these all are impacted. Which gets us into looking at, from a computer security standpoint. These are tracked. Barcoding systems and whatnot. How easy is it for that to get disrupted because somebody decides it’s an opportunity to hack into a network?
LN: Certainly, when systems are constrained and overworked, it’s the likelihood of a failure or an attack compromising the system goes up. So it creates a real opportunity for a hacker to strike and have a magnified impact, So here in Chicago, we have a lot of companies that are impacted by this. We’ve got Boeing, We’ve got United Airlines. Boeing. Major facilities for companies that, while headquartered elsewhere, operate big hubs out of Chicago. Especially in the airline industry.
GS: United Airlines. still, kind of the shipping center for a lot of the country. And if you look at the Chicago area, if you will, you’ve got then industries in Northwest Indiana, you’ve got industries south of Chicago.
GS: A huge amount of rail traffic that goes through. The expressway between Indiana and Chicago, 80, 94, is one of the heaviest traveled expressways in the world. You’ve got a number of other businesses that suddenly have the exposure that they hadn’t realized. A huge amount of rail traffic that goes through. What would happen if you took the casinos in the Chicago area and closed them down for two weeks? It’s not just casino workers. It’s not just the amount of money the casino’s going to lose by not being in operation. It’s the day worker. It’s what we call the gig economy. Those people who live paycheck to paycheck that are dependent. So suddenly, they’re without. How are we going to deal with making sure that there’s a, if you will, an equilibrium or a safety net for those entities? One of the things we’re faced with, starting to see now, the City of Chicago’s just announced they’re just putting together a pandemic taskforce. They’ve had a few months watching it unfold in China. much like the rest of the United States, and, if you will, the rest of the world in some respects. Why has it taken this amount of time, and what do we need to be aware of from a private-sector standpoint as to what the public sector is going to do? So from a planning standpoint, this is critical. If you’re a business and you’re putting together a plan, and your plan suddenly conflicts with the City’s plan or the State’s plan, what happens then? How do you deal with that?
LN: Those are all great points. In our next segment, we’ll be continuing our discussion, and we’ll be talking a little bit more about what it’s been like for businesses that are going through some of these extreme measures that are being put in place to help protect and contain the virus from spreading. Thanks for being on the show.
Your email has been frozen and your company website is down. Your IT department has confirmed a data breach. What do you do next? Incident Expert Lee Neubecker and legal expert Kari Rollins offer easy instructions about your next important steps.
It’s a fact! Your IT team confirmed a Data Breach or incident has occurred. What do you do after the fact? Forensic Expert Lee Neubecker and Legal Expert Kari Rollins say don’t panic! First, convene with your incident response team, start to investigate under privilege, and contact a 3rd Party forensic expert to help preserve vital information. Watch the rest of this video for further recommendations about data breach response after the fact!
View Part 3 of our 3-Part Series on Data Breach
The Video Transcripts of Part 3 of our 3-Part Series on Data Breach follows
Lee Neubecker: Hi I’m back again with Kari Rollins, and she’s here talking with me today about data breach incident response. The Sedona Conference recommends, how an organization should respond to such incidents. And we’re talking in this third part segment about what to do after an incident has been reported. So Kari, please tell me what the initial issues are that come to mind when you get that phone call from a client that says something happened.
Kari Rollins: Sure, so usually, as we were talking about in a prior segment, you may not know whether you’ve had a breach as defined by law. You are just told by your information’s security team, or an employee or a manager that you’ve had, there’s been an attack. Or there’s been, “I can’t get access to my email,” Or, “My account’s frozen.” So you immediately start to investigate. You want your.. according to your incident response plan which we’ll hopefully have in place, you’ll convene your incident response team; you’ll start to investigate under privilege. You’ll call if you need your outside forensic investigator to help you access it. Help you access what’s happened, right? That the facts in an incident are really, really important because they drive the legal conclusions. Have you had a breach, or have you had an incident that has resulted in the acquisition with just the access to personally protected information? Or are you.. did you have an incident where maybe the systems that house the personal information were accessed, but there’s no evidence that the malware ever made it into the room where the family jewels are hidden and they were taken out. And that’s an important part of understanding whether you actually have a legal obligation to notify regulatory authorities or consumers. So the first step is always convening the team, putting it under privilege, calling your experts, and starting to investigate the important facts. Was this an outside threat, was it an insider threat? I know you’ve had experience a lot with investigating internal threats, which are on the rise these days as I would expect.
LN: And a lot of these incidents, it may be reported as a data breach, and the question is well, how did it happen? And sometimes, it’s not too uncommon that IT staff don’t receive the resources they request, and that data incidents happen as a result of being under-resourced. And in circumstances like that, there’s still a lot of pressure on the people managing IT, to not only run the organization ongoing but to deal with this whole new layer of troubles. So having that team in place beforehand where those relationships are there really helps.
LN: And the other thing too is, you know, if there is a failure internally, it’s more difficult and less likely that you’re going to get the facts quickly if you’re using the team responsible in some way for the breach to report on what happened. I always recommend that after that initial meeting that preservation of key data occurs, and is offloaded outside the organization. You know, log files, certain key computers, email systems to the extent that they were modified so that there’s the ability to do that analysis. Because when an organization has an incident, it’s quite possible that all the data disappears, and the effort to cover the tracks.
KR: Or it’s not even, it may not be as nefarious as that. It could be that the teams are working so quickly a lot of the remediation plans are to thwart the malware and to remove it. But, in a lot of instances, you need to safely remove it and keep a copy of it, because you need to reverse engineer it. And understand how it got there, understand other signatures it might have; so being thoughtful, and we talk about this being thoughtful about evidence preservation is really critical, especially if you get to the point at which you do have a breach that requires notification. And litigation regulatory inquiry ensues, you will have been expected to preserve that evidence and show the chain of custody. Otherwise, you could have allegations of spoliation leveled against your company.
LN: And I’ve seen circumstances too where a legitimate data incident happens and we’re able to get it quickly and identify the impacted individuals. And sometimes it’s just been a few people; in a circumstance like that, it’s much easier to reach out to those individuals, make things right, and resolve the issue. And be able to report to them what happened. It’s much better than having to publish on your website and report to the attorney general that you had some massive data breach. So, not all data incidences are massive data breaches.
KR: That’s true, some of ’em impact you know, one or two individuals, and you may still have an obligation to notify them under the relevant law. But they don’t have to be the big massive breaches. And again, I think the great thing about the Sedona Conference Guide is that it’s, you know, it helps companies navigate small to big breaches. You know, it’s not intended to be the ultimate authority on the law in this area, because the law is ever-changing. But what it does is it helps companies issue spot from a practical perspective so that they know what laws they need to consult, and why and what issues they need to address, like for example, notifying your insurance carrier. One of the big questions we always get is, Well, we’re the victims, here; the company X is a victim of this cyber attack. Who’s going to pay for it?
KR: And so, insurance coverage for cyber incidents has is a really hot button issue these days. And so it’s important for companies to know in advance what their policies say, what the notification requirements are. Even if they just have a sniff of an incident – maybe it’s not a breach. So that the third party and first-party costs are covered, and that you’re working with your insurance carrier, and you’re working with your insurance council to ensure that coverage. And to make sure that you’re getting the right information to your insurance carrier about your forensic teams. Are they approved? What rate are they going to be reimbursed? What type of reporting do you have to do from a cost an expense perspective to your insurance carrier? So.
LN: And, it true that if companies use their own internal IT resources to do the investigation, that the insurance carriers usually won’t pay out their own internal resources?
KR: It really depends. It depends on the policy.
KR: It really depends on the policy. There are, in some instances, some policies would cover the first party staffing costs, so for example, if you had to pay staff overtime to work 24 hours a day to try and investigate, you may be able to claim that. But it really depends on your policy. There’s certain.. there’s certainly reimbursement line items for business disruption and business interruption. Or, you know the loss of business, loss profits line items, as a result of ransomware tax. But again, knowing your policy is a critical step in preparing.
LN: Where do you see the benefits of using an outside forensic investigator as opposed to internal IT to investigate when an incident happens?
KR: You know I think it’s two-fold, one, a lot of internal IT teams are taxed as it is with their day to day obligations. And if an incident is one that is medium-high critical, you want to be able to dedicate the resources to the incident to investigate swiftly, and to ensure that there’s no delay. And so pulling in a third-party forensic expert alleviates some of that burden and stress on the IT teams. And then separately and secondly, it also creates a level of objectivity that is.. that benefits the company in the event. Or in the unfortunate event, someone in the IT group may have made a mistake that caused the vulnerability. There’s less likely that that mistake would be covered up. Or there’s going to be more candor from the third party expert, the to management team say like, “Hey, this issue should have been addressed”. And it wasn’t, and now you know what thwarts may be in the event. You have some litigation down the road and you need to defend. But so I would say really sort of time and devotion of resources where needed, and objectivity.
LN: Great, well thanks a bunch for being on this show; this was great.
KR: Absolutely, thank you.
Part 1 of our 3-Part Series on Data Breach
Part 2 0f our 3-Part Series on Data Breach
To Learn More About Sheppard Mullin / Kari Rollins
Secure Cloud Data! Large organizations buy cloud services that provide storage on servers and other devices and connect with computer networking equipment throughout the world. So, how are they securing the data? Experts Lee Neubecker and John Blair say start with knowing what data is being stored.
What steps do organizations need to take when securing data in the Cloud?
The Cloud is digital storage that is physically secured and stored on big servers owned by big companies and made accessible through the internet. These big companies are connected with other computer networking equipment throughout the world. Does this sound too big to secure? Experts say there’s no time like today to understand where your data is stored and how it’s secured.
Today on the “The Lee Show”, Forensic Expert, Lee, and his guest John Blair who is cyber governance and information technology expert, explores the complexities of cloud-based security and storage. John suggests starting with obtaining a holistic inventory of your organization’s data and most of all be aware that some employees bring their own applications and use their own personal device to store organizational data. Check out this video on securing data in the cloud to learn more about cloud storage and cyber risk.
Part 1 of our 2-Part Series on the Securing Data in the Cloud
The Video Transcripts on Securing Data in the Cloud follows
Lee Neubecker: Hi, I’m here today with John Blair. John is a cyber governance and information technology expert. He’s on the show here today with me to talk a little bit about securing your data in the cloud. Thanks for being on the show again, John.
John Blair: Hi Lee, good to be back, thank you.
LN: So we’re talking about cloud cyber risk. What do organizations need to be looking at to help secure their data in the cloud?
JB: I think first and foremost, you need to understand where is all the data and how do people get data in and out of their environment? There’s a lot of things typically called Shadow IT, where certain departments or certain users might you know, for example, start sending things to Dropbox to sync data amongst themselves to make it easier for themselves. But they might be syncing confidential information that’s not on Dropbox and the organization has no idea about it. You know, that scenario plays itself out over and over and over again, where there might be departments that actually use applications in the cloud that thus obviously, are processing data as well that the organization might not know about either. So you need to get an inventory of data. Where is it from a holistic point of view?
LN: And today you have the Bring Your Own Cloud, BYOC,
LN: Many employees are bringing various apps with them that they’re used to using from their prior employers, and they’re wanting to use these apps. Sometimes they’re putting them on their smartphones and whatnot.
JB: And that’s driving a lot of the corporate action towards that. The cloud for first and foremost is a cost-savings for the most part. But what people are not realizing is that along with those savings comes certain responsibilities. And, from a user perspective, you know, people are used to as you said, people are used to certain applications, they’re used to certain things on their phone, or on a tablet or they’re used to working in a certain way with certain applications. And then you get in a corporate environment and those applications or that way of working might not be available. And so people start voicing that, and it becomes, you know, somewhat of a problem for corporate to adapt and keep up.
LN: So organizations, especially healthcare-related organizations, as well as financial services and other organizations that depend on intellectual property have a real risk here, don’t they with people bringing apps?
JB: They have a very big risk. Both of those sectors are heavily regulated. Data needs to be very tightly controlled. Breach notifications in the event that it happens become a very big deal, very public. And if you can’t explain where the date is, and where you know, who has it, then you have a problem.
LN: So isn’t there also risk not only faster dissemination of intellectual property and trade secrets, but what if the information becomes compromised by malware or a hacker to morph the data or destroy the data?
JB: Yeah, your only recourse at that point is to have really, really good backups. Because otherwise, you have no actionable direction to take. If you don’t have a backup of that data, you know, you have no ability to recover. It still might be considered a breach, a lot of times, and certain organizations or certain regulations. So you still might have to report it, even though the data has never left your organization, the fact you’ve lost control of it might be considered a breach. So that might be something you’d have to consider with your legal teams. But it’s not, it’s still a very big deal because you no longer are able to use it.
LN: So don’t you have a risk though, that if your backup is online, that the attacker could compromise your primary source and then your backup drive attached to your server?
JB: Well, hopefully, they haven’t gotten that far. But if generally speaking, your backups are always in the separate physical location, and not necessarily on the network.
LN: So you rotate them?
JB: and they’re separate, you know, media and things like that, but yeah, if you’ve gotten to the point where they’ve corrupted your database, they’ve encrypted your database, and they’ve also encrypted or destroyed your backups, you’re, in a very bad way.
LN: So knowing that hard drives sometimes fail, if you’re using a physical hard drive to write the data to, what do you think most organizations should be doing to ensure they have a certain number of versions that they can restore to?
JB: Well, normally backup systems are version controlled and so you do backups based on frequency. You do daily, you do hourly, you do you know, on the spot, so there point in time, a lot of times where there’s a lot of people, organizations, that can afford it have failover data centers, for example, that are mimicking the primary data center. So there is no loss of processing. but that’s very, very expensive to do. But yeah, you should definitely have you know, off-site storage of data. But those are all historical, and things that are not necessarily online that you can immediately refer to those lesser compromised to your point. LN: So when you’re considering bringing in a cloud provider to your organization, is it an official, non-shadow ware operation? What are some of the questions you ask of your vendors and things that you look for to help secure, ensuring those cloud providers are secure?
JB: Right. First and foremost, do they have some sort of testations with respect to the services you’re going to use for that provider? Cloud providers have hundreds and hundreds of services, not all of them are audited by an independent auditor, not that that guarantees anything, but at least if it’s the services you’re going to use or the applications you’re going to use. or the locations you’re going to use with that cloud provider, then you have something to point to say, you know, we did our due diligence, and they have these SOC 2’s or whatever form it might take. But you have to do something on them to ensure that, because the cloud is half their responsibility and half of yours, and you have to make sure they’re doing their half.
LN: So what other things do you think that organization should look for if they’re using data in the cloud, how to maximize the security of that data?
JB: First and foremost, I think they need to within their own organization, block these drop boxes and the Google drives and all that sort of stuff like that, so that people individually can’t make you know, downloads for example, from the database and then upload it to Dropbox or Google Drive or whatever, and then go home and look at the same documents. You know, from a personal perspective, that’s very convenient, it’s very nice to have to be able to sync and you know, you can use one, one central source of the information, but from a corporate perspective, that isn’t your data. It’s a corporation’s data. And so, you know, the corporation needs to be responsible and know where that data is going, and how to prevent it ideally, from getting there. It’s very easy to drop, you know, to block Dropbox at a network level, you know, but the problem is that there are hundreds of those types of things to block. And so you know, you need to do a lot more care from a corporate perspective internally to make sure that your users aren’t putting data someplace where you lose control of it.
