Why doesn’t Divvy Bike Share System use the same GPS technology as Lyft? Isn’t Divvy managed by Lyft? We have more solutions for Divvy Bike Share Security. Check this out!
We were wondering how safe is the Divvy bike-share system security? Enigma Forensics has been following the Divvy bike story. We love the idea of the ease and accessibility to rent a bike but don’t want the criminals to ruin this city-wide opportunity.
Divvy Bike Share System
The Divvy Bike Share System is a great resource that has been open for business 24 hours a day, 7 days a week, and 365 days a year. All different shapes and sizes of people are able to use bike share to commute to work or school, explore the city, attend appointments, meet up with friends, and everything else in between. The beauty of the Divvy bike-share system is that it offers affordable transportation and features bikes that can be unlocked from one station and returned to any other station throughout the city. This all sounds like a great program for the city but the recent looting in Chicago has led to occasional lockdowns on Divvy Bike usage. We thought we would take a deeper dive and discover how safe is the Divvy Bike security.
Divvy Bike Issues
Divvy has been plagued with several issues that not only include difficulty in docking at stations that allow bikes to be obtained when legitimate riders fail to fully dock and lock their bikes. It has also been reported these docking issues lead to a significant amount of stolen bikes used in crimes. To make matters worse, additional ways to obtain access to a Divvy bike can be easily accomplished by using a stolen credit card to unlock a bike. How? There isn’t a two-factor authentication required to unlock a bike and the credit card system doesn’t require the entry of the billing card member’s zipcode. The lack of security allows the ability to use anyone’s credit card which makes it easier for the thief to steal a bike. By adding these two simple changes; a two -factor authentification and zip code requirement Divvy could dramatically improve the situation.
The latest crime that has Divvy in the hot seat with local Chicago Aldermen, happened on the morning of July 27, 2020, when an 82-year-old man was carjacked in Streeterville by a group of Divvy bike riders. After they stole his car they left the Divvy bikes at the scene. We assume these bikes were stolen and if so it makes criminal activity in otherwise safe neighborhoods a lot easier. Additionally, you may have noticed abandoned Divvy bikes while traveling through the city of Chicago. If you see an abandoned Divvy bike, do the last paying rider a favor and dock the bike to prevent racking up hourly charges. These issues have bubbled up to a few Chicago Alderman who has informed Divvy of the complaints brought forth by their constituents.
During our research about current docking station flaws, we found this article from The Chicago Reader. The article’s title, “FOIA’d emails reveal an ongoing citywide epidemic of Divvy thefts.” Chicago Reader wrote the culprit is the hasty decision by Divvy to remove a critical piece of security hardware from Chicago’s docking stations. They reported the security device that was removed had been making it difficult for users to dock bikes at the end of their rides. By removing the device it also made stealing docked bikes easier. https://www.chicagoreader.com/chicago/divvy-bike-thefts-chicago-security-hardware-removed/Content?oid=58659144
Enigma Forensics agrees with a solution to integrate GPS locating technology so that stolen bikes can be disabled remotely. Once the thieves know that are being tracked and the bike will be disabled, it will curtail the problem. Another solution we found that could help improve the situation is alerting users via a phone alarm if they fail to lock their bike properly.
Use GPS Technology
Divvy doesn’t utilize GPS technology to track the bikes down and release the last rider from the costs. Since Divvy Bike Share is supported by Lyft, why can’t they adopt the bikes to include GPS technology and install digital cameras at each station to help record criminal behavior? After all the Lyft drivers use GPS! We urge Divvy to install a better credit card payment system using two-factor authentication and requiring the billing zip code associated with the credit card to be entered. GPS technology will allow remote locating of lost or stolen bikes with remote brake locking technology that would curtail illicit use of bikes and theft. These are potential solutions that we hope our Alderman will be able to move forward to help keep Divvy bikes a program for all Chicagoans.
Phishing, Ransomware, Endpoint Security, IoT Devices and Cloud Jacking. What do they have in common? Top Five Cyber Attacks we are concerned about and you should be too!
The frequency of cyberattacks is growing. The following is Enigma Forensics’ top five cyber attacks that you should be made aware of.
Phishing Attacks are specific forms of email or text messages that are targeting victims to gain access to their personal information. Phishing messages often try to induce the receiver to click a link to a package shipment delivery message or other seemingly legitimate hyperlinks. It acts like a harmless or subtle email designed to get victims to supply login credentials that often become harvested by the attacker for later use in efforts to compromise their target. Sometimes phishing emails spoof the sender to be someone who has already been compromised. Once compromised, often times the compromised user’s mailbox is used to relay other outbound messages to known individuals in their saved contacts. This form of attack earned its name because it masquerades as an email of someone you may know and because you know the sender, you are more likely to nonchalantly open the email and click on the attachment to learn more about the content. With a click of a mouse, BOOM you can be compromised. This is a very easy and effective scam for cybercriminals. Warning: Do not open attachments or forward chain emails!
Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge. The cybercriminal then holds the stolen information for ransom, thus the name! They may ask for a ransom payment in the form of digital currency such as bitcoin. Whether or not the victim pays the ransom depends on what information they have stolen or what criminals have threatened to do with the stolen information. Warning: Do not visit unsecured sites!
Remote Worker Endpoint Cyber attacks are currently the most popular because of the number of employees working from home caused by the Coronavirus. In the month of March, many workers were sent scurrying to their homes without companies placing proper cyber protection protocols. Employees are using their personal devices to conduct work and often are not fully patched, updated, and using encryption to protect their home devices against cybercriminals. Many company executives have been targeted at their homes, where they are much less likely to have commercial-grade firewalls designed to protect endpoints and company trade secrets.
IoT Devices attacks are a popular vehicle used by cybercriminals to establish a beachhead for launching lateral attacks across a home or work network. IoT devices involve extending internet connectivity beyond standard devices, such as desktops, laptops, smartphones, and tablets, to any range of traditionally dumb or non-internet-enabled physical devices and everyday objects. Embedded with technology, these devices can communicate and interact over the internet. They can also be remotely monitored and controlled. IoT Devices should be segmented and on a different network than corporate work from home devices. IoT devices pose a great threat because many of these devices lack automatic update processes and can become a beachhead for cybercriminal attacks in your home.
Cloud Jacking will increase with an estimated growth of cloud computing to be a $266.4 billion dollar industry in 2020. The idea of cloud storage makes one believe it is an improved option rather than the traditional on-premise computing storage. This will and has become a major security concern and has created a strong urgency to increase the creation of cloud security measures. Cybercriminals will up their game and cloud jack data information whenever possible. The race in on to see who does it cloud security better; the good guys or the bad guys. To protect against Cloud Jacking cyber attacks, organizations should enable two-factor authentication options, such as Google authenticator.
Two-factor authentication requires two of the three following means of authentication:
Something you know (A password)
Something you have (A key fob or cell phone authenticator)
Something you are (Retina Scan, Facial recognition, fingerprint)
FBI deputy director David Bowdich said “The sale and scope of the hacking activities sponsored by [Chinese] intelligence services against the US and our international partners is unlike any other threat we’re facing today.”
On July 7th, the United States Department of Justice (DOJ) filed a criminal indictment against Chinese cyber-criminals who acted as both self-employed criminals and employees of the Chinese Ministry of State Security (MSS).
Their names are Li Xiaoyu and Dong Jiazhi both are former classmates and chums. They attended an electrical engineering college in Chengdu, China. Li and Dong worked as a tag team to combine their technical training to hack the computer networks of a wide variety of victims. They included companies engaged in high tech manufacturing; civil, industrial, and medical device engineering. The theft didn’t stop there! They stole and replicated intellectual property and important trade secrets from businesses in the educational, and gaming software development; solar energy; and pharmaceutical sectors. Their stolen booty included information about military satellites and ship to helicopter integration systems, wireless networks, communications systems, high powered microwave systems, laser system technology, counter chemical intelligence, and finally, COVID-19 vaccine bio-development information. They left no stone unturned and literally left their criminal digital fingerprints everywhere.
The United States Department of Justice (DOJ) indictment includes 27 pages of a long laundry list of cyber-criminal attacks starting from 2015. Li and Dong were elevated to the top of the list when they were recently discovered looking for vulnerabilities of certain biotech and pharmaceutical companies who are researching and developing Coronavirus / COVID-19 vaccines.
Basically, China is using their students as cybercriminals to steal, and copy their way to technological advancement instead of developing their own. How did they gain such vital and important information?
Li and Dong used web shells, particularly one called “China Chopper.” This widely available and easy to use hacking tool provided the attackers with remote access to targeted business networks. They would also run credential-stealing software to grab user names and passwords. By creating easy access into a victim’s systems, they would copy the data they wanted to steal into an encrypted Roshal Archive Compressed file (RAR). Like other archives, the RAR file is a data container storing one or several files in compressed form. Windows Operating Systems has a default setting that allows a folder to be created and stored where the “Recycle Bin” is located, making it almost invisible to system administrators. Li and Dong operated within the “Recycle Bin” and create extensions such as “.jpg” to make those files appear as images. Thus, disguising the stolen data. The Ministry of State Security (MSS) allegedly provided the two with Zero Day hacking tools that could be used to penetrate corporate networks.
Once they stole the data they would bring it back to China and either sell it to the highest bidder or as directed and allegedly provide it to the MSS. After they breached a company they would go back and re-victimize the same company or organization they attacked in the first place. In addition to hacking and extorting U.S. technology companies, the two allegedly attacked messaging platform tools favored by Hong Kong protestors. The attackers appear to have motivations other than pure financial extortion strengthening the DOJ’s position that the attackers are connected to the MSS.
Are Contact Tracing APPs ethical? Are you willing to give up your private data to help slow the spread of the Coronavirus? Check out what these experts have to say!
Apple and Google have the capability that allows cell phones to communicate with each other. Contact Tracing Apps use this capability and have been developed to find and alert the contacts of people infected with the Coronavirus / COVID-19. As soon as someone gets sick with Coronavirus, the APP could alert you if this is someone you have been in contact with. Alleviating the length of time it takes for a real live Contact Tracer who is doing the tracing. Basically, this is widespread human GPS tracking, that presents many privacy issues involving potential data breach, information storage, and sharing sensitive personal data. Should sensitive medical information and individual locations be available on an APP? Do you believe this type of electronic contact tracing is ethical?