LN: And are there any, any other things that you’d recommend adopting if you’re going to use these cloud platforms to help ensure that hackers don’t get access to user accounts?
JB: That’s an interesting one because as yours been, you know, almost all those user accounts have been hacked at one point or another. And so the only thing protecting me at this point is a password. I think multi factors in you know, bio authentication type of actions are the only thing you can do to improve your chances of those accounts not being used by inappropriate people. Because the accounts themselves are basically public knowledge, you know. Your, you know, your username is public knowledge, the only thing protecting it is a password.
LN: And so, you know, the multi-factor authentication actually addresses and requires that you have to have three factors. Something you know, something you are, or something you have.
LN: So, for instance, many people know their password. They might have a thumbprint or they might have their cell phone.
LN: That is something that they have. So you know, having that second factor makes it less likely that someone can simply get the password and get in.
JB: Right, where they send like to your point the phone, they send a code to your phone, you enter the code into the application–
JB: And then you gain access. Until then you’re simply at the network border.
LN: So on our next video, we’re going to be talking a little bit more about, again about the cloud, cyber risk security and specifically we’ll talk about some of the legal and compliance issues that arise. Thanks for being on the show.
JB: Thanks, Lee. My pleasure.
Other related articles about securing data
National Institute of Standards and Technology on Securing Data in the Cloud
“Wipe out court debt!” says Jacob Meister, candidate for the Cook County Clerk of Circuit Court. He has a plan to ease the crushing burden of fines, fees, and forfeitures. Check out this video to learn more about his solutions.
Debt forgiveness is now one of the most popular presidential campaign promises but what does it mean on the local level. What does debt forgiveness mean for the City of Chicago taxpayers?
Enigma Forensics President & CEO Lee Neubecker interviews Jacob Meister, who is running for the office of Cook County Clerk of the Circuit Court. Lee is interested to learn more about what are Jacob’s plans regarding debt forgiveness.
Part 3 of our 4-Part Series on the Cook County Clerk of the Circuit Court, Jacob Meister
Part 3 of our 4-Part Series on Jacob Meister
Lee Neubecker: Hi, I have Jacob Meister back to my show, Jacob thanks for coming.
Jacob Meister: Well, thank you for having me Lee.
LN: Jacob’s running for Cook County Clerk of the court. And we’re going to talk today a little bit about some things that have been trending in the news related to debt forgiveness. From the federal student loan debt, there have been talks about wiping out the debt owned, lots of people are concerned over medical-related debt. But now there’s been some, some calls by one of the candidates running, requesting that we just wipe away the Quartet. And I wanted to get your feedback on what the problem is there, and what do you think the solution is?
JM: Well, for years, I have been an advocate for easing the burden with court fees that are charged to litigants, fines, and forfeitures that go through the clerk’s office. The clerk is required to collect fines, fees, and forfeitures that are implemented usually by statute, or by sometimes by the court rules themselves. But what we see is a tremendous economic cost and social injustice that’s done. So just imagine you’re a single mother who’s been evicted from your apartment or your home. And you in order, you get a summons from the sheriff saying you must appear or you’re going to get a default judgment entered against you. But first, you have to file an appearance and pay a fee. It’s going to be $250 to defend yourself. And if you don’t, you’re going to get defaulted. And this is a crushing burden, you know, single mother, and it can affect that anybody who’s battling an addiction, be it child custody, it could be dealing with a divorce, it could be dealing with any number of things. We need to stop placing a crushing burden on the users of the court systems and make up a system that’s available to everyone.
LN: But who decides what that fee is?
JM: that with that state legislator, and that’s the Supreme Court, and the county board. some of those fees go there too. We have to stop squeezing court users to pay these fees and start paying for it in other ways. But in any event, I have been a supporter of for instance, when people get fines if you have a fine, you know, you would support and post fine and some people can’t pay it and it becomes this burden and you get trapped and sometimes you get imprisoned. Because you can’t pay these fines that you’ve been ordered to by the court. One of the things that we that I worked on in Springfield and we need to expand is allowing people to get credit for community service so that they have if they can’t afford to pay the fines, they have a way that they can provide community service and reduce that fine over time. We have to come up we have to be better about how we handle these things. We know, we have to stop taking away people’s drivers licenses, because they can’t pay their fines because that puts them in a cycle of debt that they can never get out of, because all of a sudden, they can’t drive themselves to work, they lose their jobs.
LN: They can’t get a new job,
JM: they can’t get a new job. Exactly. So we need to ease the burden there. I will continue to work with the folks in Springfield, with the folks in Cook County government, and with the courts. I’ve got very good relations there, And I will work to make sure that social justice is being achieved, and that we’re not putting people in a vicious downward spiral of debt.
LN: So some of the efficiencies you talked about earlier about making the court more efficient. Some of those efficiencies might help to pay for some of this relief on some of the oppressed people that are really being trapped in a cycle.
JM: Absolutely. Absolutely. Absolutely. And that’s the goal is to make sure that our courts are accessible to everyone, that we’re doing justice, and that we’re achieving social justice. We’re not just trapping People in a court system and in burdensome debt.
Don’t fail to prepare for a data breach! Check out what experts Lee Neubecker and Kari Rollins say are the three strategies to prepare for a data breach.
In the famous words of Benjamin Franklin “By failing to prepare, you are preparing to fail.” Forensic Expert Lee Neubecker and Kari Rollins with Sheppard Mullin agree with our Founding Father and warn that a data breach is inevitable, don’t fail to be prepared!
In her practice, Kari focuses on data privacy, data security and data breach preparedness. Together, they discuss two basic strategies to help you prepare for a data breach; understanding what data you have, where that data resides. Check out our video with transcripts to learn more on how to prepare for a data breach.
Part 2 of our 3-Part Series on Data Breach
The Video Transcripts of How to Prepare for a Data Breach Follows
Lee Neubecker: Hi, I’m back on the show again with Kari Rollins. Thanks for coming back again.
Kari Rollins: Thank you.
LN: We’re continuing our discussion about the Sedona Conference Data Incident Response Guide and some of the best practices of how to prepare for the inevitable data breach and what you should be doing beforehand. So Kari, can you tell me what some of the things are that you advise your clients to do in anticipation of a potential issue?
KR: Sure, and I think planning, in our view, is just as important as the actual response itself and how you investigate. And in the Sedona Response Guide, we’ve pulled together some suggestions for sort of two elements of planning. One is the more technical, understanding what data you have, where that data resides, what your network systems are so that when you do have an incident, and you have to understand what information may have been impacted, to understand whether you have a legal obligation to notify, you have a better understanding and a better map of what those systems are and the information they hold. And a lot of times, using not just counsel and conducting that analysis, but using third party forensic firms to come in and help with that data mapping process is a really important step in getting prepared to understand where are all of the jewels of the company lying within the systems to know what the type of critical impact could be if one of those systems is hit.
LN: And some of the problems I’ve seen is, oftentimes the documents that are distributed and given to legally become outdated, so this is something really that organizations should be periodically updating their network data map and actually using either consultants or tools to help them map out what devices exist on their network.
KR: Right, exactly. And to that point, too, understanding what contracts with those vendors control here. Especially in the event, you have an incident that impacts the system that is managed by a vendor, do you know what information is being controlled by that vendor, and how you all are going to liaise when that incident occurs, who’s going to take control, what the contractual obligations are? Because vendor management is a hot-button issue these days. The FCC itself just came down with a number of guidelines and best practices for vendor management, so being prepared in that sense, knowing where your data is, who your vendors are, who controls it is really important.
LN: Exactly, and I can’t stress enough, it’s important, too, that companies have offline backups of their data because if you have a storage mass go down suddenly, if your company doesn’t have offline documents that describe what the drive geometry for that raid array is, the ability to recover the data becomes compromised and if a hacker gets in and takes out a storage network and the documentation for how to rebuild that storage network is on that drive, that could cause a real problem.
LN: Do you see that this guide is applicable to companies that are concerned about cryptolocker type malware as well?
KR: Sure, I think this Incident Response Guide can help guide companies through any type of incident, whether it’s a ransomware attack, where their information is being withheld from them, whether for ransom or for other purposes, it could just be useful in investigating the so often seen phishing attacks that seek to attack the email accounts of employees and then further perpetrate other credential harvesting schemes. So it’s useful in the sense that it helps companies prepare for any of those types of attacks. And it does so by helping them with the data mapping, giving them some guidelines on that front. And then also helping them to craft an incident response plan, which I think it’s just as you were talking about, being prepared here with an incident response plan is also the other critical component of preparation and it’s not a one-size-fits-all for the companies. You can’t just, there aren’t these stock-standard off-the-shelf policies that you can then apply because each company has different data systems, and different requirements, and different teams. But this guide provides you with resources and guideposts for how you build that plan that makes sense in the context of your company.
LN: Exactly, and depending on where the company operates, if they operate in Illinois, they might be subject to BIPA, the Illinois Biometric Information Protection Act, which has a whole host of unique requirements. So in our next segment, we’ll be talking more about what should be done after a data incident arises. Just because it’s an incident, does not mean it’s a data breach, but there are certain things you want to do, like have your team in place beforehand. But before we leave, what are your recommendations and what does Sedona say about forming a team to be able to respond in advance of an incident?
KR: I think that is probably one of the most critical elements of an incident response plan is really just knowing who your team is going to be. Who are the individuals that you are going to call when an incident occurs and building that team, it’s important to have the right buy-in? Legal, of course, is extremely important because you want to be able to conduct the investigation under privilege, and in a fashion that gets the facts to your legal counsel in a timely and expedient manner so that you can understand the point at which you have information that suggests you’ve had a breach as defined by law. Because the point at which you learn you’ve had a breach is defined by law as to when your clock starts ticking for notification and that’s in some jurisdictions, that’s a really tight turnaround. So in the incident response plan, in the Sedona Conference Instant Response Guide, we talk about having that team. Having the information security teams, knowing who your third-party experts are going to be if you need third party support to come in and investigate, knowing who your crisis management team from a PR perspective would be. So having all of those individuals listed, with the contact information in the back of your plan so you know who to call, sort of the Ghostbusters, but the privacy busters of an incident, who are you going to call when you get an incident. So I think that’s most important because having the right people mobilized is going to save you time in the end.
LN: It’s important, too, that especially with your forensic experts, you want to make sure you’re working with experienced people that understand the sensitivity around email because as you investigate incidents, your initial impression of what happened or what is going on might change as you learn new information, so it’s important not to begin with the word data breach when you don’t know if it’s a true data breach. Because sometimes, an organization has a security incident but there’s no proof that any data actually exfiltrated or that it was used in any way, so that’s part of at least during that response that we’ll talk about next, those are part of the issues that need to be investigated, but being sensitive to that and making sure that privilege is in place and communications is definitely important.
KR: Yeah, exactly.
LN: Well, thanks and tune in to our next segment where we talk about what to do after the inevitable data breach.
View Part 1 of our 3-Part Series on Data Breach
Related Articles on How to Prepare for a Data Breach
Prepare for a Data Breach, Secure Your Supply Chain
Learn More About How to Prepare for a Data Breach. Check out Kari Rollins
What are some of the potential problems for an organization trying to secure Windows 7? Cyber Security Experts Lee Neubecker and Atahan Bozdag say it’s analogous to owning a home and not maintaining it, eventually something breaks and it’ll cost you a fortune to fix!
Securing Windows 7 Environments
On January 14, 2020, Microsoft announced support for Windows 7 has ended. As reported by Microsoft, “Technical assistance and software updates from Windows Update that help protect your PC are no longer available for the product. Microsoft strongly recommends that you move to Windows 10 to avoid a situation where you need service or support that is no longer available.” It’s official…it’s the end of Windows 7! We have to end our love affair with Windows 7 and move onto Windows 10. What does that mean for the end-user? Well, if you stay on Windows 7, you will deal with constant security threats, and there will be no more updates or support. If you upgrade it’ll cost you approximately $139 for a home computer, $199 for a small to large business and $309 to upgrade a workstation that needs a faster powerful operating system.
Cyber Security & Computer Forensic Expert Lee Neubecker and “Fellow Forensicator” Atahan Bodzdag break down what impact is imposed on cyber security when computers no longer receive service patch updates or support for Windows 7. They discuss the usage of Windows 7 by the Health Care organizations that are resistant to change or have application that have not been ported to work with Windows 10.
Atahan Bodzdag provides an overview of top three items that all organizations dependent on Windows 7 should be undertaking to maintain cyber security resilience.
Window 7 Security Vulnerabilities
The Video Transcript Follows
Lee Neubecker: Hi, I’m here today with Adahan Bozdag. Thank you for being on the show Adahan.
Atahan Bozdag: Thank you for inviting me, Lee.
LN: Atahan is a fellow forensicator and cybersecurity expert. He works within the healthcare sector and works internally to an organization, doing some of the things I do as an expert witness outside an organization. And today we’re going to be talking about Windows 7, the end of the life cycle of Windows 7, and some of the cybersecurity issues relating to organizations that are in Windows 7 and are trying to prevent future data breaches. So, Adahan, could you tell everyone a little bit about what Microsoft did recently as it relates to Windows 7?
AB: Well, as you said, Windows 7 end of life cycle happened. It’s was January 14, 2020. They stop patching Windows 7 environment, so it is vulnerable to any attack after the date. January 14, 2020.
LN: So then when people report their CVEs, detailing vulnerabilities on Windows 7, eventually they’re up there for the hacker world to see. and to exploit because Microsoft’s not patching that operating system.
AB: Very true. It’s a dream come true for the hackers.
LN: Yeah, well, no more data patches means what exactly?
AB: It means that you are more vulnerable to attacks.
LN: So every day the risk of cyber compromise only grows for organizations still on Windows 7.
AB: Very true.
LN: So, what is for the non-technical person out there, could you explain what this is analogous to?
AB: Well, I can give you the house analogy. You buy a house and you don’t do any upgrades. You don’t do any maintenance. Something is going to break. So this is what’s going to happen with Windows 7. Because there’s no more patch, there are no more updates, there’s no more security involved in it. At one point if you still continue using it, you will get breached.
LN: So, it’s kind of like your locks start to fall off the door at a particular time
AB: Exactly, exactly.
LN: And if you consider the contents of a health care provider, to have sensitive data like patient medical records, electronic medical records, protected health care information, or PII, all of that stuff is vulnerable to exfiltration?
AB: Yes, very, yes.
LN: So, why are people still using Windows 7, given this threat?
AB: Well, some applications are not upgraded to work with Windows 10, and what happens. So then a lot of people working in the corporate environment are resistant to change because the applications are not working with Windows 10. So those,
LN: Or they just like the cleanness of Windows 7, relative to Windows 10, which
LN: It has a lot of bloatware loaded on it if you’re getting the version off the shelf.
AB: True, true.
LN: Who really needs to have all these games on their environment?
AB: Exactly. But at the same time, every healthcare company that, you know, even my company that I’m working for, we have a golden image that we create, which are stripped down from all those games and stuff like that. So we don’t use those. But, to get there, there is always an image needs to be updated in Windows 10.
LN: So what are some of the potential problems for the organization that stays on Windows 7 and just doesn’t get with the program to migrate off?
AB: Well, first thing is, APT.
LN: What’s an APT?
AB: APT is an Advanced Persistent Threat.
LN: That’s like that nation-state, Big Brother lurking on the chips of the computer device, waiting for a moment to attack, right?
AB: They can infiltrate you. They can do nothing, just sit and wait, and look at your data. And we have seen that in many breaches. The time that you found out that the company was breached, they’ve been in the system for more than six, seven months. So they were collecting data slowly by slowly, and at one point they turned the engine on, and then the doomsday attack starts. Suddenly you start losing data. Deletion happens and then, they grab everything out from your system.
LN: “So there’ ve been a lot of nation-states making threats.
AB: Oh, very much so.
LN: This could be a huge opportunity for certain nation-states to get themselves onto hackable systems and merely wait until the opportune time to strike is such that they could magnify the damage.
LN: We have a power outage,
LN: And they were to strike at that time, that would probably magnify the damage significantly.
AB: Very, very much. And now you’ve been talking about those in your other videos about these kinds of things. The cyber realm is another way of attacking our national interests. Health care is one of them.
LN: So let’s assume that an APT gets into a health care environment, health care provider’s systems, and they’re able to access electronic medical records, EMR, patient health care information, what might they want to do with that information?
AB: Well, patient records, especially the names, social security numbers, medical records, everything is sellable in the Darkweb.
LN: And it’s worth a lot more than just giving social security numbers.
AB: It is. True. It’s like a single record may go for $35. If you got about 10,000 records, 10,000 records times about $35.
LN: It’s likewise though, that data exfiltrates, and it gets out there in the market, the health care providers are looking at potentially significant financial damages, as well as reputational damage.
AB: Yes, yes. Because when these things happen, suddenly you have to report this either to the government or to the media. And then afterward the penalties will come. And investigations cost a lot of money. Penalties are really severe And doing all of these things, and if you’re still in the Windows 7 environment you’re actually opening yourself to these kinds of attacks.
LN: Yeah so, when these data incidents happen, as you like to call them, what do you see the role of internal IT investigations versus an outside computer forensic firm like myself specializes in data breaches and EMR. What is the typical role and function of the internal versus the outside expert witness?
AB: Internal it’s you know like myself, we do the investigation internally but we would love to hire, I mean we would like to hire an outside investigation, to give unbiased information. Saying that if you go to the legal ways that you will be able to say that hey, I’m not involved with this company I’m doing this…
LN: Sometimes, there’s benefit to having an outside forensic expert that’s independent speak only to the issues that are relevant and not necessarily have a knowledge of who was in IT that got fired or any of that other stuff that isn’t really relevant to the investigation but could create risk for the health care provider.
AB: True. True.
LN: So with regard to reporting obligations, let’s say you find that there was indeed exfiltration of patient data and that information left the organization, what are the reporting obligations?
AB: Well the best way that I can tell right now is if you were at the hhs.gov or consult your attorney it will actually tell you especially the website, will tell you what are the reporting obligations. There are multiple levels. If I go into details over here, it’s not going to last.
LN: Got it. And so, we talked about exfiltration but what can happen if someone gets in and actually deletes patient medical records?
AB: Well, the first thing is in hospital systems that patient who’s going to be either going into surgery or something like that, they will not be able to get, pull out the data.
LN: And so people who have a need for critical life-saving care, might actually die.
LN: Or worse yet, if someone were to alter the medical records
AB: That is a threat
LN: And say instead of your left lung having cancer it’s your right lung and you get the wrong lung removed, that’s a real problem
AB: It’s a big problem.
LN: So if you have to say, wrap it up what would be the top three recommendations you make to health care organizations to help defend against the potential future data breach that’s from running Windows 7?
Top 3 Measures to Defend Windows 7
First is implementing operate plan to leave Windows 7, immediately. That’s a given fact.
Second, isolate Windows 7 legacy into VDIs which we call the Virtual Desktop Environments. Isolate them from the network.
And the third, make sure that your disaster recovery is in place and you do periodic tabletop exercises.
LN: Well thanks so much, that was really informative. I appreciate you coming on the show.
Most voters think the Clerk of the Circuit Court of Cook County’s office is ground zero of what’s wrong ethically in Cook County government. Candidate Jacob Meister vows to clean up the office and deliver much needed ethical reform.
Enigma Forensics President & CEO Lee Neubecker interviews Jacob Meister, who is running for the office of Cook County Clerk of the Circuit Court. Lee is interested to learn more about what Jacob Meister plans to do in his first 90 days in office.
View Part 2 of our 4-Part Series on Jacob Meister, Candidate for Cook County Clerk of the Circuit Court
The Video Transcript follows
Lee Neubecker: Hi, I have Jacob Meister, who’s running for Cook County Clerk of the Court. He’s back on my show today. Jacob, thanks for coming back on.
Jacob Meister: Thank you for having me.
LN: So, as a candidate for Cook County Clerk of the Court, which is one of the largest court systems in the U.S., what do you see as your top priority in your first 90 days in terms of fixing a big problem that needs to be addressed?
JM: Well, the Clerk of the Circuit Court of Cook County’s office is ground zero of what’s wrong ethically in Cook County government, you know? The voters in recent years have elected a new Cook County Assessor, Fritz Kaegi, a new mayor, Lori Lightfoot, and have made clear that they demand ethical reform, in government, and the Clerk of the Circuit Court is ground zero of what needs to be fixed. This is an office that for decades and decades has been plagued with political patronage, political workers getting jobs at the public expense in order to do political work. We have to stop that, and in my first months in office, I want to make sure that we are cleaning up the office to make sure that we are delivering taxpayers value for their money and that employees are dedicated first, foremost and exclusively to serving the public interest in the clerk’s office. We cannot get over the operational problems that this office has until we first clean up the ethical issues. So, I want to make sure that the patronage in the office comes to an end. That we comply, there’s currently a federal decree, it’s called the Shakman Decree, that the office is under that requires patronage to hiring, to not be done by patronage. I want to make sure that people are promoted from within, not given these political jobs where employees are beholden to the party machine.
LN: Great, well, thanks for being on the show, Jacob.
More and more employers are using biometrics. Biometric information and is covered by the Illinois Biometric Information Protection Act or BIPA. Forensic expert Lee Neubecker and Vedder Price Shareholder David Rownd talk about the steps employers need to take so they don’t violate BIPA.
Employers Using Biometrics
What should employers do before collecting biometric information? Biometrics is on the cutting edge of technology and more and more employers are using biometrics in the workplace. Employers use biometrics to activate machinery or computer devices, to track employee time and attendance, and can be used to gain access to specific secured environments. The most common example of employer use of a biometric recognition system is the fingerprint.
Expert Lee Neubecker and Vedder Price Shareholder David Rownd discuss the necessary steps that all employers should do before installing biometrics.
Part 3 of our 3-Part Series on Biometric Data
The Video Transcript Follows.
Lee Neubecker (LN): Hi, I’m here again with David Rownd. David, thanks for being back on the show.
David Rownd (DR): Oh, thanks for having me again.
LN: So we are continuing our series talking about BIPA, the Illinois Biometric Information Protection Act. And what employers should do, especially those New York employers that have satellite offices in Chicago that track their employees and whatnot and how they should, things they might want to do beforehand so that they don’t get into trouble. With that David, what are some of the concerns and responsibilities employers have under BIPA?
DR: Well, first of all, they have an obligation to notify employees that they are using biometric information. And they have to tell them why they are using biometric information. They have to safeguard the information. They have to have policies in place to safeguard the information. And they are absolutely prohibited from selling the information to third parties.
LN: That would mean if they are using time tracking software they might want to check to see what adaptations those software companies have in terms of how they protect employees’ fingerprints and whatnot.
LN: And is it a good idea for the employer to actually get the employee to sign a consent form?
DR: Absolutely. In fact, they are required to obtain consent
DR: before doing this. And this is an important consideration for employers and it should be something that is well thought out and a program put into place that complies with the law before embarking on the use of biometric information.
LN: So employers if you have a trading firm here in New York that has a satellite trading, possibly an option firm, options are big in Chicago. What would you advise them to do just to do a check-up to make sure they are OK?
DR: Well, if you are going to be using your employee’s biometric information in Illinois it would be covered by BIPA. And you need to make sure you are in compliance with the law. And I think it makes sense for your in-house legal team or whatever counsel you rely on to go over what you planned to do and ensure that what you are going to be doing is in compliance with the law.
LN: So I think the intent though of a lot of these tracking features of time tracking software really is to try to protect employees from punching in for, you know, their friend that is running late. But there are other ways that employers can still do that without relying on fingerprints or retina scans.
DR: There are other ways. Smartphones can be used and they can be used without taking any biometric information. And there are other ways of doing it as well. But if you are going to be using biometric information, you certainly should make sure that you are in compliance with BIPA because it’s been a very active, very buried in litigation. There’s been a lot of class actions lately and a lot of companies have had some issues. Most employers would be well advised to make sure they don’t run afoul of the law.
LN: So why are we suddenly hearing so much about BIPA in Illinois? What happened last year that changed things?
DR: Well, there was an Illinois Supreme Court case that really kind of open the floodgates for plaintiffs to be able to sue. Normally in order to bring a lawsuit, you have to be able to show that you suffered some specific harm which is referred to in the law as damages, and that is an element of most civil causes of action. However, under the way, BIPA is written an aggrieved party can bring a private right of action under BIPA. And there’s the Illinois Supreme Court, a case called Rosenbach, last year, basically held that the mere violation of the law with the respect to someone’s biometric information makes that person an aggrieved party. So, the fact that your biometric information has come out of compliance in a program means you’d have the standing to bring a lawsuit. And more importantly, that you could potentially be the lead plaintiff in a class-action lawsuit which ups the ante significantly for employers and exposes them to much more significant liability.
LN: So this could expose any employer using time tracking that has a biometric component in Illinois?
DR: Potentially, yes.
LN: Now are there things that can help protect those employers though from getting in the crosshairs if they are using that software?
DR: Well, I mean, ensuring that you’re in compliance with the law, certainly. Which means making sure you’re getting consent. Making sure that the concent is informed consent and the consent is in full compliance with the requirements of BIPA. Not doing anything that BIPA prohibits such as selling the information to third parties. It sounds pretty obvious but it’s something that’s important to make sure you’re in compliance with the law.
LN: Now there was a case in Illinois involving, it was an athletic gym that had customer information and some of that information was alleged to have gone to outside parties. And I think that case settled, but it certainly not only employers could fall into the snare of BIPA, but consumers as well, people who do business with companies that choose to take their biometric data.
LN: Like possibly even Google and Facebook.
DR: Potentially, yes.
LN: Well, thanks a bunch. In our next segment, we’ll talk a little bit more about what is happening nationally with BIPA. And thanks again for being on the show.
DR: Thanks for having me.
View Part 1 of our 3-Part Series on Biometric Information
View Part 2 of our 3-Part Series on Biometric Information
ZyLAB is a global company that can help an organization who has to deal with various regulatory authorities spanning the globe. They are dual-headquartered in both Washington, D.C. as well as Amsterdam in the Netherlands. If your dealing with GDPR in the EU or CCPA in the US ZyLAB is equipped to provide service. In this video blog Lee Neubecker and ZyLAB’s Jeffrey Wolff discuss what differentiates them from their competitors.
Cyber Forensic Expert Lee Neubecker and ZyLAB’s eDiscovery Director Jeffrey Wolff discusses how ZyLAB Artificial Intelligence (AI) solutions can help your company. ZyLAB is an eDiscovery provider that works with government entities, corporations and law firms to provide data solutions. ZyLAB assists in extracting value from data, and not just metadata, but also document review that is about looking for entity information. ZyLAB is able to search for key people, places, and organizations that are mentioned in documents and/or emails, and quickly drill down to what is going on in your organization.
Watch this important final part of our 3-Part Series on Artificial Intelligence Solutions and eDiscovery. You will learn about what ZyLAB offers that will help your company with document review and ultimately save time and money.
Part 3 of our 3-Part Series Artificial Intelligence (AI) solutions and eDiscovery
The Video Transcript Follows.
Lee Neubecker (LN): Hi, I have Jeff Wolff, back on the show from ZyLAB. Jeff, thanks for coming back on.
Jeff Wolff (JW): Thank you.
LN: He’s their Director of eDiscovery, and I wanted to ask him some questions as it related to what differentiates ZyLAB from other products out on the market. Some of my clients may want to use this type of artificial intelligence program to help get through their review and see what the results are of using AI versus the traditional e-discovery review process, so.
LN: Jeff, could you tell us what sets ZyLAB apart from other competitors in the marketplace.
JW: Sure, sure, so first, I think ZyLAB is uniquely positioned in the fact we understand the corporate space quite well, as well as the law firm space, but we got our start in the corporate world, or in information governance. So we are very vested in search and data science, and that’s really where we’ve put a lot of our focus. We have both on-premise solutions, as well as cloud-based, SaaS solutions like every other next-gen provider. But we really push our interface, our user interface and our user experience, as one of the most unique selling points. And that is, that it is not difficult to start using. Anyone, any legal professional can pick up our product in an hour, from start to finish, and understand really how you utilize it. Drag and drop interfaces for getting data into the system, and immediate color-coding and tagging, easy search, and the ability to really visualize your data and understand what’s in the dataset.
LN: Okay. So, what would you say for a company that has to deal with multiple jurisdictions, they’re in Europe, they’re in the US.
LN: There are some unique challenges posed by all the various regulations out there, like GDPR.
LN: Maybe the have operations in China. How could you help a company that has to deal with various regulatory authorities spanning the globe?
JW: Sure, and that’s another advantage that ZyLAB has, actually, we’re actually a global company, so we’re dual-headquartered in Washington, D.C., here in the US, as well as Amsterdam in the Netherlands, in the EU. And as a result, we have cloud operations in both jurisdictions. So our global customers can actually keep US data in the US, and they can keep European Union in the EU, and not worry about that issue. But we also have the expertise, consulting expertise, in both environments, both geographic locations. For example, I’m doing a lot of work now with corporations, not so much focused on directly just on e-discovery, because e-discovery is a bit reactive, you know? Or corporations go through peaks and valleys with e-discovery, the litigation, something they have it, sometimes they don’t. What they constantly have though, are internal investigations, regulatory responses, in the highly regulated corporations. And more and more now, data privacy concerns. So, my European colleagues have been dealing with GDPR for a while, we’re now starting to feel it here in the US, with CCPA, the California Consumer Privacy Act. And there are a number of states on the horizon that are going to California’s examples, so corporations need to be able to find, and classify all the data that they have in their organization that has customer information because if those customers request it and they can’t provide it, they’re financially in a lot of trouble.
LN: Do you think that the regulations coming down on companies are going to fundamentally change how companies chose to communicate with their vendors, suppliers, and own employees?