Check out this video to listen in on experts as they consider the amount of data that is being collected and what it means for your data when you download a Contact Tracing APP.
Video Transcripts Follow
Lee Neubecker (LN): Hi this is Lee Neubecker from Enigma Forensics and I have Debbie Reynolds back on the show, thanks for coming back Debbie.
Debbie Reynolds (DR): Thank you for having me, very nice to be here.
LN: So I’m very interested to hear more of what your research is regarding contact tracing apps, and what you think that means for individuals that might put these apps in their phone. Tell me a little bit about what’s happening right now with the industry and how contact tracing apps are working.
DR: Yeah, so Apple and Google created a capability so that phones can communicate with each-other via beacon. So that they can store information on phones, or have phones bounce off of one another, so that if someone downloads a contact tracing app or registers there, if anyone who also has the app, it will be able to trace back, y’know, how long they spent with certain people and tell them whether they feel like they may have been exposed in some way, and tell them either to quarantine or go seek treatment in some way, or get tested. So it’s pretty controversial, the contact tracing app, for a couple of different reasons. One is, people are very concerned about privacy, like giving their potential medical information to a company that’s not a medical provider, meaning that they’re not protecting the data the same way. Also, as you know, Bluetooth technology isn’t exactly super accurate in terms of the distance that you are from someone, so the delta, in terms of how accurate it can be, may be way off. It may be several meters off, the phone can’t tell if you’re six feet apart or whatever, so I think that they’ve tried to tune that up with this new API that they created, but still, based on the science, we don’t know that it’s actually accurate or not.
LN: So you could still have a situation where, if you put one of these apps on and you’re outside biking, and you bike within 8 to 10 feet of someone who later does have it that you’re getting notified that you have to quarantine on a false basis. That’s a potential outcome of using an app like that, correct?
DR: Yeah, but I think that the way they having it now is that it’s supposed to register you spent more than 15 minutes near that person, so, y’know.
LN: Okay, that’s good to know.
DR: But let’s say you’re parked in your car and someone’s parked next to your car, so you aren’t physically near, y’know, you aren’t in any danger from that person but you wouldn’t know, just because your phone says you’re close to them. They don’t understand the circumstance that you’re in, to be able to tell that, so. I think people are concerned about, a lot about privacy, them taking the data or how the app is actually going to work, and it’s going to work differently in different countries. So what they’ve done is create this API, this capability that’s put on everyone’s phone, and then if you download the app, the app which you use will use that API to actually do this beacon exchange on people’s phones. So, that’s kind of what’s happening right now, is different countries and different places are implementing it in different ways, and some are really pushing back on them because they don’t have really any good guarantees about privacy, or data breach, data breach is a huge issue.
LN: Yeah, I mean, our Government’s never had data in their custody compromised ever, right? wink..wink
DR: Right, that never happened, exactly, so-
LN: You’re having your maps of where you’re walking, your GPS records-
LN:time of day, your movement and that is going to Google and Apple, and under certain conditions they’re passing that data on to the CDC or other entities, law enforcement, enforcement groups.
DR: Well their concern is that data, because it’s at a private company, will get merged with other things, like let’s say your insurance carrier, or your medical, y’know, you get dropped from your insurance because you have this app-
LN: You drive too fast.
DR: No because you have this app, and they think that you may have been exposed, or you’re a higher risk, or a bank doesn’t want to give you a loan or something, because you have this app on your phone. I’ve been hearing a lot of different scenarios people are concerned about. But I’m curious, from your perspective, in terms of how certain things are stored on phones. I know beacons is a really big idea, but maybe you can explain a little bit about how Bluetooth actually works?
LN: Yeah, well Bluetooth is a near band wavelength that allows for peer-to-peer networking. Bluetooth has been exploited in the past to be able to take over devices, so it’s, a lot of people don’t like to have their Bluetooth on continuously because you’re opening your phone up to potential attacks, cyber attacks, via Bluetooth. You’re also broadcasting, when you have Bluetooth on you’re also broadcasting your MAC address identifier, your Bluetooth unique address and there have already been issues where retailers in London at one time, they had kiosks outside that would track the shoppers and they’d know how long they were at certain stores, and they’d use that information to serve custom video ads to people as they’re shopping and walking by.
LN: So there’s privacy implications and security implications of having Bluetooth on all the time.
DR: Yeah, and that’s a big concern. So I know when I first heard this, about them doing this contact tracing, I was wondering like how exactly would they get the proximity right, and because we have no visibility to that we really don’t know, right?
DR: So we just have to sort of trust the black box and see what happens, to some extent, but I, for me I think my opinion is that contact tracing is a profession, it’s not an app. So, there are people who do this as a profession, only, let’s see, 55% of people in the world don’t even have smart phones, so you’re talking about a capability that’s only for 45% of the people, and not all those people are going to actually volunteer to get these apps.
DR: So it doesn’t really help to contact, for people who do contact tracing, except it adds another layer that they have to work with because they still have to track people whether they have cell phones or not.
LN: It’s interesting stuff, thanks for bringing that to our viewers’ attention and thanks for being on the show again.
DR: All right, thank you so much, I really appreciate it.
Working from home? Have you been transferring files between work and personal computers? Be aware of the security risks that are out there. Experts talk about how to protect your company’s private data. Where should you start to make sure your remote workforce is secure? Listen to these experts!
Using Your Personal Computer to Work From Home
Let’s face it, these are weird times! Never before have we had the bulk of the country’s work force sheltering-in-place and working from home. We’re going on four months battling the spread of COVID-19. Workers have resigned, been terminated and furloughed and many have sensitive trade secrets loaded on their personal computers. Experts Lee Neubecker and the Data Dive Debbie Reynolds discuss currents situations and different audits they have performed for companies to retrieve intellectual property and company data. Check out this blog with transcripts.
Video Transcripts Follows
Lee Neubecker(LN): Hi, this is Lee Neubecker from Enigma Forensics. And I have Debbie Reynolds, the data diva back on the show from Reynolds consulting. Thanks for being on. Thank you so much for having me Lee. So what are your thoughts about the shift and changes that have happened over the last couple of months with everyone being stuck at home with their computers?
Debbie Reynolds(DR): I think it’s a interesting issue now, because as you know, even before the pandemic, there were people working at home. But now since there’s so many more people at home, it’s bringing up other security risks, especially with devices. And I’m sure you know, you probably explain more of your experience about working especially a forensic with people who are remote. And some of the challenges with those machines, especially, you know, the same people. They’re either working from home, people are getting furloughed or people are losing jobs where they’re, they’re not in the office. But they still have equipment. So I’m curious to see what you think about all that in terms of the device, the equipment, and some of the risks that come with that.
(LN) We’ve had a number of projects happen during this period where workers either have resigned, they’ve been terminated, or they’ve been furloughed, and there’s a need to get the company data back. And sometimes that data is on their personal computers. Other times the data is on a company issued laptop, but there are companies are just starting to get back to work. And there’s a whole host of issues. If you have sensitive trade secrets, and confidential electronic data on an employee’s personal or work computer, and you don’t have physical custody of that, there’s a real risk of that data getting disseminated to a new employer, maybe leaked online to the web, or maybe even you know, someone’s kid at home installs a game that opens up malware that puts those trade secrets at risk.
(DR) You know, we know a lot of people working from home, and a lot of people are using, I think the statistics said, the majority of people, maybe a slight majority, are using their own computers to, you know, tunnel in via VPN or whatever. But we all know that people still, under a lot of circumstances, let’s say they’re printing, or they have a file they want to, you know, leave locally or something. What is your advice from a forensic perspective? ‘Cause we can, we always see a lot of data co mingle together, unfortunately, where the personal and people’s business stuff maybe, you know, together in some way, so what is kind of your advice for people working at home for stuff like that?
(LN) If an employee’s is being asked to work from home, they should ask for a work issued computer.
(LN) Also you should be using a virtual desktop of sorts.
(DR) Right. Yeah, exactly. But you’ve seen I’m sure you’ve seen a lot of situations where you’re asked to do forensic work. And there is a lot of personal stuff, even on a company.
(LN) Yeah, we’ve had situations where people have, despite having work issued computers, they’ve still connected their personal computer up to corporate resources, office 365. I’ve seen situations where there’s drives that are syncing to personal, former employees, personal computers, and even though the accounts are severed, so it can’t continue to sync, then all that data might still reside. So we’re doing audits right now for clients to look for, you know, what devices are synchronizing with corporate data stores, and some of those devices. You know, there really needs to be accounting and audit to match up those devices to ensure that only accounts of active employees are syncing and that those devices are company issued devices, not personal devices because it poses a real risk. It’s a problem that could be preempted by issuing, you know, work equipment, not co mingling work and home stuff.
(DR) Are you seeing problems where people are, let’s say they have a phone. And they have like, for example, let’s say they have an Apple phone and they have a iCloud account. And the phone belongs to the company, but their iCloud account is their own personal account where you have problems getting those passwords.
(LN) Yeah, for the most part, we’ve had compliance and I’ve worked to try to help solve the problem, you know, the employee might have stuff they need. And usually what we’re doing in most cases where we have co mingle data, where we’re giving the employee or former employee the opportunity to put all their personal stuff onto a drive that will then do a search against and then we’ll wipe, wipe, completely wipe, the original device. They’ll sign a certification of sorts, and then they’ll only copy the stuff that they, that they copied off that we verified, didn’t contain trade secrets, and they’ll pull that back down to the computer. But that relies on some level of trust that if the employee or former employee signs, a declaration or affidavit saying that they returned everything that they’re being honest.
(DR) Do you have people that are concerned, especially in the legal field about people doing remote document review, and having sensitive documents viewed on their computers at home?