JW: Absolutely. If you look at all the recent data breach situations, it’s typically not the organization that has the problem, and I won’t mention any of the large companies that have recently had data breaches, but it’s typically not the original company that had the issue, it’s one of their suppliers, or one of their vendors that had accesses to the database, and wasn’t protecting it properly, and that’s how the trouble began.
JW: Same thing with data privacy.
LN: The supply chain certainly is a huge point of vulnerability for all types of organizations. The governments, the military.
LN: and even corporations.
LN: So what do you see happening over the next few years with the adoption of AI platforms?
JW: I think the e-discovery market is going to fundamentally change. There’s still always going to be a need for discovery within corporations and law firms, but what you do you with the data is going to become much more important, so it’s going to be about how you can extract value from the data, not just metadata, which we’ve always been able to do for years now, but now more about looking for entity information. People, place, organizations that are mentioned in documents and emails, and collaborative environments, and being able to visualize those, and quickly drill down to what was going on in your organization. You know, if you got people that are going to the dentist three times a week, they’re not doing to the dentist, they’re doing something else, They’re just writing about going to the dentist.
JW: Software like ours that can identify those references in documents are going to be crucial to the success of organizations.
LN: That’s great. So it seems that there’s continued e-discovery service provider consolidation out there.
LN: The companies that are using tools that are more of a channel partner tool to resell.
LN: But as those companies consolidate, do you think that there’s going to be a movement away from those providers where, the company, the firms, directly do their own e-discovery?
JW: Oh, yes. Yeah, very much so. We’ve been seeing that over the last few years. A lot of companies, even small companies that tend to have, in the past, just used outside vendors for e-discovery, are now deciding that they prefer to control, not just the cost, but also their data. They don’t want their data outside of the organization for reasons we’ve already talked about. So they’re purchasing in-house tools that they can use themselves, and then they can invite outside counsel in to make use of, that way they control their costs, they control the efficiency, and they control the data.
LN: Well, this has been great. Thanks a bunch for being on the show.
JW: Thank you again.
LN: Take care.
Part 1 of our 3-Part Series on Artificial Intelligence
Part 2 of our 3-Part Series on Artificial Intelligence
What is a FIPS 140-2 and how does it play a role in medical devices? Are medical devices manufactured with security in mind? Experts Lee Neubecker and Keith Handler discuss medical device security.
What measures are in place to help protect medical devices from cyber compromise? President & CEO of Enigma Forensics, Lee Neubecker gained insight into the latest and greatest preventative measures being developed for medical devices. Lee sat down with the top engineer for Sterling Medical Devices, Keith Handler and explored technical measures applied to the manufacturing process of medical devices. Check out this video to learn all about the tech measures. You will be so much smarter if you do!
Part 3 of our 3-Part Series on Medical Devices
The video transcript of Preventative Measures: Medical Devices follows.
Lee Neubecker: Hi, I’m back on the show again with Keith Handler from Sterling Medical Devices. Keith, thanks for coming back.
Keith Handler: Hi Lee, thanks for having me.
LN: So in our 3rd segment on medical device security, we’re going to talk a little bit more about some of the hardware elements, how the software gets loaded onto medical devices and what things are in place to help protect medical devices from cyber compromises. So first, Keith, can we start off with telling everyone what FIPS 140-2 is and how that plays a role?
KH: Yeah, absolutely. FIPS is the Federal Information Processing Standard, 140-2 is the specific certification for encryption libraries. That certification means that those encryption libraries are proven to be usable and certified to be usable for federal systems and medical systems.
LN: Most hospitals require FIPS 140-2 for immediate devices if you’re transferring PHI, Patient Health Information. If you’re transferring that information to external storage, they want to make sure you’re using secure storage that meets federal information processing standards.
LN: So when you’re evaluating a device for security, what are some of the things that you do to help ensure that the firmware that’s stored on the chips is secure and safe?
KH: Well, an embedded device it’s a challenge, of course, you have limited space, limited capabilities typically, especially on lower power devices. If you’ve got the space and the ability, we can use hardware encryption chips, hard-circuits, those are usually the most reliable and the most performant. If not, there’s plenty of embedded libraries out there that are FIPS 140-2 certified. The main thing being that we never roll our own as far as encryption libs go, we use federally certified ones to ensure that we’re up to the current standards and encryption strength.
LN: Those standards change over time.
KH: Correct, yes.
LN: At one point and time, SHA-1 encryption used to be considered perfectly fine, but now with quantum computing, there’s been a rush to ditch SHA-1 and require SHA-2 as encryption library to help secure things.
KH: Yes, this brings up an important point actually. How do we keep things secure moving forward when new vulnerabilities are found, new attacks are found, libraries are cracked.
LN: Yeah so, what do hospitals and other healthcare providers need to be doing to ensure their devices stay secure once deployed?
KH: Well, hospital healthcare providers need to be making sure that they are up-to-date with the manufacture of all of their devices, that they are keeping apprised of any kind of recalls or anything like that. Manufacturers, the people that we typically deal with, product developers, their responsibility is to maintain a bill-of-materials, a cyber bill-of-materials; their libraries, their encryption circuits, make sure that they’re tracking the versions and things like that so that when a company has a vulnerability exposed, they can become aware and make updates and push them, software especially, as fast as possible.
LN: All right, so if an organization or a healthcare entity were to become compromised, have you been involved with supporting the client that underwent a cyber compromise?
KH: I have not, we’re usually in the earlier stages of developing the products prior to that occurring, and our products hopefully never get compromised.
LN: So I’d imagine though that if there’s a concern about the security of certain medical devices, that there’s a need to actually dump the firmware. Firmware is software stored on an embedded chip. But the firmware will persist after power-down, reboot to whatnot, but there is an ability to go and extract the firmware of the chip with the correct tools, such as a Bus Pirate, or other devices. And then what would you do to examine, if you had access to the firmware on a chip, how would you go about ensuring that that’s authentic?
KH: Well the first thing is if we’re going to push out firmware, things like that, you need to make sure that the device can know that it’s authentic. And we do things again, like digital signing, signature verification encrypting of that firmware package. That way we have a verification process in place to ensure that what we’ve got coming down is good.
LN: So that’s known as a hash.
KH: That’s part of it yes.
LN: So the hash value is the unique encrypted thumbprint generated by a hash algorithm and those hash values can be used to compare against the manufactures release version and what’s on the chip to determine, are they running the most recent up-to-date firmware, or are they running a older version or are the running something that’s rogue that is not known by the manufacturer.
KH: And that’s the real key, to make sure that what we’re running is what we expect it to be and not something that has been tampered with.
LN: How often are hospitals and IT staff actually auditing and checking their firmware?
KH: You know I’m not clear on that, but I would say almost certainly not enough.
LN: Yeah, so that’s one of the things that I know you’ve said earlier, that it’s important that all these entities using the devices, once they’re certified and deployed, there’s still a responsibility on the healthcare delivery organizations to make sure that they’re patching and updating those devices so that they keep the standards.
KH: Ideally. Nowadays, a lot more devices are connected, communicating out with central servers, and that gives them the advantage of being able to receive security updates, so it takes that middleman out, essentially, but that also opens up additional potential security holes that have to be considered and protected against.
LN: Yeah, and anything that comes to mind that you’re concerned about in regard to new threat factors?
KH: Well, you know, again, if I’m distributing firmware by handing it to you on a USB stick, you can be pretty certain that what I’m giving you is likely to be good. If I’m telling you download it from this site, you don’t know. For all you know, it could get tampered with in transit. So it raises a lot of additional risks.
LN: Do you think that there’s something to be said for going back to the old updates on CD, read-only media?
KH: Well, you know, information is what it is, and things mover faster nowadays, so I don’t know that it makes sense to move backward, it just means that we have to have more modern methods of protection.
LN: But thanks a bunch for being on this show. This is great stuff.
KH: You’re very welcome, and thanks for having me.
LN: It’s my pleasure.
View Part 1 of our 3-Part Series on Medical Devices
Artificial Intelligence (AI) is the fastest-growing eDiscovery solution in the Legal Industry. Just like in Henry Ford’s day, it’s the keen cutting edge shaving away costs by reducing time spent from evidence to production. Use AI and don’t land in the pitfall.
“Competition is the keen cutting edge of business, always shaving away at costs”…Henry Ford
Is there a pitfall if you use AI? Computer Forensic Experts Lee Neubecker interviews Chief Innovation Office with DISCO, Cat Casey both agree the largest pitfall in AI is NOT embracing AI! Artificial Intelligence (AI) is the fastest-growing eDiscovery solution in the Legal Industry. Just like in Henry Ford’s day, it’s the keen cutting edge shaving away costs by reducing time spent from evidence to production.
Cat explains DISCO was born out of the firm’s frustration with conventional eDiscovery tools that were slow and difficult for lawyers to use. Instead of being forced to adapt our work methods to technology, we wanted to invent technology that works the way lawyers work. DISCO was the result, and today we are the fastest-growing eDiscovery solution in North America. Both experts agree implementing AI will help companies gain a competitive edge. Watch this video to hear examples of how AI helps sharpen that edge!
Final Part of our 3-Part Series in Artificial Intelligence: Pitfalls in AI
The Video Transcript Pitfalls in AI Follows.
Lee Neubecker (LN): Hi and welcome back again Cat. Thanks for being on the show again.
Cat Casey (CC): My pleasure.
LN: Cat Casey from CS Disco. She’s a Chief Product Innovation Officer. Did I say that right?
CC: Chief Innovation Officer.
CC: Products too, though. It’s fine.
LN: They call her chief.
CC: They should.
LN: So we’re going to talk now, in this last part of our series on artificial intelligence, about some of the challenges of organizations that don’t adapt and don’t get on board. So, what do you see the potential risks and pitfalls for law firms that don’t begin to embrace so sort the form of a technology-assisted review or artificial intelligence to help speed up the review process?
CC: Well, at a very basic level, clients are getting smarter. We’ve got CLOC https://cloc.org/, we’ve got clients talking to each other more, and they’ve raised their expectations of how their firms are going to be competitive. And it used to be if you were big law firm A you would always have this corporate client for every anti-trust case they would always go to you. But now I was getting dozens of RFPs where they’re asking me what technology are you using? How are you driving innovation? How are you driving efficiency? Because there is a higher expectation of competition between outside counsel. That, maybe, wasn’t there a few years ago. And so, the client expectation is driving this appetite to investigate eDiscovery and Artificial Innovation (AI) based innovation in a way that wasn’t here a few years ago.
LN: Has there been any industry research that has attempted to benchmark the cost of a case using an AI platform to speed up review versus not, to your knowledge?
CC: You know. I can speak from Disco, and we see about a 60% reduction in time to evidence to production. And that translated to dollars. And so, I mean, 60% savings on the 80% of a case that is reviewed is substantial. The thing that I think is most important is cost-savings big, but getting evidence quicker.
LN: Yeah. Time is of the essence.
CC: That is the thing that is paramount because of a lot of these companies… I worked at a company that had very big budgets, but no amount of money, no amount of people, was going to be enough to get these insights I needed before the meet and confer. Or before I had a critical filing with a government investigator. And so, getting evidence quicker so I can start building my case, was the differentiator.
LN: Yeah, certainly if you’re working for a company facing a DOJ inquiry.
LN: Knowing the good, the bad, the ugly.
LN: As soon as possible can help you make better decisions for your clients. Which might involve, you know, settlement. settling. Yeah, yeah. There have been many recent settlements, recently, from big companies that didn’t want to get tied down at least.
CC: Well I’ve had cases where… One of my favorite ones I used tons of different AI and analytic tools. I had a big bank that had been fined billions of dollars and another big bank was, they had hired on people in that same group, and they were wondering if they would be subject to the same investigation. So, I did some social network analysis. Who was talking to who, with what frequency? I parsed Bloomberg’s chat. I parsed audio logs. And I used everything to keep triangulating down until I was able to identify the bad actors, saying the bad things, and the map of the structured data to show they didn’t do the bad things. And my company wasn’t on the front page of the Wall Street Journal. My company wasn’t fined. So it ends up being very compelling, even early in investigations.
LN: Yeah. Certainly responding quickly is important now. Have you seen any success stories as it relates to companies embroiled with data breach incidences, that have used your platform to help get ahead of what was going on?
CC: 100%. I mean PII, so personally identifiable information, is something that you’re going to have to notify if there is a breach. So if someone, say your Equifax, not that I’m naming them, but say you’re a big company with a lot of personally identifiable or health information. You need to identify it quickly, notify these people in their specific timelines. Tools, like Disco’s, help you use algorithms to find that quickly and act upon it. Otherwise, if you’re looking at 100 million records, there’s no amount of humans that could go through that, in a timely manner, where you’re going to comply with time obligations. And so, it’s majorly impactful.
LN: That certainly is. Well, are there any other things you want to say on the show before we wrap up?
CC: You know, adapt. The reality is no one wants to be the buggy whip maker in a Tesla world. The time to start investigating and vetting and ensuring that the tech you’re looking at isn’t hype is now. Because in a year, or three years, or four years, you might be behind the curve. So, find your resident dork, ask questions, dig into the tech. Now is the time.
LN: And it’s probably worthwhile, you know, without being biased towards Lit Funder, why not take a case try out Disco, try out another offering to see what really works. I mean you had the benefit of…
LN: You were on the other side working for the law firm, shopping for vendors.
CC: I did a 55 vendor RFP. I’ve seen everyone. I’ve looked under every hood. I mean there’s a reason I went to Disco. But there are other tools good out there. I think you want a toolbox with lots of different tools. If you’re a hammer, everything looks like a nail. Let’s be honest, litigation is always bespoke, so you want lots of tools that can help you address it.
LN: Great. Well, thanks again for being on the show.
CC: Yeah, my pleasure.
LN: This was great.
Watch the Entire Series on Artificial Intelligence (AI)
Facebook’s record-breaking $5 billion settlement, proves the FTC takes consumer privacy very seriously. Will Facebook’s settlement spark other class-action lawsuits based on claims of privacy abuse relating to the Biometric Information Privacy Act (BIPA)? Forensic Expert Lee Neubecker and attorney David Rownd from Vedder Price discuss the ramifications of this settlement and dissect what really constitutes biometric data?
Part 2 of our 3 Part Series on BIPA
The Video Transcript Follows.
Lee Neubecker (LN): I am back again with David Rownd, and David’s going to talk a little bit more about BIPA. We’re talking about in the news recently, Facebook just reached a very large settlement related to claims of abuse relating to BIPA. What does this mean with such a large settlement? Is this inviting all the plaintiff attorneys to file more and more class-action lawsuits?
David Rownd (DR): Well, this has been a very active area of the law, and yes, the answer is yes. There’s a lot of class actions going on in this area, and it’s largely as a result of the low threshold to become a plaintiff in that you don’t have to establish specific damages, and the mere fact that the law has been violated can make you an aggrieved party who has the standing to file a lawsuit.
LN: Just so we can be clear, can you give some examples of what constitutes BIPA biometric data and what isn’t?