(LN) Well, I think that’s a legitimate question. And you know, if, if companies are outsourcing document review, they should be asking the provider, provider questions about, you know, how, what steps are you taking to make sure that those endpoint reviewers aren’t using computers that are compromised? In many cases, companies are using independent contractors as their reviewers and they’re not issuing corporate equipment. So that that’s a real risk that the whole ediscovery industry really needs to grapple with, because someone’s going to get burned at some point in time, especially during this, this pandemic with, you know, resources taxed and people working from home.
(DR) I have one more burning question for you, actually. And this is about BYOD. What do you think? Because the pandemic, do you think more companies will start to do more or less, bring your own device things as a result? I think we’re going to see a lot of problems come out of BYOD devices where companies see the problem of losing control of their data. And, at least with the larger companies, I think you’re going to see probably more strict, more strict enforcement of using corporate resources. I mean, there were many companies right before Illinois shut down went into effect they were ordering laptops going running out to, you know, retail stores to quickly grab whatever they could, so they can issue laptops to their employees. And, and so I think you’re going to see, I think you’re going to see a movement away from BYOD in the future.
(LN) I agree with that. I think it’s been a long time coming. I don’t know if you remember when they were first doing this, you know, at first companies were giving people devices, then they decided well we’ll save money will be out BYOD Now it seems like a pain in the neck to deal with it. And it’s all these risk issues. So I really feel that they’re going to start to go back the other way.
(DR) Now, well there’s a cost associated with BYOD. And now people are furloughed and all your sensitive data is on former employees, personal computers. So then you’ve got to hire a forensic expert like me to try to work through to get the data back and to solve that problem, which, you know, it might have been much easier to issue a 500 dollar laptop to employee, then to have them synchronize that ’cause they’re going to pay more than $500 dollars to try to solve the problem of getting their data back. So after we get through this next bump in the business cycle where companies are paying out to have to retrieve their data, I think you’ll see that most CFOs will see it’s smart sense to issue corporate laptops and to block access to BYOD devices. But thanks for the question. It was a good one.
(LN) Thank you. Fascinating. Thank you for sharing.
Check out our COVID-19 Statistics – Track your county!
Social media and cell phone forensics can play an important role in thwarting criminal activity. Check out this conversation between Cyber Forensic Expert Lee Neubecker and Data Diva, Debbie Reynolds. You will be so much smarter afterwards!
Snap Chat, Twitter, Facebook: Social Media and the Importance of Cell Phone Forensics
Lee Neubecker and Debbie Reynolds, the Data Diva, discuss the role of law enforcement in capturing social media posts when trying to thwart the bad guys coordinating a riot or the more recent looting incidents in Chicago. During this difficult time in our nation, what is the role that cell phone forensics should take? Did you know that Apple phones have the ability to automatically shut down when stolen and have a beacon that will detect the location of the phone making it easy for law enforcement to come knocking on the thief’s door? Check out this video to learn more about the role of social media and cell phone forensics.
Transcripts of Video Follows
Lee Neubecker (LN): Hi, it’s Lee Neubecker, and I have Debbie Reynolds back on the show, Debbie thanks for being on remotely.
Debbie Reynolds (DR): Thank you for having me.
LN: So I asked you to come on so that we could talk a little bit about some of the recent lootings that have happened in Chicago and other areas across the country. And what could be happening, as it relates to cell phone forensics and how law enforcement can be using that to get to the bottom of how these coordinated attacks are being planned and who might be involved.
DR: Most of what I know about this is basically what you told me so, why don’t you just sort of share what your experience has been so far in the current environment, and then we can talk from there?
LN: Sure. Well, right now, I know that some of the looters that were apprehended had cell phones on them. We don’t know exactly how the information is being used by law enforcement, but technically, an example of things that could happen could include, doing forensics on the cell phone, identifying Snapchat handles they have communicated with, looking at text messages, looking for Twitter accounts and postings. And potentially, what I saw happening during the last week, at least in one instance, there was a post made to Twitter by a user that made a reference to doing a gig at Urban Outfitters on the West Side, and roughly a few hours after, that post went out on Twitter, referencing Urban Outfitters, Nike’s, Liquor and other things. Around four hours after that, looting that went on at that store, so that handle that posted and anyone else that reacted to that post could certainly have been alerted to the potential for mass looting in a coordinated way via social media.
DR: Yeah, I think even though the police do have capabilities to do that type of tracking and tracing, they they do heat maps of certain things. The problem is that these incidents, if they are coordinated, they happen pretty quickly so it’s sort of hard for them to kind of preempt it. But as you said, always, they have capabilities, right? To do anything with like cell phones that they capture, but they also have capabilities to do things like geofencing about who was in the area at certain time. So, a lot of what they’re doing is not necessarily preemptive or pre-crime is more of, if something is happening or has happened, they can go back and try to backtrack or trace or… If there are people on the scene they can apprehend whoever is there that’s doing whatever and they sort of build it out from there, right?
LN: Yeah, but just the other day, someone was captured and apprehended in… They got caught because they were posting their raid via social media, and they had a live view of them going to bomb, they were threatening to bomb the place and looted, taking cash registers and the stuff was, this someone that was not from Chicago, I think from downstate, somewhere that came in and came in with a goal to create problems and had a past history of that, but the person had the audacity to post it to Facebook, and the FBI just busted them and they’re indicted now.
DR: I don’t know why people share such things on social media. Because yeah, they do track and trace that. But, a lot of the things especially as I saw, it seemed like a lot of stores that have things like mobile phones have been attacked. And as you know those things are pretty easy to trace back. So I don’t know how far people–
LN: Apple had LoJack, in all their phones at the retail store, and so people who took those phones likely those phones likely got located but-
DR: Oh yeah, definately.
LN: I don’t know that that’s happening at the the cheap cell phone stores, the burner phones.
DR: Well, yeah, those are… No, I mean, they probably… If anything, obviously may have serial numbers and stuff like that but, once you… Whether it’s broken, or people change sims or whatever, it’s harder to track that stuff down. But yeah, the Apple phones, yes. They wouldn’t have very much problem. I think as I heard, I read that what Apple had done is for all the phones that were stolen from them, they were able to lock those down. And then it had a screen on there so that you actually couldn’t use it. So, that’s what I heard was happening with Apple.
LN: Yeah, well, they also have the ability to beacon out and send GPS location so-
DR: Oh, absolutely.
LN: People who are buying stolen Apple phones might find someone knocking on their door, law enforcement.
DR: Yeah, it’s probably not a good idea to buy one off the street at this point. So yeah.
LN: Yeah. Well, any thoughts on your concerns if the privacy issues that might relate to mere surveillance on people and tracking social media posts and actually getting in and subpoenaing phone numbers that were taxed to help try to prevent looting from happening?
DR: Well, okay. I guess that’s a couple of different things rolled up into one. So, obviously I’m concerned with mass surveillance, especially if it is capturing information not accurately or targeting people who may not have even been involved. So for example, a cell phone can’t tell like let’s say for instance, you’re standing at a corner and I’m at the stoplight. It says we’re next each other, but we’re not together. So, a cell phone tracking can’t really tell that so eury people who aren’t involved, who are innocent, who are especially in this regard, peacefully protesting, having them be adjacent to other people doesn’t mean that they were involved so-
LN: Lets just say though, for instance, that they found that there was a string of businesses hit, the Foot Locker, then Denny’s Liquor, CVS and Walgreens.
LN: There were a group of 20 people that all pinged off the four cell phone towers at the same times, and we’re in close proximity to that and a few other people were ID’d, would that be enough to justify surveillance on people where there were four cell phone towers in common across a range that put them all in the vicinity of where looting took place?
DR: I’m not sure if it would justify surveillance, so to speak, but I think that if they have other evidence, it may help them target those people more closely but, in terms of sweeping people up in surveillance exercise, I don’t think that’s going to happen unless they have additional information. So, let’s say they have information just like you said, like, okay, these people are in the vicinity and then they posted a picture on Facebook with some loot gear that they got, that would be enough, I think, to justify surveillance but just the fact, surrounding the vicinity, that’s probably not enough to go on, I don’t think.
LN: I appreciate your opinions and thoughts on this. It’s a difficult time right now and hopefully we’ll have stability and we’ll have people held accountable on all fronts, not just the leaders.
Enigma Forensics has been busy tracking week to week COVID-19 cases in each Illinois county. We are thankful of our Medical Professionals. Thank you to everyone for all you’ve done to reduce the spread!
Illinois as a state has been trending in the right direction. Only 8 counties reported cases in excess of zero the week before last week and more than 20 cases the last week show weekly growth. These counties should continue to ramp up additional testing availability and contact tracing to keep the state on track as a whole. 9 counties showed a reduction in a week over week reported cases. Click through on the County Name to see the time series chart depicting the daily counts and 7 days trended average.
Data captured from IDPH website daily. Data as of 6/24/20.
Great Lakes Naval Station is leading as the top Zip code in Illinois experiencing the highest week over week growth rate of new COVID-19 confirmed cases. Click the Zip Code to view the daily and weekly average trends of new cases. In the City of Chicago, West Garfield Park is the hot zone where cases shot up 233% over the previous week.
Illinois Governor JB Pritzker instituted that face masks be worn while inside facilities open to the public beginning on May 1st, 2020. Just a little over 2 weeks later, new cases of COVID-19 plummeted and began a downward descent. Proving that wearing masks helps stop the spread of the Coronavirus / COVID-19.
The other US States that have failed to require a mask to be worn when entering public facilities are experiencing consistent growth of the virus. The data proves that after instituting a mask requirement, roughly 14 days later, cases begin to abate or descent.
Daily Confirmed Positive COVID-19 Cases in Cook County Illinois
Daily Deaths from COVID-19 in Cook County Illinois
Daily Confirmed Positive COVID-19 Cases in Tulsa Oklahoma
We are proud to announce Lee Neubecker was once again nominated by his peers as one of the world’s leading practitioners in the Digital Forensic Expert field. Congratulations Lee!
Congratulations Lee Neubecker!
Enigma Forensic’s President and CEO Lee Neubecker was nominated by his peers as one of the world’s leading practitioners in the field of Digital Forensic Experts and is listed in Who’s Who Legal Investigations 2020 publication as such.