DR: Well, fingerprints are biometric data, a retina scanner, the veins in your hands can be evaluated as biometric data, and other things as well.
LN: What about the way you walk or the way you talk?
DR: Their voice recognition has been considered to be biometric data. Handwriting is not biometric data.
LN: So, devices like Siri and Alexa, is there a potential they’re going to fall into that?
DR: I think that that is certainly a possibility.
LN: So are we going to have to sign a contract before we use Alexa or Siri to protect, for them to be protected?
DR: I wouldn’t propose to advise Siri and Alexa as to how to conduct their business.
LN: Very good answer.
DR: I think that there is a possibility, certainly.
LN: So what do you think the future holds for BIPA-related lawsuits?
DR: Well, this is certainly an opening for plaintiffs lawyers to go after, and you see this in a variety of different areas where the law creates a low threshold to get in the courthouse door and potentially high exposure for defendants. You have plaintiffs lawyers who are attracted to that and they go after it, and that’s currently what’s happening now with BIPA in Illinois and why there are so many lawsuits filed.
LN: And I think it relates to, the fees are based on each instance of biometric data, so potentially you have multiple videos, multiple pictures, this data is stored, and if you can be aggrieved without the data even getting hacked, it’s a very large potential, which is probably why Facebook settled because what it could be much greater. And they probably weighed their risk and decided it made sense to settle.
DR: I think that’s probably right.
LN: Well, thanks again for being on the show, I really appreciate it.
DR: All right, thanks for having me.
View Part 1 of our 3-Part Series on Biometric Data
Other Related Articles on Biometric Data
FTC’s Press Release on Facebook’s settlement on Biometric Data
You’re looking for the smoking gun and have tens of thousands of documents to review. Experts Lee Neubecker and ZyLAB’s eDiscovery Director, Jeffrey Wolff say Optimize with AI and make your review easier!
Optimize eDiscovery with AI! Lee Neubecker sets out on a quest to find out what’s happening with Artificial Intelligence as it relates to the eDiscovery review process. Lee visits eDiscovery Director, Jeffrey Wolff from ZyLAB and together they examine how new AI algorithms are coded for priority review and can rank documents for relevance, saving countless hours and dollars for the client. Utilizing new AI will optimize your current eDiscovery process.
Part 2 of 3 Part Series on Smarter Solutions eDiscovery
Optimize eDiscovery with AI Video Transcript Follows
Lee Neubecker (LN): Hi, I have Jeff Wolff back on the show again from ZyLAB. Jeff, thanks for coming back.
Jeff Wolff (JW): Thank you.
LN: And today we’re going to talk a little bit more about trends in Artificial Intelligence as it relates to eDiscovery and the review process that comes along with that. Jeff, what do you see happening right now with Artificial Intelligence as it relates to the eDiscovery review process?
JW: So what we’ve noticed over time is that, traditionally, Artificial Intelligence was always deemed to be only valid in cases where you had hundreds of thousands or millions of documents. And one of the changes that have happened over the last few years is that the Artificial Intelligence models have gotten so much better than you can now use them for much smaller data sets, and so we evangelize the use of Artificial Intelligence in smaller data sets, even, a thousand documents, you’re going to get a better review, more efficient, and more correct, faster, with AI than you would with a team of reviewers.
LN: So if you have a project and you’re using your platform, let’s say there are a million pages of documents that need to be reviewed. You put a review team on starting that process, and they start categorizing and coding, as they get through the first ten thousand documents, what is your software doing to help make this process more efficient and effective for them?
JW: Sure, so if you’re using traditional, what we call supervised machine learning, that used to be referred to as predictive coding, what our software allows you to do is train a small training batch, so a small sample of the documents, and code them for responsiveness, whether they’re responsive or not responsive. And we’ve made it very easy for users to do that. So, you can create issues, and for each issue, you get two tabs, responsive or not responsive, and you just train, you look through a bunch of training documents and you tag the documents appropriately, and the machine classifier learns, very quickly, what is responsive, what is not responsive. So, maybe after two or at most three training batches, the classifier is now bringing you back almost exclusively responsive documents. It’s already smart enough to do that. And so you only need a few training rounds to get the classifier well over the 80%, typical 80% precision and recall threshold that most attorneys feel is what the human is capable of, but the machine will do 90, 95% precision and recall, so you can be assured, not only are you getting a more efficient and more correct review, but you’re also doing it in a whole lot less time with a whole lot fewer people.
LN: And so, are your algorithms looking for synonyms, and similar phrasing that has equivalent word matches?
JW: It’s a bit of secret sauce. But, yeah, we use a support vector machine-based set of algorithms, kind of the most modern version of machine learning. And it is effective, it understands what our topics that were identified in the document, and what other topics are like them. So that’s how it’s doing an identification. But you’re effectively training in or on that.
LN: So the people using your platform, are they having to necessarily review all of the documents, or are you basically, based on the trained review process, you’re taking that universe of a million, and as they get through it, it’s starting to cluster.
LN: There’s a set that, this probably isn’t useful, and you don’t have to look at it, but you can look through it just to see.
LN: They have confidence that it’s not excluding relevant stuff, right?
JW: Yeah. What we find from an AI standpoint is that the two primary use cases that attorneys have when they use AI are priority review, so that means hey, I’m going to start teaching the data about, the classifier about my data set, and I’m going to show what responsive documents look like, and then I want it to rank all the remaining documents for me for relevance. And so I’m going to then put eyes on those top-ranking documents. That’s effectively looking for the smoking gun, right? That’s one. But they also use it a lot for QC and this is where I see I’m trying to put a lot more attorneys into utilizing AI, is you’ve already done your tagging, and you had eyes on all of your documents, now go back and use the AI and compare it against what your human reviewers did, and see if you’ve missed things. Because inevitably, your reviewers are not going to be all at the same level. Some people are going to miss-tag documents, and the AI has a really good chance of picking up those mistakes and showing them to you.
LN: So have there been any published studies that document the effectiveness of AI with the review process?
JW: There’s been a bunch of them. I know Law Geeks did one that was pretty interesting. What I’ve read recently is that only about, nationally, about 4% of all cases use Artificial Intelligence officially. But then again, there’s no requirement, in the meet and confer that you identify that you are using Artificial Intelligence in a discovery case. So a lot of attorneys can be used, and just not reporting it. Which is fine, because back when the review was manual, and you went through paper and bankers boxes, you didn’t have to document the process for that review. So why should you have to document the fact that you using a machine to do some of the identification of documents and responsiveness today?
LN: So are there potential problems as a result of using AI for failing to produce relevant documents?
JW: No, I think the case law already demonstrates that AI is an accepted form of using, of identifying reviewed documents, and again, even if you’re just using it for QC purposes, you’re still better off. You’re still less likely to miss things than if you hadn’t used it at all.
LN: Great, well, it’s been great. Thanks a bunch for being on the show.
JW: My pleasure, my pleasure.
View Part 1 of our 3 Part Series on Smarter Solutions in eDiscovery
Other Articles about Artificial Intelligence (AI)
More related articles
To Learn More about ZyLAB’s Ability to Optimize eDiscovery With AI
A cardiac pacemaker is a lifesaver for many and is considered an implantable medical device. The FDA imposes regulations to protect these devices. Experts Lee Neubecker and Sterling Medical Devices, top engineer, Keith Handler examine FDA Quality System Regulations, ISO standards, and FDA guidelines used by Sterling Medical Devices that are essential to the manufacturing practices.
FDA Cybersecurity regulations in medical devices is a tough topic! Consider the cardiac pacemaker, probably the most notable life-saving implantable medical device. Did you know that it is operated by a computer chip? Just like any other computer they can be vulnerable to cybersecurity breaches.
Experts Lee Neubecker and Sterling Medical Devices, top engineer, Keith Handler examine the FDA’s Cybersecurity quality system regulations, ISO standards, and guidelines followed by Sterling Medical Devices to ensure cybersecurity for all their devices.
Tune in to Part 2 of our 3 Part Series on Medical Devices
The FDA Cybersecurity Regulations: Medical Devices Video Transcript Follows.
Lee Neubecker (LN): Hi, I’m back on the show today with Keith Handler, Keith, thanks for being back on.
Keith Handler (KH): Thanks again for having me.
LN: And Keith, again, is from Sterling Medical Devices, and today we’re going to talk about what measures are in place, that the FDA imposes to help ensure cybersecurity on medical devices, especially safety of PHI, and safety of the operation of those devices for end-users. Thanks again for being here.
KH: Yeah, thanks for having me. So, cybersecurity. It’s a tough topic, and the FDA is still figuring out how exactly to deal with it. They have issued guidance that attempts to categorize how high the risk is of cybersecurity for a device and the basic standards you need to follow in designing, and testing, and documenting your processes for developing that device. That guidance is currently how we generally implement most of our analysis processes and controls. The FDA has chosen to recognize certain certifications, such as UL 2100-1-2.
LN: And what is UL 2100-1?
KH: 2100-1 is a certification for network-connected systems, as far as cybersecurity is concerned, and 2100-1-2 is a subset of that standard, specifically for medical devices connected to the internet or a network. Mostly that standard follows the 2100-1, with a couple of modifications, based on the fact that medical is safety-related.
LN: Have you seen any changes in the standard since the WannaCry attack that took out a lot of the UK hospitals?
KH: Nothing that I can point to specifically. You know, that really comes down to changing specific vulnerabilities, our knowledge about them, and the attack vectors that we know that are capable of executing these things, cataloging them, making sure that we plan for them in future designs.
LN: So I know Bluetooth is a protocol that’s vulnerable to exploitation. I think at one point in time, there was a warning that everyone should take their pacemaker and get it updated. Were you familiar with that?
LN: Can you tell people a little bit more about what happened?
KH: Yeah, well, in that specific case, I’m not actually 100% sure what occurred there, but most of the time your issues are, with a lack of authentication, a lack of encryption, you need to be sure that what the device is talking to on the other end is exactly who they expect it to be, what they expect it to be, and you have to make sure that that communication is secured and unchanged, unaltered. Typically, that’s done by using specific security libraries, integrating them in careful ways, making sure that all communication over the wire is encrypted, things like an asynchronous key generation.
LN: I think, just from my memory of events, one of the problems they discovered is that these protocols, there’s a period of time before authentication occurs, in the preamble when there’s broadcast of the Mac address, the wireless name, and whatnot, where there’s a potential to create an overflow situation, to actually compromise a device before encryption and authentication occurs.
KH: Yes, in certain system designs it is that way.
LN: And, unfortunately, these protocols are, you know, they’re everywhere. So, at the time, I believe that the chip makers and various equipment providers, not just only in the medical area, but across the board, had to create fixes that help protect against these types of cyber-attacks.
LN: So, you were talking about UL 2100-1-2, what about TIR57? Can you explain what that is?
KH: So, AAMI TIR57 describes how to marry up the processes of medical safety risk analysis and security analysis. It’s an attempt to show that the security analysis process is actually very similar and very familiar for anybody that’s done the safety risk analysis before. More of less, it takes ISO 14971 and applies security risk management to it with a mix of a little bit of some NIST standards in as well. But the general idea is to really categorize what assets you’re protecting in your system, and the known vulnerabilities that your system has, and then from there, you attempt to determine a list of known attack vectors and categorize the profiles of your possible attackers. With a combination of that type of information, you can assess what the real vulnerabilities and risks are for your system, and design in controls, from the ground up, to make sure that you’ve protected against them.
LN: Yeah, well, this is really fascinating stuff. I appreciate you being on the show, and I look forward to our next segment talking more about cybersecurity and how to keep these devices safe.
KH: Thanks again for having me, Lee.
Don’t Miss Part 1 of this 3-Part Series on Medical Devices
AI trends in the Legal Industry is revolutionizing data, and whittling down the amount of paperwork involved in legal practice. Lee Neubecker and DISCO’s Cat Casey discuss trends in the legal industry.
Paper death! Legal professionals get buried in a mountain of paperwork. Artificial Intelligence (AI) replaces that mountain of paper with cloud-based apps and whittles down costs. What’s new in Artificial Intelligence (AI) as it relates to the legal industry? Check out this video as Forensic Expert Lee Neubecker and DISCO’s Information Officer Catherine “Cat” Casey talk through AI trends in the legal industry.
View Part 2 of our 3 Part Series on Artificial Intelligence (AI) in the Legal Industry
The video transcript AI Trends in the Legal Industry follows:
Lee Neubecker: Hi, I’m back here again with Cat Casey from CS Disco. Thanks for coming back again.
Cat Casey: My total pleasure.
LN: We’re going to continue our conversation in this multipart series. This time, we’re talking about artificial intelligence and the trends impacting the legal industry and the whole eDiscovery industry as well.
CC: Absolutely, so in my role at Disco, I’m chief innovation officer, and one of the things I’m tasked with doing, both now and in my prior roles, is going out and figuring out what’s going on in the market, and what we’re seeing is AI written everywhere. Sometimes it’s true AI, sometimes it’s not, but what we are seeing is people want to find evidence faster. People want to eliminate those low-hanging tasks that aren’t the practice of law. And so, we’re seeing a lot of tools that are driving efficiency both in practice management and litigation management and in finding evidence.
LN: So where do you see we’ve gone in the last few years with AI in terms of advancements and providing products for the review process?
CC: When we first, I think, announced AI about 2006, seven, eight, nine, I was working as a channel partner with the company that patented the word predictive coding. That was the first AI model in eDiscovery and people liked it. They didn’t really want to use it. They were nervous. What I’ve seen is not only has the process improved instead of TAR 1.0, where you have a sample, you make decisions, and then, the algorithm might learn, we have continual models. So the tools got better, but the appetite to use them has increased dramatically, I think, in the last 18 months, because data’s getting very big, very complicated, and no amount of money or time is enough to actually get through it without using this sort of technology.
LN: So are you seeing that other messaging platforms are starting to become more a part of this process, like Slack?
CC: Oh, yeah.
LN: You’ve got all kinds of other messaging platforms, WhatsApp.
CC: Weird data is the new normal and I noticed it starting, I’ve been at Disco about a year, so starting my last 18 months at Gibson Dunn, where it used to be, okay, email, maybe text. That’s all I got to worry about. No, no, no, now I’m dealing with ephemeral messaging, which is self-destructing text messages. I’m dealing with collaboration tools like Slack and Messenger and Teams and each one of these tools has a challenge in terms of formatting the data, being able to review it, and relating it. Think of a given day. This morning, I was on Slack, then I was answering text messages, then I had a phone call, then I sent an email, then I went back to my Slack channel. That was before I got out of bed and if you want to recreate kind of this digital footprint of what people are doing, you need to have all of that info. And so, finding tools and partners that can deal with it is paramount.
LN: So does your platform at Disco, does it have APIs and import specs that match upon those alternate data streams?
CC: We do to a degree. We also do kind of a middleware layer of parsing and creating a new visualization, like say from a JSON file for Slack, we recreate that in our ecosystem and render it the way you would’ve seen it in the Slack dialogue box. And so, we’re developing more of those direct APIs of a 365 box, but we’ve worked on the visualization and ensuring that the data we receive is reviewable, usable, and easily rendered, so.