Since 1996 Who’s Who Legal has identified the foremost legal practitioners and consulting experts in business law and investigations based upon comprehensive, independent research.
Who’s Who Legal Investigations publications said, Lee Neubecker, is a “great expert” who receives widespread plaudits from sources who note he is “one of the most visible people in the field”.
Nominees have been selected based on comprehensive, independent survey work with both general counsel and private practitioners worldwide.
Chicago has entered Phase 3 of the Re-Opening of Chicago Plan. Are you wondering where the recent hot pockets are located? Check out our COVID-19 Statistics to see where the infection continues to grow.
The following top Illinois Zip Codes that are largely Hispanic are continuing to climb with COVID-19 outbreaks. This data is based on the daily changes in total reported confirmed COVID-19 cases by Zip Code obtained from the Illinois Department of Public Health statistics page. The reported counts include data from 6/12/20, 6/13/20 and 6/14/20. These are the top Zip Codes in Illinois where 15 or more cases have been reported between last Friday and last Sunday.
Of those identified, Hispanic majority zipcodes account for 50%+ of the remaining hot pockets where COVID-19 infections continue to grow. Majority White Zip codes follow with 7 out of 26, followed by Black Majority Zip Codes at 6 out of 26 Zip Codes.
Small businesses are getting hit hard. Starting with government directed closures due to the COVID-19 pandemic and now the most recent looting and protestor damage. Small businesses are more vulnerable than ever. If you own a small business be on the lookout for cybersecurity threats and learn more on how to protect your business.
Small Businesses must on the lookout for cybersecurity threats!
Small businesses have been besieged on all fronts. First, out of left field they were struck by COVID-19 and the loss of business. Then knocked down by the most recent violent protests. All these hits create multiple vulnerabilities to yet another threat; cybersecurity attacks. Now more than ever, small businesses need to be aware of an impending cybersecurity breach. Enigma Forensics focuses on cybersecurity and would like to share what are the most common cybersecurity threats and how small businesses can protect themselves.
What are the most common security threats?
There are three common cybersecurity threats each small business owner must be aware of; Malware, viruses, and phising. Malware is an umbrella name for a software designed to attack and destroy computers, servers, and to obtain client information. Malware can be engineered in many different malicious ways. Viruses are designed as a computer program that replicates itself and inserts code into your system to modify existing programs. It basically creates havoc in your system and is extremely difficult to delete. Phising is inserted by a clicking on or opening an email that presents itself as a legitimate email. It sparks curiosity and plays on the simplest of emotions.
What are some easy tips for small businesses to protect themselves?
Enigma Forensics encourages everyone to purchase cybersecurity insurance. This can help defer costs if you are attacked. We definitely suggest to hire a professional to assess your system and identify risks. Another less costly tip is to change your passwords. Make them as difficult and unique as possible and don’t store them on your systems. Be sure to include mobile device security if you or your employees check emails on mobile devices. Train your employees to recognize cybersecurity threats and how to avoid and report them.
Enigma Forensics related articles
See the link below for The Department of Homeland Security guide
How can we put an end to this protest? Cell phone forensics is the key to finding out who is organizing violent protests and looting by checking social media sites. It’s that simple!
Chicago Police Superintendent David Brown recognizes social media contributed to the rise in looting
Is Cell Phone Forensics the key to ending the looting? Chicago is reeling back from the third day of unrest and violent protest. Not only are we healing from a global pandemic we are now faced with the threat of violence in all of our neighborhoods. On Monday, we witnessed the third day of violent protest. It was reported that law enforcement arrested approximately 699 people and sadly, 2 people who were shot and killed in Cicero. Feelings of anger, frustration and despair are common threads that bind all of us. The question on everyone’s mind is when is all this going to stop? The Chicago Police department is dealing with a great deal; protecting the neighborhoods and at the same charged with stopping violence. The same violence that was started by a deadly police action.
Many have heard on mobile scanners that hundreds of people driving in caravans are traveling into the city from outside Chicago. Some believe these caravans are organized on social media and are encouraging violent protest and looting. Forensic technology can stop this type of organized violent protest. Once a bad actor has been apprehended, law enforcement needs to perform remote cell phone forensic analytics to discover social media posts, connect friends and followers to thwart passing of information. This is a new age of technology and our police department needs to be able to trace violent networks of people to respond in real time as to prevent personal attacks an property damage.
Enigma Forensics is an expert cyber forensic company that offers forensic imaging of cell phone, laptop and other electronic devices. We are able to analyze the electronic footprint left behind and provide detailed tracing to assist in litigation.
More about expert technology and cell phone forensics
Open for Business! Chicago is entering Phase 3 of the re-opening of Chicago plan. Some employees are continuing to work from home and others are no longer employed. How should a company get their devices returned or information removed from an employees device? Hire Enigma Forensics to be the go-between.
How to Retrieve Company Information from Employees no longer with the company?
What does Phase 3 mean for Chicago? Mayor Lori E. Lightfoot just announced Chicago is going to open up on Wednesday, June 3. Hip Hip Horay! Will Chicago be the bustling town ever again? Let’s hope so.
Even though many employees will be going back to the office, some employees will continue to work from home. What about the employees who are no longer continuing on with the company and have company information and uncompleted work on their personal electronic devices? How does a company retrieve that information?
These are all valid questions and you can bet that most companies were not prepared to address. How should a company go about getting their devices or information removed from an employees personal device?
Your first step should be to call and arrange a pick up of the electronic devices held by the former employee. If you are having difficulty retrieving your company property Enigma Forensics has the answer. In some instances calling on a third party to be the go-between can smooth out any ill feelings. Enigma Forensics can help retrieve property and perform a diagnostic review of the electronic devices. We can identify if any information has been copied or sent via email to an unauthorized third party.
In the future, companies should develop a confidential agreement outlining key information. It’s necessary to virtually adapt if necessary the off-boarding procedure, disabling e-mail, account access, and confirm inventory. Enigma Forensics emphasizes even though the employee is remote be consistent and conduct an exit interview and always utilize e-signature. Be Safe Chicago and Let’s Open UP!
Issues when working from home are bubbling up. Are you working from the dining room table on important company information? We discuss the importance of forming a work from home policy.
We have reached a new era of remote business at levels few companies ever planned for. We all know, COVID-19 has driven businesses and their employees to operate from makeshift home offices. As a result, many issues when working from home have been exposed. In some of our past blogs, Enigma Forensics has provided insight to trade secret theft and given direction on how to protect company trade secrets from cyber attacks. In this blog we will address the current issues that have risen since we are all working from home.
First and foremost, the mass exodus from the business office to the home office was done at the flip of a switch. Working from home took many companies by surprise, sending employees home expecting this to be a short period of time. Most companies didn’t have time to prepare a proper security plan. In an effort to offer more accessibility to their employees some companies loosened their security standards to allow faster and more convenient access for employees. Some encouraged employees to use their own personal devices. These procedures have increased the risks that companies will be cyber attacked and offer opportunities for trade secret theft and loss of business confidential information. To lessen these possibilities companies must develop policies that address the risks.
Enigma Forensics suggests creating a work from home policy to inform employees of their obligations. Companies need to communicate how important it is to stay secure and that the future of the company depends on it. Employers must insist each employee maintain a two-factor authentication process to secure sensitive information. Each employer must restrict unauthorized access to company data. In other words, keep the kids off the company’s computer. It’s also imperative to prohibit the use of unauthorized third party cloud storage sites, and to make sure to apply security software to protect company data. Most importantly, no sharing of company devices.
Some more simple procedures companies can implement to protect their end points include:
Ensure endpoints have patch software and security updates applied monthly
Audit and enable Windows Defender or other Antivirus Solutions to protect end points
Ensure computers accessing company data are set to auto lock after five minutes of intactivity
Provide employees with dedicated work only equipment
Audit and ensure satellite workers have a firewall protecting their endpoints from potential attackers
Kids at home with not much to do may be interested in installing the latest video game on your computer which could introduce security vulnerabilities at home.
Enigma Forensics also suggests developing an inventory of what employee has access to which files. Know who is printing confidential information, and identify if family members have access to the same devices. Once all this is mapped out, a risk assessment needs to be conducted. Identify which employees have access to sensitive information should be prioritized and secured appropriately.
Eventually we will all be back working in the office but COVID-19 has exposed the need to increase security and to learn more about how your employees are utilizing company owned devices.
To Learn More About Trade Secret Theft Check out our blog below
Where do you stand? Stay sheltered in place or open up? We all have felt the pain of this pandemic. Is it time to open up are restaurants? Enigma Forensics wants to know your thoughts.
Is fear holding us back from moving forward?
Where do you stand? Shelter in place or open up! Is fear holding you back? If you don’t know what’s going on in the world today apparently you have been living under a rock. It seems so long ago when Enigma Forensics Lee Neubecker and Geary Sikich, President of Logistics Management Systems warned of what was to come and further outlined what would be the global impact. Enigma Forensics started posting our first post about COVID-19, Coronavirus: The Global Impact was on March 6.
Mayor Lightfoot announced today that Chicago will not be able to open restaurants for outdoor seating on May 29. It’s different than what the state has outlined. As stated by the City of Chicago, we will be following “Protecting Chicago” framework. The City will be using this guide to govern Chicago’s reopening process amid COVID-19. The framework – organized into five phases in alignment with the State of Illinois’ “Restore Illinois” plan – will advise Chicagoans on how to safely exit from shelter-in-place while continuing to prioritize the health of our most vulnerable residents.
Did we anticipated COVID-19 spread to the U.S. to wreak havoc like it has? Absolutely not. Even though this is a play book that has never been written before, Lee Neubecker drew upon his cyber forensic skills and made it the company’s focus to track information on the rise of positive cases and deaths. Our intention was to save lives!
Illinois is now ranking third for COVID-19 cases behind New Jersey (#2) and New York (#1). According to the Illinois Department of Health, as of 5/21 Illinois has (102,687) Positive Cases and (4,607) Deaths and (672,723 ) Tests performed. Over all, according to the Center of Disease Control reports, the US has (1,581,903) Positive Cases, (93,806) Deaths, and (301,341) Recovered Cases.