LN: Now, it’s interesting when we’ve collected cellphone data, we’ve used some of the popular tools on the market and the output of the data isn’t necessarily always easy for the attorneys to review. And what we’ve done is we’ve often taken the spreadsheet output of text.
CC: Oh yeah, yeah.
LN: So what are some of the challenges you see facing AI and its adoption over the next few years?
CC: Like with everything, it’s fear and desire. People desire the outcome of finding stuff faster, being able to practice law, but no attorney went to law school to play with relational databases and lambda calculus. I didn’t. And so, what ends up happening is there’s a fear of the unknown and a fear of explaining something to a judge who maybe didn’t even use a laptop when he was going to law school, probably didn’t. So there is a fear of using technology that folks don’t understand, a fear of explaining it, and that’s when having the right partner, the right person to testify, the right person to navigate you through this becomes so important.
LN: Have you seen much, part of my practice deals with patient electronic medical records?
CC: Oh yeah, yeah.
LN: And patient audit trails of EMR, electronic medical records.
CC: Oh, yeah.
LN: Usually, those records aren’t quite like an email thread. They’re more cryptic. They’re more accustomed to the specific platform the hospital’s use. Have you seen many of those cases come in where they’re pulling in the charts and various transcripts from the physicians and whatnot?
CC: I haven’t run into that as much at Disco, but when I was at PWC, we were doing very complex multilayer investigations, and so, we would have, sometimes, medical charts. Sometimes we would have trade databases and so, marrying and creating a story between that structured data and the unstructured data was always very challenging and very bespoke, and there’s some tech that’s beginning to create a unified place to do that. We’re looking in to do that as well, but it’s very hard to take that weirdly formatted data and render it in a way that then ties to what the humans are saying and then, help you get those facts to build your case.
LN: That’s great. Well, this has been great. In our next segment, we’ll be talking a little bit more about artificial intelligence and some of the potential challenges and impacts for organizations that don’t get on board. So thanks for coming on again.
CC: My pleasure.
View Part 1 of our 3 Part Series on Artificial Intelligence (AI) in the Legal Industry
View Other related blogs from Enigma Forensics.com
Does your employer require your fingerprint when you clock in for work? That fingerprint is considered private biometric information. BIPA is the Illinois law that protects its use. Experts Lee Neubecker and David Rownd share how this law affects employers that have Illinois based employees.
Biometric Information Privacy Act (BIPA) is a law that covers the employer’s use of biometric information of its employees. Biometrics are the physiological means to gather an individual’s uniqueness. The oldest most widely used is a fingerprint but other biometric identifiers may be also used such as; facial recognition, photos, retina scan, voice recognition, ear shape, and hand scans all are considered private biometric information. The Illinois BIPA law is designed to govern, secure, store and prohibit the sale of biometric information. Forensic Expert Lee Neubecker and David Rownd from Vedder Price discuss how BIPA may affect employers that have satellite offices in Illinois.
Part 1 of a 3 Part Series on Illinois’ Biometric Information Protection Act
The Video Transcript on BIPA: How It May Affect Employers in Illinois.
Lee Neubecker (LN): Hi I am here again with David Rownd from Vedder Price. Thanks for being on the show David
DavidRownd (DR): Thanks for having me
LN: David is an attorney that specializes in defending class action lawsuits also employment litigation, trade secret theft, and misappropriation. I asked him to come on the show today to talk a little bit about BIPA which is the Illinois Biometric Information Protection Act and specifically he deals with a lot of trading security-related financial services firms and since that law applies to Illinois and many trading firms in New York have satellite offices I wanted him to talk a little bit about the act and some of the concerns that employers should have if they have employees working in Illinois. So, David, can you tell us a little bit about BIPA what it is and what it entails?
DR: Basically it covers the employers use of biometric information of its employees and this can be a retinal scan it can be a fingerprint it can be a number of different things and it can be used for time cards access to the workplace and things like that and employers are using biometric information because its an easy way to keep track of employees. However, it is also a privacy issue and that’s where the BIPA comes in and BIPA is intended to regulate employers ability to utilize biometric information and put certain requirements on them for notifying employees they are using it and notifying employees why they are using it keeping written records of the biometric information and it specifically prohibits the sale of biometric information to third parties.
LN: It’s especially troublesome too because if you lose your biometric unique identifiers you can’t necessarily get those back unlike a social security number you could replace a social security number but if someone is able to copy your retina scan your fingerprints what not it could cause a lot of permanent damage.
DR: That’s true you only get one of those things
LN: So we will be talking later in the series next well be talking a little bit about what employers should do before they land in trouble with BIPA to help protect against finding themselves embroiled in litigation and then finally we’ll talk a little bit about some of the national happenings with Facebook and other entities who have been en snagged in the BIPA trap and we’ll conclude with there so thanks for being on the show today.
DR: Oh thanks for having me.
View related Employment Litigation articles on our website.
Artificial Intelligence (AI) can be used to vastly improve the eDiscovery document review process. Zylab is one of several eDiscovery vendors offering solutions utilizing AI. Lee Neubecker, Computer Forensic Expert, and President & CEO of Enigma Forensics met with Jeffrey Wolff, Director of eDiscovery Solutions at ZyLAB during his visit to the Legal Tech Conference 2020 in New York. Lee and Jeffrey discuss how AI can be used to conduct more effective eDiscovery.
Artificial Intelligence (AI) technology is everywhere. It’s hard to imagine how it’s being used in the legal industry where legal libraries filled with law books and courts filled with black-robed judges reign. In this formal traditional world, AI is now providing smart solutions for today’s electronically stored information or ESI and is streamlining the way the Legal Industry works.
In this video, Lee Neubecker, Computer Forensic Expert, and President & CEO of Enigma Forensics met with Jeffrey Wolff, Director of eDiscovery Solutions at ZyLAB during his visit to the Legal Tech Conference in New York. Lee and Jeffrey analyze how Artificial Intelligence (AI) develops smarter solutions in the eDiscovery process. Jeffrey shares with Lee that ZyLAB’s mission is to provide automated full-text retrieval using AI, for both on-premise or cloud-based solutions.
Watch Part 1 of a Three-Part Series on Artificial Intelligence (AI) and eDiscovery.
The video transcript of AI Smarter Solutions: eDiscovery follows.
Lee Neubecker: Hi, I have Jeff Wolff, back on the show from ZyLAB. Jeff, thanks for coming back on.
Jeff Wolff: Thank you.
LN: He’s their Director of eDiscovery, and I wanted to ask him some questions as it related to what differentiates ZyLAB from other products out on the market. Some of my clients may want to use this type of artificial intelligence program to help get through their review and see what the results are of using AI verse the traditional e-discovery review process, so.
LN: Jeff, could you tell us what sets ZyLAB apart from other competitors in the marketplace.
JW: Sure, sure, so first, I think ZyLAB is uniquely positioned in the fact we understand the corporate space quite well, as well as the law firm space, but we got our start incorporate, or start in information governance. So we are very vested in search and data science, and that’s really where we’ve put a lot of our focus. We have both on-premise solutions, as well as cloud-based, SaaS solutions like every other next-gen provider. But we really push our interface, our user interface and our user experience, as one of the most unique selling points. And that is, that it is not difficult to start using. Anyone, any legal professional can pick up our product in an hour, from start to finish, and understand really how you utilize it. Drag and drop interfaces for getting data into the system, and immediate color-coding and tagging, easy search, and the ability to really visualize your data and understand what’s in the dataset.
LN: Okay. So, what would you say for a company that has to deal with multiple jurisdictions, they’re in Europe, they’re in the US. JW: Sure. LN: There are some unique challenges posed by all the various regulations out there, like GDPR.
LN: Maybe the have operations in China. How could you help a company that has to deal with various regulatory authorities spanning the globe?
JW: Sure, and that’s another advantage that ZyLAB has, actually, we’re actually a global company, so we’re dual-headquartered in Washington, D.C., here in the US, as well as Amsterdam in the Netherlands, in the EU. And as a result, we have cloud operations in both jurisdictions. So our global customers can actually keep US data in the US, and they can keep the European Union in the EU, and not worry about that issue. But we also have the expertise, consulting expertise, in both environments, both geographic locations. For example, I’m doing a lot of work now with corporations, not so much focused on directly just on e-discovery, because e-discovery is a bit reactive, you know? Or corporations go through peaks and valleys with e-discovery, the litigation, something they have it, sometimes they don’t. What they constantly have though, are internal investigations, regulatory responses, in the highly regulated corporations. And more and more now, data privacy concerns. So, my European colleagues have been dealing with GDPR for a while, we’re now starting to feel it here in the US, with CCPA, the California Consumer Privacy Act. And there are a number of states on the horizon that are going to California’s examples, so corporations need to be able to find, and classify all the data that they have in their organization that has customer information because if those customers request it and they can’t provide it, they’re financially in a lot of trouble.
LN: Do you think that the regulations coming down on companies are going to fundamentally change how companies chose to communicate with their vendors, suppliers, and own employees?
JW: Absolutely. If you look at all the recent data breach situations, it’s typically not the organization that has the problem, and I won’t mention any of the large companies that have recently had data breaches, but it’s typically not the original company that had the issue, it’s one of their suppliers, or one of their vendors that had accesses to the database, and wasn’t protecting it properly, and that’s how the trouble began.
JW: Same thing with data privacy.
LN: The supply chain certainly is a huge point of vulnerability for all types of organizations. The governments, the military,
LN: and even corporations.
LN: So what do you see happening over the next few years with the adoption of AI platforms?
JW: I think the e-discovery market is going to fundamentally change. There’s still always going to be a need for discovery within corporations and law firms, but what you do you with the data is going to become much more important, so it’s going to be about how you can extract value from the data, not just metadata, which we’ve always been able to do for years now, but now more about looking for entity information. People, places, organizations that are mentioned in documents and emails, and collaborative environments, and being able to visualize those, and quickly drill down to what was going on in your organization. You know, if you got people that are going to the dentist three times a week, they’re not doing to the dentist, they’re doing something else, They’re just writing about going to the dentist.
JW: Software like ours that can identify those references in documents are going to be crucial to the success of organizations.
LN: That’s great. So it seems that there’s continued e-discovery service provider consolidation out there.
LN: The companies that are using tools that are more of a channel partner tool to resell.
LN: But as those companies consolidate, do you think that there’s going to be a movement away from those providers where, the company, the firms, directly do their own e-discovery?
JW: Oh, yes. Yeah, very much so. We’ve been seeing that over the last few years. A lot of companies, even small companies that tend to have, in the past, just used outside vendors for e-discovery, are now deciding that they prefer to control, not just the cost, but also their data. They don’t want their data outside of the organization for reasons we’ve already talked about. So they’re purchasing in-house tools that they can use themselves, and then they can invite outside counsel in to make use of, that way they control their costs, they control the efficiency, and they control the data.
LN: Well, this has been great. Thanks a bunch for being on the show.
Lee Neubecker: Thank you again.
LN: Take care.
JW: Bye bye.
View related articles on Artificial Intelligence
View ZyLAB’s for more information on (AI) Smart Solutions: eDiscovery
Forensic Experts Lee Neubecker and Cat Casey from DISCO discuss Artificial Intelligence (AI) as it relates to improving Legal technology.
Artificial Intelligence (AI) thinks, learns and problem solves more efficiently than humans. AI is all around us and in almost everything we touch, it is an algorithm that is designed to make our lives easier and is sometimes referred to as machine learning.
In the case of litigation, it can save time and money by streamlining the process of document review, eDiscovery, and preparation for forensic cases. Computer Forensic Expert, Lee Neubecker and Catherine “Cat” Casey who is the Chief Innovation Officer for DISCO discuss how AI works to improve legal technology.
DISCO is a leader in legal technology is a developer of a cloud-native eDiscovery software for law firms designed to automate and simplify error-prone tasks. They provide a myriad of different types of analytics that will supercharge searching data dramatically reducing time and money.
Part 1 of our Three-Part Series on Artificial Intelligence (AI)
The Video Transcript Follows.
Lee Neubecker (LN): Hi, I’m here today with Cat Casey from CS DISCO. Thanks for being on the show.
Cat Casey (CC): My pleasure.
LN: We’re going to talk a little about artificial intelligence as it relates to eDiscovery and document review. Cat, can you tell us just a little bit about what your firm does to help speed up the review process and lower costs for clients.
CC: Absolutely, we’re a cloud-native AI-powered eDiscovery company. And what that means is we’ve got vast amounts of elastic computational power that we can use to run a myriad of different types of analytics on data to supercharge your searching and dramatically reduce the amount of time it takes you to get to that key actionable evidence. So, we’ve kind of flipped everything on its head. Instead of being a question of how quickly can I read through all of this data, it’s how laparoscopically can I surgically find all of that key information. The results that we’re seeing are pretty resounding. Up to 60% reduction in time to get to that key evidence. Freeing up attorneys to get back to what they went to school for, the practice of law. It’s pretty compelling. We’ve had some pretty interesting additions, including even today, we just announced, I think, the first true AI in eDiscovery with AI model sharing. Basically, with each iteration, with each type of case that you conduct with DISCO, our algorithms are getting smarter. We’re extracting insights and building in more robust taxonomy and analytic structure to parse data, which is going to yield better and better results for our clients. It’s truly exciting.
LN: So we’ve come a long way from the early days when the attorneys wanted everything printed and Bates-labeled before they looked at it. To now, moving ahead using TAR, technology-assisted review, like artificial intelligence, which fits into that, correct?
CC: 100%, we have a continual active learning model, so it’s more reinforcement learning than a standard supervised learning model. Basically, from the coding of document one, our algorithm’s getting smarter and making recommendations on highly likely to be similar documents. We battle test the algorithm on an ongoing basis. Whether it is an affirmative or a negative for a suggested document, the algorithm learns more, and because of that, we prioritize the most relevant information quickly and people are able to then accelerate their review speeds by up to, I think we’ve had over 180 docs per hour. So, it’s pretty compelling and this is just the beginning.
LN: So your platform’s all in the cloud, correct? So companies or law firms, they need no infrastructure other than a browser?
CC: 100%, the nice thing, in my prior life, I ran a global discovery program, and I spent hundreds of thousands of dollars a year just to keep pace, just to have storage, just to have basic replication and back up, and all of that. Now, even a small firm, all the way up to an Am Law One firm or a massive Fortune One company, they can have the same robust technology without having to set up a data center, without having to invest a ton of money. It lets everyone level up and has a better experience throughout the discovery process.
LN: One of the challenges a lot of my clients always have is they have a need to understand what the costs are going to be and to be able to communicate to their clients those expectations so they’re not throwing their clients on the eDiscovery rollercoaster of non-controllable bills. How does DISCO help to address those concerns?
CC: Transparency is a major pain point. One of the banes of my existence used to be trying to normalize this pricing model versus this, versus this service provider, versus this technology. We just throw that all out. We charge one flat amount per gig. It includes analytics. It includes processing. It includes everything, and we work with you to get the volume of data that is being applied to that one flat cost per gig down. It eliminates that hide the ball gotcha moment and it gives a lot of transparency. And of course, if someone wants a different model, we’re happy to accommodate that. But in general, straight, simple, honest. It’s really rewarding for our clients.