Education trumps fear. Wear a mask and wash your hands. Based on these numbers, where do you stand? Stay in shelter in place or open up?
It started when…CDC: Center for Disease Control announced first COVID-19 case in the United States. Jan. 21.
The chart below shows new COVID-19 confirmed positive cases in Illinois. This data has been filtered to include only Zip Codes that report 100 or more positive cases and is reversed sorted by the 2 day trailing growth rate, highest to lowest.
Notable top communities outside Chicago include Des Plaines, and new to the top 10 list:
In early April, Latino communities in Chicago experienced a fast growing number of COVIS-10 Cases.
As of 4/14/20, the Top Fastest growing Illinois Zip Codes reporting new COVID-19 cases shifted disproportionately to Latino populations based on the ethnic racial makeup of those Zip Codes. The CDC needs to immediately begin releasing detailed data on actual confirmed Coronavirus positive cases and deaths by Zip Code to help effectively target emerging hot pockets. There remains no available data reporting death’s by zip code impacting the Latino community.
Of the 710,648 people that live in the top 10 Zip Codes (2014 Census estimates from https://zipdatamaps.com/), the racial break down of these combined communities is as follows:
This new data suggests that Mayor Lightfoot’s campaign targeting African American and other communities has been highly effective at slowing growth rates in many majority African American and other neighborhoods where English is broadly spoken. The growth rates in majority Latino neighborhoods suggests similar outreach efforts and analysis is needed targeting Latino neighborhoods where the virus is growing at the highest rates across Illinois.
Yesterday, a coalition of Latino leaders issued a press release calling on such a well needed outreach campaign to address the unique cultural and language needs of the Latino communities.
Other observed trends from yesterday’s data is the emergence of University Village into the top position for fastest growing Zip Code statewide at an alarming rate of 27% daily growth over the most recent 2 day period. We speculate that this may be a result of UIC and possibly the increase in availability of rapid testing in that zip code.
Our analysis of the top fastest growth Zip Codes that all have experienced an average growth rate at or in excess of 10% led us to cross reference the population. Of those fastest growing 19 Zip Codes from 4/10 to 4/12, the combined population is majority Hispanic. This finding doesn’t negate that the black community is being devastated by this pandemic in greater numbers at present in Chicago, but does suggest transmission rates may be greater within the Hispanic community. This information means that communities with rapidly growing Coronavirus cases need to take immediate steps to ensure essential workers are being provided appropriate training, protective equipment and rapid testing. Many businesses in economically struggling communities are failing to protect their workers and customers and this needs to change promptly. Resources need to be prioritized to brown and black communities being disproportionately impacted by this outbreak.
Population Totals for the 19 Fastest Growing Coronavirus Confirmed Positive Zip Codes in Illinois
Yesterday I spent time driving into some of the Zip Codes that were experiencing the greatest growth rates that reported 100 or more Coronavirus confirmed positive tests. I observed a lack of social distancing with many young African American men not practicing social distancing or wearing protective masks or gloves congregating outside various essential businesses like retail stores and liquor stores. I observed an instance amongst young male Latinos as well. I observed problems at shopping centers with essential staff not having protective clothing or enforcing social distancing at the entrances or inside their stores. Customers entering stores generally are not wearing protective wraps around their faces.
It appears that these locations are economically disadvantaged largely. The residents of these zip codes need help in being educated on prevention measures to curtail the expanding growth rates of the Coronavirus. Businesses operating may need government inspectors to enforce social distancing recommendations through outreach. Ticketing of individuals willfully disregarding social distancing measures in larger groups may be necessary. The State of Illinois should prioritize deployment of the new Rapid 5 minute test equipment to suspected Coronavirus patients in these zip codes to more effectively curtail the growth of the virus to the general surrounding population. Essential service workers need to be wearing protective covering of some sort to help minimize and slow the virus transmission. A ban on shopping to customers not wearing protective coverings may need to be considered in the highest growth areas to protect those residents.
Six out of the top ten zip codes in Illinois with the highest total confirmed Coronavirus confirmed positive cases are majority black / African American population centers. Income, population, density and race appear to be factors in test positive rates. Incarceration rates by zip code we plan to look into as well to see if there appears to be a correlation. African Americans make up a disproportionate part of the prison population. This seems to be impacting them at a much higher rate.
Chicago’s Enigma Forensics Data Analytic and Cyber Security Expert Lee Neubecker has identified top counties in the country that should consider going on lock down because of the alarming climbing numbers. Some of these counties may not know they are approaching a dangerous risky situation. Lee has been taking a deeper dive on the most recent Coronavirus stats identifying the most at risk counties. Lee was way ahead of CNBC’s report that President Trump has called for classifying Coronavirus risk county by county!
Check out this video to see if your County is on his list!
Estimated Confirmed Positive Cases One Week Out = 3/27 Confirmed Cases * (1 + Average Daily Growth Rate)* (1 + Average Daily Growth Rate)* (1 + Average Daily Growth Rate)* (1 + Average Daily Growth Rate)* (1 + Average Daily Growth Rate)* (1 + Average Daily Growth Rate)* (1 + Average Daily Growth Rate)
Note: The average daily growth rate will slow before exceeding the max population. E.G. IN-Marion will not continue at the experienced average 245% daily growth rate.
The Transcript of the Video Follows:
Kitty Kurth (KK): Good morning! Today we’re here with Lee Neubecker from Enigma Forensics. A renowned data analyst, computer forensics expert, and inquisitive mind. Lee’s been thinking about the corona virus and looking into data. The data that’s out there in the world and taking it in, and looking at how we can analyze this data and what we can learn from it. Lee, tell us about what you’ve been doing.
Lee Neubecker (LN): Yes well, like everyone else I’ve been holed up at home in my basement and I’ve been wanting to think about, what can I do to help impact positive change, and what can my team do. And we decided we wanted to use our time to help minimize the spread of the virus and to help minimize death, so that’s my new mission that gives me something to wake up for and do, because certainly in the short term most client work is on hold because the courts are closed.
KK: So what, yesterday you released some data, can you tell us about where you got the data, what it was, and what it means. What you did with it, what it means.
LN: Yes, well like everyone else, I’ve been looking at the John Hopkins data map and they have a really nice visualization tool that lets you see the data as it’s updated. And I was examining their site and I discovered they had a GitHub repository where they’re uploading every day around 7pm central time. And as I looked at the data, I thought, you know there’s some interesting things that probably could be done that aren’t happening yet, such as looking at the penetration rate. If the county data just became available of the reporting, I looked out at the census and found some data from the census that included the population by county. So I started mapping out the population by county so that I could come up with something that I’m calling penetration rate. Which is essentially, what percent of the population has tested positive for the virus. And that information’s useful because it can give us some idea of, you know, how saturated will things be. Unfortunately though, the testing kits aren’t widely available so, it’s difficult to know for certain what’s happening as it relates to testing. More telling though is the data relating to deaths of corona virus, and that’s something that I was looking at this morning. And it has some, you know, really interesting things to talk about.
KK: What did you find when you were looking at that data? And the data you released yesterday, didn’t it show that there are 10 counties that are particularly in dire straits, or will be in dire straits, where the county officials should telling everybody to stay home.
LN: Yeah here’s my data model, are you able to see that? On screen, great. So, what I did is I thought, let’s look at locations that have 10 or more positive tests, and have, what are top 10 locations with 10 or more positive tests, that have the greatest rate of daily growth. And those are areas that no one’s talking about right now but I thought it was important to talk about that because they may think they’re safe. They may not know that someone’s begun passing the virus in the community. And so, you know, I identified places like Jackson, Michigan, which isn’t too far from where my family members are. They may not know there that they have a problem. They may not have public health professionals like Cook County has, dedicated to looking at the data. So, I thought it was important that we get the word out to some of these communities, that they’re emerging very fast with their growth of corona positive tests.
KK: There were some new data that you looked at last night, and some new things that you found, what did you find today?
LN: I wanted to look at where are people actually having deaths reported. So I looked at, where are there three or more deaths in the US. And because the tests are less reliable, you know, the confirmed test because there aren’t enough tests out there. But the places where people are actually starting to die, those are the places that are going to need a lot of medical supplies and help. And so today I published a new list of 29 locations. Let me resort this here by death rate. And death rate is a calculation, you know, how many deaths relative to the population. So for instance, in Dougherty, Georgia. They have the highest death rate, which may mean they’re in dire need of medical supplies. But they’re a very low population area.
KK: Georgia is one of the places that nobody’s been talking about at all. LN: Yeah and you can see there that, their population’s 87,000 roughly. They’ve had six deaths, but in terms of death rate, they’re at the top of it. So, you know, the public needs to look at what’s going on there. Are they keeping their kids at home? Are schools still open? Now those are important questions. Are people cavalier about it? You know, what’s the characteristic of the people who passed away? Are they all in a nursing home? There’s a lot of other things that can be looked into here. KK: Is there a cluster, are they all in one place? Or are they people that are out circulating in the community?
KK: Is one of them the letter carrier? And then Louisiana has a high death rate and we heard about the fact that there are numerous cases there. Washington State it looks like is also high. New York, New Jersey. Connecticut is really growing it looks like. But then Colorado, no one has talked about that this one county in Colorado, El Paso County seems to have a really high rate. And Milwaukee, Wisconsin. People aren’t really talking about that either.
LN: If you look at Cook County, Illinois. What this is showing in my opinion is that despite the fact that we have a lot of cases, our health care system is keeping up, and keeping people from dying. So, you know, looking at how LA’s performing, what’s LA getting in terms of resources, and what’s the quality of their health care versus Dougherty, Georgia, or King, Washington, or some of these other places. You know, it’s very disheartening for instance to see Dougherty, Georgia, they’re at a 71% increase in testing over just a few days. That’s a average daily increase. They’ve actually, you know, more than almost tripled in just a few days.
KK: And again, that’s something that at least in the national media, no one is addressing Georgia. So, you know, we don’t know. I hope Georgia realizes they have a problem but no one else has talked about the fact that Georgia has a problem.
LN: The White House did say yesterday, that they wanted to try to address the counties where the hotspots are. So these are the hotspots. Some would say we should be doing this at the state level, and not focusing just on the county. But these counties definitely need attention.
KK: These counties need attention but what I heard the White House also say was, “we’re going to let counties be free if they’re not affected, then they can open up for business again.” And I don’t know about other states but here in Illinois, people go across the Cook County, Lake County, Cook County, DuPage County, Cook County, Will County borders pretty frequently. And sometimes several times in a day. So I don’t see how a plan to let places quote open up for business on a county by county basis could be helpful.
LN: Yeah but, you know, one of the things that I’ll be looking at as I update data. We’ll be looking at what’s going on in these counties. Are they sending alert out to people? If people aren’t aware that they’re having a daily increase of 128%, like Marion, Indiana. Their increase rate is alarming, 128%.
KK: And I don’t know about today, but historically Marion has been a place with a lot of manufacturing, and if people are working side by side in factories, that could be a huge problem. Thank you very much, and we’ll put up another post tomorrow and the next day as more data becomes available. Thank you Lee Neubecker and Enigma Forensics.
These US Counties are experiencing fast growth and have surpassed 10 reported cases. They are ranked by daily growth rate and are growing at an alarming rate.
Enigma Forensics is a Chicago based Computer Forensics, eDiscovery and Cyber Security firm that specializes in performing complex data analytics. In an effort to help inform the public, we have developed a data model to perform more meaningful comparisons of the latest data released and compiled by John Hopkins University to their GitHub Repository. Beginning on March 23rd, 2020, more robust reporting by U.S. County became available. We have matched this data up to population estimates by County obtained from the U.S. Census estimated as of July 1, 2019.
Disclaimer: There remain issues with matching up some of the Counties that use a different naming convention in reporting compared to the naming convention used by the U.S. Census. As such, some Counties reflecting no population will be updated as this data is refined. The latest compilation of data shows the average daily rate of increase in Coronavirus confirmed tests. The top ranked Counties should immediately take action to curtail further rampant growth of the virus.
These U.S. Counties Need to take Prompt Action to Curtail the Spread of Coronavirus COVID-19
Updated 3/26/20 8:41PM to include new data for these 10 Counties released 3/26/20 GMT. See below:
Enigma Forensics President Lee Neubecker wonders why politicians are not following the same CDC directives that we have to. Lee interviews Geary Sikich, President of Logical Management Systems. What are your thoughts? Check out this video interview.
The Transcript of the Video Follows.
Lee Neubecker (LN): This is going to be a short segment about why Congress, Senate, the President, why they’re not practicing, even the governor, why they’re not practicing the recommendations to keep separation and they’re doing these press conferences full of people putting everyone at risk when they can use tools like Zoom and still have the communication but not have the personal interaction. I mean, the Senate’s likely going to all have this thing soon and because they have to vote in person, that’s going to be a real problem if they can’t get something passed and they’re all sick.
Geary Sikich (GS): Yeah, you know, they broached that yesterday during one of their news conferences and Trump was saying that he would like to see them be able to operate remotely but he was saying that it might be a constitutional issue where that may preclude them. They may actually have to show up.
LN: But maybe they could debate everything on a tool like-
LN: Zoom or WebEx and then come in to cast their vote one at a time in isolation so that they’re not around each other.
GS: Yeah, I think that’s … They should be investigating a lot of different options, but they’re not
LN: Why is the president standing next to his advisors, you know, within a foot of them. You have the vice president, the president. They’re all standing next to each other. They should be … The need to have everyone crammed into the White House briefing room, they could be using technology and spacing out so that people aren’t on top of one another.
GS: Yeah, I mean, even if you noticed the media on TV, when you’re watching the news and whatnot, like-
LN: So they have one blank seat. But that’s not six feet away.
GS: No, but I’m saying the media on TV has got separation, like this morning I’m watching NBC on morning news, and they’ve got them sitting. You know, it’s just a wider angle for the camera, and it wouldn’t be that difficult because I’ve noticed the same thing in every press briefing I see, whether it’s the president or the governors, or any of them. There is a kind of a cluster of people around them, which is typical of the way it used to be and it’s not advisable now.
LN: Yeah, but it’s certainly something that should be looked at. I think it’s important that we do everything we can to keep the infection rate from spiking quickly. We know in Italy, when it spiked the way it was, the death rate goes up to 10%.
GS: Yeah, Italy is, it’s scary because everything they have done, they, unfortunately, got … got into it a bit late because they kept their borders open way too long and they allowed things to kind of transpire that now puts them into, you know, the situation being number two as far as fatalities and as far as case rate. Once they started, and they’ve shut down the entire country, now they’re actually shutting down the transportation systems within the country to try to contain this.
LN: It’s something else. And then with spring break, all the students coming back from Florida, California. They’re all at the beaches. This is going to transfer, and they’re going to be bringing their family members a special gift home.
GS: Yeah, it scares me about the fact that we allowed the spring break festivities to go on the way they did, that the governors weren’t a little bit more proactive in that regard, and that the people themselves… Granted, you’re young, you feel like you’re invincible. But the reality is, you’re not. And the once-in-a-lifetime spring break is not all that great as it is. Having not gone to any spring breaks when I was in school, other than the trip out West and whatnot, but … the value of it is far offset by the jeopardy you put yourself in from a health standpoint.
LN: Yeah, absolutely. Well, thanks for coming on the show again to talk about this.
GS: Great, enjoyed it. Well, I’m sure we’ll see each other again virtually.
President and CEO of Enigma Forensics, Lee Neubecker remotely converses with Geary Sikich, President of Logical Management Systems, to discuss the current state of impacts the Coronavirus has brought to citizens taking shelter at home. Data experts Lee and Geary explain statistics state by state and expose interesting facts for those states that have implemented shelter at home policies.
The Transcript of the Video Follows.
Lee Neubecker: I am here today, again with Geary Sikich, reporting from my basement. Geary is the principal of logical management systems. I am the president of Enigma Forensics. We’ve been talking on our show previously about the Coronavirus and the impact. And today we’re going to be talking a little bit about the current data trends and what’s happening. Geary thanks for being on the show remotely.
Geary Sikich: Thanks Lee it’s kind of an interesting way to work.
LN: It’s the new reality probably for a while, huh?
GS: I think for, yes, a little bit more than two weeks that’s for sure.
LN: Yeah, so I want to pull up some of the data that we were talking about earlier. A spreadsheet that we had here. Is that up on the screen for ya?
LN: Okay, great. So it’s showing that, this is data that was obtained from the John Hopkins website. They’ve got a place where you can download the historical data. Which I showed you a little earlier. Let me just pull that up. So what you see here, you can go on the map tool. You can actually scroll by clicking on the tab. Internet’s running a little slow. We discussed that previously.
GS: Welcome to the world of not enough pipe.
LN: Yeah so you might not have noticed it but there’s a little section that says admin one. If you hit the right arrows you can scroll through and cycle through and see the data reported differently. First it’s by country, and we’re now at 41,708 in the US. When you click, you can see the total. It’s running very slow today.
GS: Yeah John Hopkins, I know that one of the issues with their website is so many people are using it. That it, by this time of day it starts to slow down a bit. So it’s kind of a challenge to get in there and see the data as it stands. But I just noticed on the statistics for today, that the US stats at noon, when I checked I was doing a webinar today on hospital pandemic planning and drills. And US infection rate has jumped up pretty substantially.
LN: Yeah I want to show you some specifics of concerns as we drill down. I pulled the top 10 states And you can click here, you can see by states and regions. You can see New York is getting devastated right now. Then Washington, and then Cook County Illinois here is running right up next in line. But what I found interesting is as you pull the historical data out, but you can get off, we can see, here is New York. That’s a pretty scary curve, and it’s a trajectory that doesn’t suggest it’s going to get any better any time soon. And then you have Illinois, New Jersey, and what not. But what was real interesting is we had a cross. Illinois is this line right here on the screen there. Illinois is, where is Illinois here. We got, actually what I did is I pulled out New York so I could get more zoned. So excluding New York, you can now see what’s going on. And Michigan, that didn’t have a band until they just announced today that they’re instituting a lockdown. But Illinois, more dense, more likely to get a contagious outbreak than Michigan in my opinion. Because they quarantined early enough, you start to see that at least so far Illinois holding out. Now I think that number’s going to jump up. I think that the number, they haven’t fully reported the count for today yet. But it was interesting to see both Louisiana and Michigan and Florida jump up and surpass. And right now, Florida doesn’t have a ban in place. Georgia doesn’t have a ban in place. What do you think’s going to happen with Georgia?
GS: Well I think what your statistics are showing, and it’s interesting is that the early adopters of shelter in place and working remotely, etcetera, cut the bands, if you will. The early adopters of that are finding that social distancing is actually working. The late adopters who have yet to come to the point of doing shelter in place and what not are finding much like the parallel with Philadelphia and Denver during the Spanish Influenza, Denver closed the city very quickly, very little in terms of issues that they had. Philadelphia on the other hand kept everything open and actually did a parade to try to raise money for bombs for World War One. And as a result they had a significantly higher infection rate. And so I think you’re seeing a parallel in terms of history and what’s happening today. So I would say that those states that are late adopters are probably going to see a higher rate of infection. The other thing it would be, is if we can, you’d have to do some manipulation on data with this but is to look at those states which have large cities. Chicago, New York City, Los Angeles. Some of the bigger cities are going to have a significantly bigger concentration of casualties, if you will. That is going to result, it results from the fact that people are living in close proximity in those cities. The other aspect is that, if you think about it, a lot of downtown populations don’t have the, how do I put it, the infrastructure to do a lot of at home cooking. So it’s either they don’t have the storage facilities for food or they just don’t cook because restaurants are so plentiful. And suddenly we’re finding that with restaurants closed and other things being shut down, as far as businesses and what not, that there’s a greater dependence for people to be a little bit more self-sufficient, if you will.
LN: Yep, it’s certainly going to get interesting here. Well, thanks for coming on the show again and talking about this. I’m sure we’ll have some more things to talk about again soon.