LN: So, what cases, what types of litigation case matters do you see as having some of the best benefits of being migrated into your platform?
CC: Yeah, I think any case can. If you’re a tiny company, it helps you be David versus Goliath. Even on a small data volume case, you can start getting insights and reduce the amount of time you’re having to spend doing something maybe you can’t chargeback for. For a big massive case, because we are an AWS and we were built on kind of convolutional neural networking, we’re moving, and we have such a robust computational lift, even we’ve had 150 million documents with hundreds of users and we still have sub one second page to page. We are still lightning fast. And so, whether it’s a big case, a simple case, a complex case, there is a value proposition for almost anyone.
LN: In terms of the types of law firms that are using your platform, do you see many smaller, medium-size firms using your–
CC: Tons, actually tons. That was where we got our teeth. Boutique, we started as a boutique law firm. We actually were a bunch of attorneys that were frustrated that all the tools were terrible, and so they built their own. And so, the foundation of DISCO, we had a family of tons of boutique law firms that we were supporting, we still do to this day. The tool we built though, had a longer vision. It was built to be much bigger and more scalable, and as a result, that’s why you’re seeing us with major, the WilmerHales of the world, very large firms and very large corporations because the tool itself can scale up so much.
LN: Great, what are some of the challenges of working, that law firms find that already have entrenched solutions? There are other review products out there and if they really want to make the benefit of your platform, don’t they have to kind of fully use it for the case?
CC: I would say you probably don’t want to split the baby with a case. If you’re processing with another tool, you’re not going to get the same benefit as working with DISCO. But you don’t have to move your entire litigation portfolio to DISCO day one. We’re seeing a lot of people that are sunsetting Legacy Product and Legacy Platforms moving towards DISCO, but it’s not, “I’m going to move every single case today.” It’s going forward, we’re going to start bringing in new cases. There tends to be such an improved experience and improved UI for the attorneys that they start to not want to use the other technology as much.
LN: I know as a computer forensic expert, oftentimes we’re going out initially collecting and forensically preserving the data. But your product sounds like it would be right for a firm that does forensics that needs to collect different data from computers, possibly harvest just an email. Filter the dates and times of the email to a PST and then they can take those PSTs and upload it into your platform, correct?
CC: 100% and we also, we’ve productized some advanced ECA, where we charge a much, much lower rate. So, you get three months no cost hosting. It’s half the usual rate, and you can do ECA for up to three months. And the goal of that is to let’s whittle down to the most surgical, teeny, tiny, laparoscopic piece of data set that you can have. An example was we had a 20 million document case and we were able to run the ECA, get it down to about 5.6 million documents. Run more coaling, run our analytics, get it down to about 200,000 documents. And usually, that would be when you have to review every single one, but we were able to, with our workflow, with CAL, get it down to 140,000 documents. And so, if you think 50 bucks an hour, an attorney can only do 50 docs an hour, the cost savings is monumental.
LN: So as someone uses your platform and they start to tag and prioritize certain documents, your software learns based on that taking. It helps find related concepts to those conversations and what not?
CC: 100%, 100%.
LN: So really, the more that are reviewed as responsive, similar concepts and whatnot so that important links aren’t missed.
CC: 100% and because we do automatic batching, is every new batch of documents a person gets because we’ve applied this artificial intelligence and continual active learning model, it is a more relevant subset of data and people are able to go through it more faster. And sometimes, they will get to a point where they can say, “I’ve hit all my relevant information. “The rest is not relevant. “I’m going to sample it and statistically determine “I don’t have to review those last 100,000 documents “that maybe aren’t relevant,” and it’s pretty cool.
LN: In our next segment, we’re going to be talking What the trends are in the industry impacting law and eDiscovery. And then finally, we’ll talk about some of the pitfalls of what companies, organizations, and law firms face if they don’t embrace artificial intelligence to help make their review process more efficient. Well, thanks for being on the show.
CC: My pleasure.
More Related Articles About Artificial Intelligence (AI) )
View DISO’s website to learn more about AI trends in Legal Industry
Experts Lee Neubecker and Dr. Nicole Konkel make suggestions that will help make your LinkedIn profile look attractive to to an employer.
Prospecting for a new career can be a daunting task. Suddenly, you’re overcome by a huge tsunami of anxiety by just knowing a prospective employer will be looking at your social media presence. Take a deep breath, your new career will be within reach after you watch this video.
President & CEO Lee Neubecker and Human Resource Executive, Dr. Nicole Konkel offer responsible social media tips that will polish your LinkedIn profile and make you stand out. Their tips will help you establish a digital resume that will catapult you to a new career.
Part 3 in our Three-Part Series on Social Media Do’s and Dont’s
The video transcript follows
Lee Neubecker: Hi I’m back again with Dr. Nicole Konkel who’s an organizational development expert. And I asked her to come on to continue our earlier series talking about social media do’s and don’ts as it relates to being an employee. And so thanks for being on the show again, Nicole.
Nicole Konkel: Oh, no problem my pleasure Lee. Thanks for having me.
LN: So we talked a little bit about some of the things that you shouldn’t do. Can you tell people who are in an active job search mode, hoping to maybe work at your firm or some other firm? What are the things that you would suggest that they do as it relates to making their LinkedIn profile look attractive to an employer?
NK: Sure. So I always will tell people when you’re looking, actively searching for employment, make sure your LinkedIn page is open. I would caution you if you’re currently employed not to have a situation where you are shown as actively looking or actively interested in recruiters contacting you because obviously your current employer can see that. But what I want to make sure of is that your page is professional. Professional means no spelling and grammar errors. Professionalism also means outlining what your accomplishments have been. One of the things that people do when they’re looking for jobs is we want to talk about results, and not just job duties, but results. And so to make a big focus on that on your LinkedIn page.
LN: And certainly not having typos.
NK: Please no typos. No typos, no grammatically incorrect sentences, speak about yourself in the first person. You are selling yourself on LinkedIn, essentially and you want people to read that and say, “I want to contact this person.”
LN: And speaking of contact, what would you recommend people do with regard to the contact information tip?
NK: Well, I really, really encourage people to have a professional email address. So nothing with any sort of sexual innuendos. I would also say nothing that’s related to your birthday. Unfortunately age discrimination is is something that is real. And so we don’t want to have that be out there. And so I would just say my email address is Nicole, my former name [email protected] That’s what I wanted people to see. And so that’s what email I use when I’m in a job search.
LN: Now, what about the photo? What are your thoughts on what you’ve seen with LinkedIn photos, what’s worked, what hasn’t worked?
NK: What doesn’t work is a picture of your dog. What doesn’t work are selfies. I think that in this day and age, we all have the opportunity to have a professional headshot. There is no other type of photo that should be on LinkedIn In my opinion, other than a professional headshot. Even if you have to do it with your own iPhone or Android device, we are able to do that. But you should be in professional clothing, you should look like you are going on a job interview in that photo.
LN: And if you’re on a budget, you can use services like Upwork and find a photographer, that if you’re patient and flexible, you should be able to get a professional headsetset.org or even go to, one of the department store.
NK: Absolutely, I mean, you can easily do a professional headshot for $20 easily.
LN: And the other thing too is you can actually hire people who are professionals in HR to help edit your LinkedIn and give you that critique.
NK: Yes. Yes. I do believe there’s value in that. I do think that you should work with people that are reputable. Not everybody that says that they look at LinkedIn profiles and resumes should be and so I think you should look at some examples of work that they’ve done in the past to see if that’s something that will be beneficial to you moving forward. But in no time should you go into that thinking if this person does my resume or does my LinkedIn page, I’m automatically going to get a job. It’s still putting your best foot forward out there with all different types of aspects that are necessary for the job search.
LN: I’d like to see certification.
NK: For sure
LN: Papers, I especially like to see that the person can write.
LN: That’s not appropriate for all positions, but it’s helpful.
NK: For sure. Even if there is maybe you’re not the perfect grammatical person, you should be in your LinkedIn profile.
LN: You can get someone who has to check your page.
NK: Yes, exactly. And so there’s really not a reason why that should not be happening.
LN: What are your thoughts about, what’s your opinion when you see an employee that has reviews and how would you advise people to approach the review section?
NK: On LinkedIn?
LN: On LinkedIn.
NK: I honestly as an employer, don’t really pay attention much to the review section. But when I have, I’ve looked at the person that’s actually writing the review. I’ve actually gone in and clicked on their profile to see what role they actually have, how that person has interacted in the past. If it’s a former employer, that’s always good, for you to have a former boss or, supervisor or colleague, but it should definitely be a professional review. If you want to go have your friends to review so make sure they’re professional and they’re talking about work.
LN: I agree with that it when I look at the reviews if the reviews are written from people who clearly were a peer review helps as well.
LN: If it’s a supervisory review it means more, but I also look at the quality and caliber of the writing of the reviewers. So you don’t want to have someone writing a review on your page that has grammatical doesn’t really speak well.
LN: But I also look to see if It’s a review swap. Because essentially, the effective way to get a review is to write one. So I’ll look at the profiles to see that as well.
NK: Right. I think that that’s true. I think the most valuable review is from a former supervisor or a current supervisor that’s talking about your current work. When people are reviewing they should be talking about the results that you’ve done. It’s you know, John is a great person, is great, but it doesn’t tell a potential employer anything about how you’re going to be for them if they hire you.
LN: Something like John came in, took over our factory project, realigned the team, achieved a 20% growth and sales and 10% improvement and profitability that’s kind of action-oriented.
NK: Action-oriented is really what is going to get you noticed. When we’re talking about reviews when we’re talking about your resume when we’re talking about LinkedIn.
LN: Are there any other thoughts you have before we wrap up? NK: I just want people to know that LinkedIn is a great tool. But the best tool for actually getting whatever opportunity that you want and keeping it or being successful is being the best you, whether you’re in private or in social media. And so always keep that in mind. We are always under a radar, somebody is always looking at
NK: And so how do you want that to be viewed in the future
LN: Great. Well thank you so much for being on the show.
NK: Thank you for having me, Lee.
Watch Part 1 and 2 of our Social Media Do’s and Don’t Series
Hiring Managers are looking at your social media history so candidates should be doing the same. Everyone should be doing their homework. Lee Neubecker and Dr. Nicole Konkel discuss the how to use social media reconnaissance techniques to prepare for your next interview.
Keys to using social media reconnaissance before your interview
Social media is a valuable research tool to discover key hiring decision-makers when preparing to interview for your dream job. Matchmaking for that ideal employer-employee fit is now a two-way street. Hiring managers are looking at your LinkedIn, Facebook and other social media sites. Career seekers should be doing the same to prepare for that next interview. Job seekers are also looking at various websites to get a better understanding of the company’s culture, people and expectations. Performing your own homework including looking at online reviews from current and past employees can provide you a leg up on the day of your interview. Social media sites such as GlassDoor.com, Linkedin.com and even Facebook.com or Twitter.com may provide you with important insights that will enable you to ask thoughtful questions that demonstrate a deeper understanding of the prospective hiring organization.
President & CEO of Enigma Forensics, Lee Neubecker and Human Resource Executive, Dr. Nicole Konkel urge everyone to use all the social media tools to your best ability. Performing advanced social media reconnaissance of your prospective employer’s social media profile as well as your likely interviewers can provide you a leg up when you arrive for your interview. Listen to these important interview prep tips for seasoned experts in HR and online social media reconnaissance.
Lee Neubecker: Hi I’m back again with Dr. Nicole Konkel who’s an organizational design and development expert.
Nicole Konkel: Sure, yep, hi Lee. Great to be here again.
LN: And glad to have you on. I’ve asked Nicole to provide some insight to people out there on my network, as well as hers, that are looking for a job, in terms of what they should be doing to before they apply to their position, to make sure they’re well-prepared and they get off on the right foot. And that it’s a good fit.
NK: Sure, so Lee, I think it’s really important for you as a job seeker to interview and research the company that you’re applying for or applying to just as much as they’re going to do for you or to you. And so that means looking at social websites which will give you employee reviews and listen and not every review, most people don’t go to reviews to write good things. So we have to look at that and say who is giving this review? But look for patterns, look for employees saying the same things over and over again. That may not be any part of a culture that you would want to be in. Look for trends, look for better business bureau scores. Look for information on their current employees and look them up, look up their leadership teams.
LN: Now, I understand at least from reading that one of the most important determinants of someone’s happiness in a role in the relationship with their supervisor.
NK: For sure. LN: So would you recommend trying to find out who’s hiring for the role you’re applying for?
NK: Absolutely, you should definitely know who your potential supervisor is going to be. You should know if it’s a replacement position, why the last person left. You should ask these questions to every person that you interview with. Because what I can guarantee you is, in job searches that I do, I’m interviewing with multiple executives and companies. And every one of them is going to give you a somewhat different answer. While it may get you to the same place, it’s going to be a different answer and it’s going to give you a lot of insight.
LN: Well, I know too there are premium subscriptions you can sign up for, like in Linked In, that will give you more options where you can do the searching. And it might be helpful for you to know, who’s working at ACME Corp.?
NK: For sure.
LN: If you pay a little bit more you can see the employees you can tell who’s a second-degree connection, a third-degree connection.
LN: And if you happen to know someone in common, especially if you reach out to them before
LN: You can get intel on the person or the people working there that can really bolster your chances I’d think.
NK: Right, definitely a connection is going to be a really good step in getting you in the door for an interview. Versus just sending your resume like the other four hundred and ninety-nine people and hope that someone sees it. Most of the time they don’t get past the first 30. So I definitely feel, I don’t necessarily think you have to pay for additional services, I think a lot of that is out there for us to see for free. But definitely some benefits if you have the means to do so to get that additional information.
LN: Well, one of the things that people might not know about is that if you paid for the premium membership then you’ve already applied for a job at ACME Corp. you can see who’s clicking on your profile.
LN: And then you can tell who’s likely going to interview you. So without them even having to disclose who’s going to interview you you might be able to find out their interests, what shows they like.
LN: There’s a website called PQ, you can dig, you might be able to get details on their social media. The more homework you do, it always impresses people, you just don’t want to creep them out.
LN: It’s okay to say “I looked online, I’m interested in your company” “I understand you do this and that.”
LN: But it’s okay to say, “Oh I looked online probably the better that interview will go.
NK: Absolutely, I think it is very important to have details on those individuals are really like, “Oh wow. You looked me up?” Now, I wouldn’t necessarily say, “Hey, I saw it on Facebook “that you and your three kids went on vacation last week.” But I would keep it to the more professional accomplishments. If they have any reviews on Linked In that people have written for them, bring those things up because that only helps you.
LN: I recommend too that everyone consider making their own branded blog, like Dr. Nicole or I’ve got Leeneubecker.com because from time to time you move from company to company or you might sell a firm like I sold my firm, and someone wants to connect with you. NK: Exactly.
LN: When that happens, you have to be accessible.
LN: And sometimes you lose control over your old workplace email, which raises another important point. Do no use your company email on your Linked In account.
NK: Please don’t.