Cyber technology and preparedness experts Lee Neubecker and Geary Sikich talked about a business continuity plan way ahead of the COVID-19 virus hitting the US! What does the next couple of weeks look like? Tune in to find out.
Business continuity! It’s official, COVID-19 is upon us and the country is basically on lock down. Government restrictions are everywhere. Just about 15 days ago, Lee Neubecker and Logical Management Systems, President, Geary Sikich talked about what was going to happen when COVID-19 landed on our shores. It’s like they wrote the sequence of events!
Lee and Geary are trained experts in the field of cyber technology and preparedness. They foretold businesses will have employees work from home if they have a job that allows them to telecommute. They discussed different unique challenges businesses will experience when executives and employees take work computers home and remote in. Check out this video interview to learn a few interesting tips on business continuity.
Part 2 of the Coronavirus or COVID-19 & Business Continuity
Lee Neubecker (LN): Hi it’s Lee Neubecker, President of Enigma Forensics, and I’m back on the show here with Geary Sikich, President of Logical Management Systems. We’re continuing our discussion on business continuity planning as it relates to the Coronavirus, thanks again for coming back Geary.
Geary Sikich (GS): Thanks Lee for having me.
LN: So, can you tell everyone what other businesses are actually experiencing that are now at the stage where they’re dealing with government restrictions, either in China, or even in Seattle Washington, and what the reality of the challenges faced by businesses in communities where the corona outbreak is magnifying and spreading.
GS: Sure, the big one everybody is surely aware of was China and some of the things they did, in what people were calling “draconian measures”, which is essentially the quarantine that they set up. They literally lock down roughly about 56 million people and it got to the point where it was from the household where you were staying. They would allow one person to go out and buy whatever food you needed for the day. If that person didn’t have a mask on they were sent back, so no food, so that’d be a big impact. The employers for those employees who are now locked in on a quarantine basis set with empty factories and at about two weeks into that a lot of these employers were saying, “I can’t pay my people because my factory is not operating and I’m about to go out of business”. So, the impact is big in that regard. Just recently in France, the Louvre closed, and it’s closed now indefinitely as of this morning in response to a protect the potential of coronavirus expanding. Italy, there’s closing schools in Italy, they closed schools in China, also in South Korea. They’re doing similar things what we’re faced with here in the States is a very similar situation that is yet to unfold in its dramatic effect. But if we start to see the Coronavirus expand in the States, plan on seeing things like school closures plan on seeing things that are not going to be available on the shelf because the grocery stores are going to be emptied.
LN: That introduces a whole other element of risk, because for those parents of kids that have to be home many of those parents are only going to be able to work from home if they have a job that allows them to telecommute, and there’s, you were talking to me earlier about some of the unique challenges that have happened when executives take work computers home and they’re remoting in, and the one example I remember you saying was that with kids home alone and they have time on their hands, they’ve sometimes gotten into their parents’ computers and if those computers aren’t secure and they go to a game site, and they get hit by malware, the corporate network could be taken out.
GS: Yeah and it’s happened we’ve had it with the clients in different parts of the world where the company organization said it’s a great idea. We’ll set up a mini situation where you can work independently from home here’s a secure computer and over a course of time not much is happening and so, the secure computer becomes something of well we don’t let the kids play games on it and nothing’s going on so I’m not too worried, not realizing the potential exposure that they’ve put themselves in from a vulnerability standpoint. One of the key things, and I think this is a point that we need to emphasize, is that the criminal element people who want to do bad things has really taken advantage of the Coronavirus situation in a lot of different ways. By actually being able to interject malware in posing as a legitimate information site so here you want information on the Coronavirus, I’m here, and the next thing you know you’ve got malware downloaded into your system. So huge impact areas and in that regard.
LN: Yeah, I think that the whole notion of planning and thinking through how your business would respond if your employees weren’t able to come to the office is something that every organization should be doing now because it certainly is it’s not a question of if the virus will spread, it’s a question of you know how quickly and how large of an impact. We don’t fully know what is going to happen in every community with the weather, whether there will be better treatments available or not but we do know that it’s a risk and it makes sense to prepare for not having to have your workers come into your office, and how would you respond to that?
GS: If you think about it in this context to leader there’s some real issues that you need to really begin to assess it all in a lot of detail. So, from a risk assessment standpoint, one obviously you want to look at how do I build contingency plans for us to work remotely whether it’s you working at your home or at a remote location that the company hires to have you know staffed. That’s great if you’re in the Information and Technology business or you’re in the financial sector you’re in a nonindustrial sector, how do you close down a steel mill and tell your employees we’ll go to this other place and work because there’s not the same facility. Here’s the real interesting thing that it but I think it’s a critical point and this is where we begin to start to realize risk management needs to begin to look at some things differently. One, you’ve got a facility it goes into lock down because of quarantine, no employees there. What’s your vulnerability for that facilities now sitting vacant. You have people maybe who want to break in? You still got your computers and other systems there that I would assume can still be hacked into in some way shape or form and you’ve got a lot of potential sensitive information.
LN: And physical security becomes important in that case definitely.
GS: But how you do that if you’re under quarantine and you can’t bring in physical security per se.
LN: There’s a whole issue if you have in our next segment, we’ll talk a little bit more about what businesses should be doing now to be cyber ready for having employees where they can work remotely. We’ll talk about some of the strategies that you can take now to help maximize your readiness for such a circumstance where you have to either reduce your workforce and create space, or have people work completely remote. So, thanks for being back on the show.
GS: Thank you Lee, I enjoyed it.
To View Part 1 of the Coronavirus
Other Related Articles
Official Website of Homeland Security and their Business Continuity Plan
Keeping yourself safe in these trying times is a tall order. Clerk Karen Yarbrough says to use your common sense and practice social distancing, wash your hands and don’t touch your face.
The Corona Virus COVID-19 is upon us! We knew it was coming and Cook County Clerk Karen Yarbrough says let’s practice common sense. The health and well-being is the utmost importance for Clerk Yarbrough. She recalls lessons from her mother, wash your hands, don’t shake hands instead fist or elbow bump, sneeze into your elbow and don’t touch your face. Clerk Yarbrough sits down with Enigma Forensics CEO & President Lee Neubecker to discuss the safety measures the County has installed to keep the polling places safe. Check out this video blog with transcripts.
Cook County Clerk Karen Yarbrough says the 2020 Election will be safe!
The Video Transcript Follows
Lee Neubecker: Hi. It’s Lee Neubecker. President of Enigma Forensics. We’re a Chicago-based computer forensics and cybersecurity consulting firm. And I have the pleasure, again, of having the Cook County Clerk Karen Yarbrough on our show, to provide some common sense advice on what you should do at home and in the workplace to keep yourself safe from this Corona Virus outbreak concern.
Clerk Karen Yarbrough: Thank you, Lee, for opportunity to be here. I think we need to get across to people if they use their basic common sense and remember what mom used to say, they would probably be just fine. Now, 80% of the people who would even contract this, they’re going to be fine. It’s the folks whose systems are compromised, are the ones that probably are going to have some trouble. But, listen. When you sneeze, don’t sneeze out like that. Do it in your arm. Do it in your arm. Okay? Don’t touch your face. Don’t touch your face. I do it all the time. But, don’t touch your face. Don’t shake hands. We’re doing the bump these days. And the hand-bump. Yeah, we’re doing all of that. You know, some of this is basic. Okay?
LN: It’s space.
LN: Normally, you give me a big hug when I come in.
CY: No hugs.
LN: We did the elbow bump.
CY: Yes, that’s right. No hugs right through here, okay? Sorry, I’m a hugger, but I’ve just kind of pushed away. And the other we thing we just implemented today in our office, we usually have our meetings and everybody comes to the meeting, and everybody’s in the room. Everything’s closed up. So today we decided that we weren’t going to do it that way. We’re going to do it remotely. So, wherever you are, you tune into the meeting, and we’re going to have the meeting. So they have a name for that. It’s called social something…
LN: Social distancing.
CY: Distancing! That’s it, That’s it! So, that’s what we’re doing. And, little by little, as people get used to things, we’ll be fine.
LN: I think it makes sense to try to do this stuff before you have no choice.
LN: You can work out the kinks.
CY: Yeah, yeah. So far, so good. In our office we’ve had our challenges with some folks who have called off, said they’re not going to vote. I mean, they’re not going to… They can’t participate, they won’t be judges and that kind of thing. But we’ve been able to backfield them in. So I feel real good about March 17th. I think too, everyone should prepare for the likely event that as this thing continues that schools could be closed. That hasn’t happened yet, and it’s been evaluated on a case-by-case basis, but that’s a logical decision but that’s a logical decision that might be necessary in the future. And, so thinking about that now and thinking about if that happens, can I still answer my call at work maybe on my smartphone?
LN: Yeah. I think we’re going to adapt. I think we’re going to adapt to using smartphones
CY: Thank you Lee!
Other related videos in Cook County Clerk Karen Yarbrough Series
Clerk Yarbrough sits down with Lee Neubecker, President & CEO of Enigma Forensics to discuss the current state of affairs. Clerk Yarbrough assures everyone voting on Tuesday, March 17 voters will be met with a clean and safe environment. Come and Vote and March 17!
Cook County Clerk Karen Yarbrough Gives Safe Voting Practices
Cook County Clerk Karen Yarbrough would like voters to know her staff is taking every precaution to make all voting stations a safe and clean environment. On top of her list, everyone should wash your hands! She says all voting staff will continuously wipe down all surfaces and are trained to keep the stations clean. Clerk Yarbrough urges everyone to remember the rules your mother gave you!…Wash your hands, sneeze into your sleeve and if you have a fever stay home from work, don’t go out and stay in and take care of yourself. Clerk Yarbrough sits down with Lee Neubecker, President & CEO of Enigma Forensics to discuss the current state of affairs.
Check out this video interview to find out what precautionary steps the Clerk’s department has taken to make sure each voting office stays safe.