LN: Because you might find yourself suddenly severed from your job and you’ll lose all your connections.
NK: Right, you in any social media that is yours, you should be using your own information, not your company.
LN: That’s right, oh, I think we’ve got a like on our Linked In. Well, thanks a bunch for being on the show, this is great
Energy is vital to our everyday life. Companies face a competing demand to preserve data and at the same time continue to function. Experts Lee Neubecker and Geary Sikich give advice on how to overcome these challenges.
The Energy Sector provides the global economy with oil, gasoline, electricity, wind and natural gas. An Energy Industry incident could be a physical attack on a power grid or a cyber attack that stops a company from functioning. The properly planned and orchestrated energy sector incident response will minimize or reduce recovery time and loss. Potentially saving lives! Enigma Forensics CEO & President, Lee Neubecker and Geary Sikich, Principal at Logical Management Systems, Corp. strongly urge all companies to create an incident response plan.
This is the final segment in the four-part series on Energy Sector Cyber Insecurity.
Energy Sector Incident Response video transcript follows
Lee Neubecker: Hi I’m here again with Geary Sikich, and we’re continuing with our final fourth part segment in this discussion about global cyber insecurity as it relates to the energy sector. And in this segment, we’ll be telling you a little bit more about some of the things that need to happen, related to the incident response of a data breach, for the energy sector. Geary, thanks for coming back.
Geary Sikich: Thanks Lee for having me. I think this is, probably one of those areas that are challenging to talk about.
LN: Yeah, certainly, and at the forefront, when things first go wrong, there’s a need to immediately take action to help preserve the data, and collect data so that it can be analyzed. But at the same time, there’s a competing demand for wanting the organization to function. And sometimes those two needs, create conflicts.
GS: Yeah, they sort of butt heads if you will. Yeah, I think the issue for a number of organizations, and I’ve experienced being in the kind of command center if you will, of organizations where their website had gone down. And it was, one of these where a lot of stuff was processed through the portals that they had there. Suddenly there was this pressure to get things back up, and then to look at, what is this costing us? Because now our customers cannot execute their orders and whatnot. And that becomes a challenge because it’s the urgency issue. The other aspect is that when we look at incident response, and this is a little bit different from the typical natural disaster incident response. If I’ve been breached in a cyber incident, how long is it before I actually realize that I’ve been breached? It may not happen very quickly, it could be very subtle. And things could be manipulated, and suddenly I’m in a situation like some of the big companies that had data hack, where all the sudden personal accounts of cardholders are exposed. Now, what do I do? So there’s a lot of not the only rapid response that’s needed, but a lot of consequence analysis that’s really needed.
LN: Is it?
GS: How do you do that and yet maintain, as you were saying, and begin to look at that.
GS: From, not really a legal standpoint, but, from a defensive standpoint.
LN: Yeah, well there’s a lot that needs to happen in a short period of time, you have the collection and preservation. Which, forensic professionals are often called in, such as myself. To collect the data. Firewalls, servers, logs. Then you also have the analysis of that data to determine, what are the motivations of the attacker? Was it an attacker? Was it negligence? You know, oftentimes things go down, people assume it’s a cyber attack, external. It could be an internal attack, it could just be something as innocent as, I’ve seen a new system coming online that’s supposed to help back up and provide redundancy, actually reformat a storage NAS array, that it was supposed to help protect. So, these things can happen. And quickly understanding, making sure that data doesn’t disappear that could be used to rebuild is important And that’s where bringing in the outsider’s important because someone new coming in doesn’t have skin in the game. And, you really need that objective party, to help you figure out what’s happening.
GS: But I think that in that respect when you bring in someone from outside, they also have a vested interest in making sure that, from not only a reputation standpoint but also from the standpoint of the viability of their services, making sure that they’re helping to alleviate the issue. And to bring back some, equilibrium if you will. So there’s this issue of consequence management that comes to bear on those–
LN: And you have some conflicts that happen with having the people that were, kind of in charge of watching over the equipment, do the investigation. And that can cause some, serious problems to the organization. And it may be very well that, the attack wasn’t the fault of the people responsible for managing it. But, if for instance there was, an action that took place that might show some carelessness or mishandling of events by the people in charge of IT, there’s a real risk there that, that person might take actions that could result in further data destruction. In an effort to cover up, what had happened.
GS: So now in that respect, we need to protect, we need to begin to look at how we manage the data collection post-incident, or during an incident, if you will. There obviously some legal ramifications.
LN: Yeah well whoever does this might have to testify. And that’s another reason why having a third party come in to do this work is important. Because you may want, legal may want to know, “well before we put an expert up to testify in this, “just tell us what happened and how do we respond? “How do we get ahead of this?” If it was a problem with a vendor, you want to know that. Because the clocks ticking. You know from the time a data breach is confirmed, it is a real data breach and known, to the time it has to be reported, oftentimes its thirty days. So there’s not a lot of time, to wait around If your data breached before you get in your expert, your forensic expert to inspect.
GS: Okay, so we’ve got a legal consideration, that has to be looked at. Insurance today has changed in a lot of respects. So, business interruption insurance. Obviously, that’s a critical area because if you want to file a claim–
LN: Yeah you have to report it to the carrier, or even if you have cyber coverage, it might not be covered if you failed to notify the insurance company of the incident.
GS: So, when I look at that aspect and say, “I’ve got a business interruption policy,” you mention cyber. And now I know that there are other writers to those policies. Like for terrorism and things like that today. If I don’t have a cyber writer, which is a contingent business interruption issue, my business interruption insurance may not cover me, on something like that. So it really becomes more incumbent to have one, the knowledge, two, to be able to look at the legal considerations, three, to begin to understand insurance laws, what do I have from a coverage standpoint? Which is where the traditional risk management group comes into play. But IT’s got to coordinate with them, to ensure all that.
LN: Exactly, and I had Todd Rowe on my show, who’s an insurance cyber attorney, that deals with these coverage issues. So, that’s an excellent video to watch that delves into that more. The other things though with incident response, you know you have the potential PR issues that relate to being data breached. So really, you need to assemble your team, your in-house legal, your HR, your media advisor. Preferably you have a PR firm that has dealt with data breaches before. And then, you’ve got to put together a plan. And all this stuff needs to be going on in parallel. So while that’s happening, your internal people are probably trying to work on, getting their disaster recovery systems restored. You might even have an outside IT provider come in and help bring those systems back up online. The workload that happens when a data breach has occurred, is such that it really isn’t pragmatic or practical to try to have internal IT do all the work. And it also isn’t covered by insurance typically. The outside providers will usually be covered, but not the internal people.
GS: So, if from a structural standpoint, and I’ll draw this to the areas that I worked in many years back after some of the events in the energy industry. Oil spills and things like that. Where industries adopted what they called an incident command system. The United States now has the National Incident Management System. So with cyber though, the composition, in terms of that team, is not necessarily the same that we would see in a typical, incident command system as is generally presented. So from a functional standpoint, I think that there are some things that I would look at. One, somebody’s got to be in charge. Two, somebody’s got to look at planning. What’s going on, and future planning, what do we do? Three, operationally, what’s effected what’s not affected? How do we keep it from cascading? Four, a communications perspective. Internal and external. An administrative function, which looks at the financial aspects. An infrastructure function, which again, internal-external infrastructure. And then, the aspect of, you know, bringing this all together as a team. Your HR people, all these other things. So, yeah.
LN: That was an excellent wrap-up Geary. I really appreciate you being on the show. If you liked this video, please share it. And check out the other segments we did as well. Thanks again Geary for being on the show.
GS: Thank you, Lee. Very challenging to present on this topic. So much.
LN: Be safe.
Watch the other segments in our Cyber Insecurity in the Energy Sector Series.
The Energy Sector must protect the electric power grid system, oil, and natural gas infrastructures from the ever changing cybersecurity environment. Enigma Forensics CEO & President, Lee Neubecker and Geary Sikich, Principal at Logical Management Systems, Corp. cover the many steps necessary in detection and protection against any and all threats.
As global unrest heats up, the Energy Sector has to maintain its cool. What is the energy sector? The oil, electric power grid, natural gas refineries, and pipelines are all part of the intricate web of the energy sector. To avoid a disaster they must wrestle with the ever-changing cyber security environment, protect themselves from internal and external threats in all of the energy sector infrastructures all while keeping up with energy demands. That’s a mammoth task! Both experts agree Energy Sector protection can be achieved if approached with precision. Enigma Forensics CEO & President, Lee Neubecker and Geary Sikich, Principal at Logical Management Systems, Corp. cover the many steps necessary in detection and protection against any and all threats.
Part 3 in the four-part series on Energy Sector Cyber Insecurity.
Lee Neubecker: I’m back again with Geary Sikich and we’re continuing our series discussing cyber global insecurity, as it relates to the energy sector. And in this segment, we’re going to talk more about things that can be done to help protect against these cyber threats.
Geary Sikich: So Lee, when we look at protection, I think there’s a three-level process and I think you can describe some of the things that have to go on in these three levels. Strategically, I put together a business plan for an organization and that organization sets goals and objectives, one would be to have cybersecurity. Now, how do I execute that, what are the things that, at the operational and tactical level, the things that really are going to prevent, what are those things, what are those things that are going to help me?
LN: Well, much like we were talking before about detecting compromises, having a solid inventory on what your digital assets are, what computer devices, what cell phones, if you know what your devices are and you have that information available, you’ll be able to spot when something goes wrong. So, part of protecting is doing the bean-counting work of inventorying your digital assets.
GS: So, it’s not just an audit process, it’s a much more of a detailed look at what those assets consist of?
LN: Yeah and once you know what your assets are, you can figure out, who are they assigned to? If someone leaves your organization, you should have accountability steps in place to retrieve those assets. You should also be inventorying the state of those assets, are they fully patched and up-to-date? If you’re not patching your devices, you’re at great risk of cyber compromise.
GS: So is identity, not only do I have to worry about being compromised from an external source but I also have the internal threat of a disgruntled employee, of someone leaving the company, not with any mal, you know, intent, no malicious intent, if you will but just not following up on what I should have done as they out-process.
LN: Exactly, password rotations, people have weak passwords, people become compromised, people reuse their passwords. As someone reused their password for one of your important infrastructure systems on a popular social media site and that site becomes compromised, guess what, those passwords get loaded up into software for hacking and they do what’s known as “credential-stuffing attack”, they loop through and they fire at every device they can using the username and password, the known username and password and that’s how a lot of people fall prey to attacks.
GS: So, in that context, should you store passwords via one of them, like Google Chrome or some of the other, Internet Explorer, those types of things, should you store passwords that way?
LN: I recommend against storing it in your browser. If you’re going to store them somewhere, I think a password management tool like LastPass, that has two-factor capabilities, two-factor authentication essentially means that you have to know your, it’s something you know, plus something you have or something you are and in the case of LastPass, you’re typically using either your cell phone with an app that has an authenticator, that’s something you have, plus your master password and that helps protect against someone intercepting your password and being able to log on.
GS: So, in essence, protection is not a simplified process, protection is something that we have to, sort of, dedicate ourselves to conscientiously and make sure that we continue to maintain an up-to-date awareness, in order to be able to fully protect ourselves.
LN: Exactly and that brings in your staff, you need to know that your staff are being educated about popular ways that companies become compromised like if a bunch of USB devices are dropped in the parking lot, they might say things like “payroll” or something on it, would your employees plug that into your computer, you know, are you testing for that? You know, there are things you can do, there are services out there where you can have your own organization spearfished by a white-hat hacker, that’s going to tell you who clicked and then you know who you need to educate.
GS: So, we’ve made two points thus far on protection. One is that it needs to be part of the business plan, it has to be audited. In terms of auditing, knowing what you have devices-wise. Second is that you have to have educated employees. Now, both of those aspects present somewhat of a business conundrum, if you will. Education doesn’t necessarily equate to dollars coming in but from a protection standpoint, I think the sales point would be that it prevents dollars going out and the better educated, the more aware so that we can look at the other aspects that we discussed, detecting and protecting being two.
LN: Unfortunately, if you run an organization today, you have a new job, which is to make sure that you’re cyber secure and it’s a serious threat that corporate boards are making their CEOs accountable for so you know and it’s multi-faceted, you got to train your employees, you got to nail what you have, you got to make sure what you have is up-to-date and patched and then you also need to make sure that you have some mechanism to monitor and record events so that you can tell if you become compromised so the protection really requires much more today than it used to, it’s, the number of ways that an organization can become compromised, can be via an employee’s cell phone that becomes compromised and then it launches an attack on your internal systems.
GS: So, in the, it’s kind of like the mindset, if you will, has to be changed, in terms of looking at management and their commitment to cybersecurity protection. In the days past, we looked at protection. “What can I do, put up a wall, what can I do, “I can physically protect my facilities and my operation.” Now, today, that becomes more of a challenge because we’re dependent more on things that are not necessarily in the realm of physical protection per se so we really have to be getting to rethink how we look at protection and then ensure that the process is continuous, not a one-time situation.
LN: Exactly and certainly, you know, a DR, known as disaster-recovery planning and contingency planning can go a long way, you know, a simple act of making an offline backup on a periodic basis and you know, maybe that’s only once a month for some organizations but at least, if you have something offline, if you get hit by a Cryptolocker attack, the risk comes down to “well, what does it cost “for us to rebuild the last month?” Or maybe it’s the last week or maybe it’s last night so thinking through, I think going through the disaster-recovery planning exercise is a really good way to help protect your organization.
GS: Okay, I agree with you on the planning aspect. The caution I would say with that is that all too often, organizations develop disaster-recovery, business continuity, other types of plans to deal with emergencies, the response. The challenge is that those plans need to be kept, as you did say, with the cyber up-to-date and consistently reviewed, we have to have it in the mental work.
LN: And that’s where having someone like you and myself come into audit the business risk and actually inspect to see is the plan being followed, is the C-suite having a false sense of security because there’s this plan that was produced years ago, that no one’s really looked into, you know, it doesn’t take but you know, I think, you and I onsite for one day, we could help poke holes and give a report of, is an organization following their plan or does it look like everything’s far off but you’re not going to get that reporting from your own people internally.
GS: Yeah, I think it’s a challenge for people internally because there’s a vested interest, number one. Number two, they think that, in a lot of respects, they’ve done what needs to get done. The other aspect and I think this is important from what you pointed out, is that when you begin to look at today’s plans, you have to realize, they’re kind of reactive, in many respects, they’re not very proactive so they react to an event happening. That’s good because that helps companies become more resilient but it doesn’t keep them from protecting themselves as they need to.
LN: Exactly but there’s also a financial component to these plans, you know, it’s not uncommon that IT, they’ll go through this exercise and then afterwards, they’ll say “well, I need this subscription, this software, “I need this vendor” and none of that funding comes through but it’s much better and that sometimes gets lost in the minutiae from planning to execution and if that, in fact, is happening, you’ll want to know about it before you need the DR and it’s not there.
LN: So, I think that wraps up our section on protection. In our next segment, we’ll be talking a little bit more about responding to the crisis of a cyber breach, as it relates to the energy sector.
Watch the other segments on Cyber Insecurity in the Energy Sector