Election Day is on Tuesday, March 17
Lee Neubecker: Hi, this is Lee Neubecker, president of Enigma Forensics, computer forensics firm based here in Cook County in Chicago. And I had the pleasure of having our very own Cook County Clerk, Karen Yarbrough, here on the show to talk a little bit about what her office is doing to help keep people safe, in light of the recent corona outbreak. Karen, thanks for being on the show.
Clerk Karen Yarbrough: Thank you, Lee. Well, you know, this is a really busy time for us and we have a number of, we have our regular employees and then we have a lot of people, almost 8,000 people, who will be involved in the election on the 17th. So we want everyone to be safe. So in the office, what we’re doing is, first of all, we’re educating people. Now, some of this stuff is just common sense. I mean, people should know to wash their hands. They absolutely should know that. They also should know that if you have to sneeze, you don’t sneeze out like that, you go like this, okay? I mean, didn’t your mom teach you that? I mean, mine did, so. So the education or bringing it back to people on how we can keep safe. So our people have, they have obviously Purell. They have the gloves if they want to wear them. They also have, they clean their work stations. So we have everything that they need and we have a big influx of people for several reasons and especially in vitals and in elections and so we want everyone to be safe.
LN: So with the election fast approaching, I know that previously you were on the show to talk about early voting, in trying to get people to pull a ballot so that they could vote from home. It’s too late for that now, but what would you advise that people should do as they’re heading to the polls?
CY: Well, hopefully they’ll have a card or some information on who they want to vote for. They’re going to find our brand new voting machines there and it’ll probably take them all of two or three minutes to vote this time. So the ease of voting, they’re going to find friendly faces there and people who are willing to help them. We have the touchscreens and we also have paper ballots if people want to use ’em. But we’re encouraging people to use the touchscreen. If you want to use your finger, then you can wipe your finger off with, and we have everything there. I mean, absolutely.
LN: Like Purell?
CY: Absolutely, we have everything there. They could use a pen to do this, you know. They could use their, bring their own pen if they want to fill out a paper ballot. So, you know, again we’re telling people use some common sense here as it relates to, you know, today and all through the last few days, what I’ve been doing is going to the early voting polling places and so I’ve met all of the judges and I see the way that they’re greeting people. They’re not shaking hands, they’re doing fist bumps or arm bumps. Yeah, like that or whatever, but they are not shaking hands. So, you know, as I’ve looked, and we’ve been looking at, watching what’s coming out of Washington, what’s coming out–
LN: Even here in Chicago
LN: Yesterday we had the Prudential building had their first case.
CY: Yeah, how about that? How about that? But you know what? For the most part, 80% of the people who contract it in the first place, they’re going to be fine. Children are going to be fine. It’s people who have compromised systems that have the problems. And older people. I get all of that, but people can be safe and they can be competent, use common sense and be safe.
LN: Yeah, like not jumping on an airline when you know you’ve tested positive. I don’t think you should do that if you have Corona Virus.
CY: Don’t come to work sick. We’re sending people home. Anybody’s around there sniffling or what have you or they don’t feel well, if they have a fever. If you got a fever, you ought to be at home. You shouldn’t be with us.
LN: And just because you have a fever, you shouldn’t be flipping out thinking you have Corona Virus.
CY: Not at all, not at all.
LN: They say that you need to have three specific symptoms combined to worry about it. You need body aches, fever, plus respiratory problems. So if you don’t have all of three of those, don’t bug your doctor. The doctors are under control.
CY: Don’t panic.
LN: Unless you, if you have a fever that runs awhile, call but don’t. Then you should assume that you have Corona Virus.
CY: I’m hoping that we get some better information out of Washington, though. There have been mixed messages there, so let’s hope that we can get better information out of Washington as well as what we need. I noticed that out governor was pretty frustrated about his inner workings with the federal government on what we need in Illinois. So let’s hope that they get that together.
LN: Yeah, absolutely. Well, thanks for being on the show again.
CY: Thank you.
Watch related videos to this series with Cook County Clerk Karen Yarbrough
Cook County elections are on Tuesday, March 17. Cook County Clerk Karen Yarbrough assures everyone voting will be efficient and safe Check out these voting tips!
Every Vote Counts
Cook County Clerk Karen Yarbrough says tip number one – be prepared! Tip number two-do your homework on the candidates before you come in and vote. Lastly, it’s ok to bring your notes with you. She ensures that every precaution will be taken to make sure everyone is safe!
Clerk Yarbrough is excited to report, Cook County has all new voting machines that will streamline the voting process. She adds if you would prefer to use the old paper ballot they will have those available too. In addition, the new barcode system will accurately tally and record of voters ballot, which will make counting votes extremely efficient. After the election, Clerk Yarbrough says the office will do a full audit and confirm that every vote is counted She assures everyone voting will be safe and there will be plenty of antiseptic and gloves available! Watch this video as Lee Neubecker interviews Cook County Clerk Karen Yarbrough and asks about voter tips.
Tuesday, March 17 Vote for your Candidate!
The Video Transcripts Follows
Lee Neubecker: Hi, it’s Lee Neubecker, President of Enigma Forensics. I’m a cyber-security and computer forensic expert witness, and our firm’s based here in Chicago within Cook County, Illinois. And I have the pleasure of having our very own Cook County Clerk, Karen Yarbrough, appearing on the show today to talk to all of you about what you should know, what you should do, as you head out to vote in the next few days. Karen, thanks for being on the show and thanks for sharing these tips.
Clerk Yarbrough: Well, thank you Lee. Thank you for the opportunity. We wanted to be able to tell people what they can expect when they come to vote. For people who come to vote each and every time, they usually know. They, you need to be prepared, and one way you can prepare is by having your own notes on who you want to vote for. We have brand new machines this time, and those machines, it’s going to be a whiz. Everybody has told me they love the new machines. For those who are uncomfortable with using touch screens, we’re going to have the regular paper ballots. But, if you’re prepared to vote, it should take you a few minutes to just go straight through that ballot. And, you know, usually people have problems with all of the judges, do your homework before you come in.
LN: Well, it certainly will help speed up the lines and reduce congestion.
CY: Certainly, certainly.
LN: Also wearing gloves, if you’re really concerned, there’s nothing that prevents you from wearing gloves to vote.
CY: Not at all, we’ve seen a few. You can wear glasses. We’ve seen a few people with gloves on. We’ve seen a few people having their own pens because they plan to pull a, you know they want a paper ballot. So we’re going to, you know, bring your own pen if you’d like. We’re going to, at every station, we’re going to have the bacterial .
LN: The Purell?
CY: Yes, we’re going to have that. We wipe down the stations after each.
LN: You must have got yours early.
CY: Yes we did, yes we did.
LN: You were prepared.
CY: Yes, we wanted to be prepared. We wanted to be prepared. We were hearing about what was going on, and we know that we have one day to do the election actually. We have all of these days for early voting, but we have that one day and we got to get it right.
LN: Now, I’ve heard that there were some concerns regarding the barcode on some of the ballots that gets printed that that could be.
CY: I have no concerns about that, okay. The great thing about our new equipment is while you’ll put your ballot through and the barcode is there, but we have a record of each and every one of those ballots. If we have to go back, and we do, we go back and we review to make sure things are right.
LN: So, on paper it’s doing more than just the QR code. It also has the friendly names printed out.
LN: Is that correct?
CY: Oh absolutely, yes.
LN: So the concerns that some people had were that, I think the concern was that the barcode could be different from what’s printed. But if that were the case, you’d be able to audit that after the fact.
CY: And we do a full-blown audit at the end of every election just to make sure.
LN: So someone voting, they’ll be able to actually see the print out on paper.
CY: They will be able to have that in their hands. They’ll be able to check their choices and then they will cast their own ballot, not us but them.
LN: And so it gets scanned and digitized, but then the physical ballot gets locked in the box, correct?
LN: So, there’s a dual system.
LN: I think that makes a lot of sense.
CY: It does, it does. And it gives people peace of mind. You hear all of these stories about well, my vote may not count, and this. I mean, all kinds of things. So to prevent those kinds of things, we have new equipment, and we have a new process, and I think people are going to like it.
LN: Great, well everyone get out there and vote. And, thanks Karen for all your work on this to help make sure election day goes smooth.
Jacob Meister vows to help those who don’t have access to electronic court communication to enable them to help themselves. He is running for Cook County Clerk of Circuit Court. Access to Justice is what Jacob Meiser stands for!
Election Day March 17
Cook County Clerk of Circuit Court Candidate Jacob Meister vows to bring access to justice. He’s concerned for those who aren’t represented by a lawyer in the system, who don’t have access to electronically file in the court system, who can’t afford internet access, or they simply don’t have a computer or most of all they don’t know how the electronic filing system works. These are folks without financial means and denied access to justice. Jacob Meister has a plan that will ensure everyone has access to justice.
Cook County Clerk of Circuit Court Candidate Jacob Meister, the real deal! Lee Neubecker interviews Jacob Meister to learn more about what makes him tick. Check out this video to learn more. You’ll be glad you did!
Meister says…Access to Justice to those who can’t afford it!
The video transcripts of Access to Jacob Meister follows
Lee Neubecker: Hi, I have Jacob Meister back on my show. Jacob, thanks for coming in again.
Jacob Meister: Thank you, Lee.
LN: So Jacob’s running for Cook County Clerk of the Court, which is one of the largest court systems in the U.S. One of the things that you talked about before is bringing about justice and access to resources necessary. What would you do to help those incarcerated have access to the information they need to defend themselves?
JM: Well, you know access to justice is one of the principal themes of my campaign because as Clerk of the Circuit Court, I’d be presiding over the second-largest court system in the country as Chief Operating Officer. And as we’re moving towards, for instance, electronic filing, there are efficiencies that are achieved. But at the same time, for those people who aren’t represented by a lawyer in the system, all of a sudden they find themselves where they used to be able to mail in their court filings, all of a sudden they’re required to file electronically into a system. It’s very bureaucratic and hard to use. So as a result, those individuals, maybe they don’t have internet access, they don’t have a computer, they don’t know how the electronic filing system works. They’re denied this access to justice unless they travel down to a courthouse during business hours, and stand in line for sometimes an hour or two, just to get assistance to file into the system. One of the things that I will do as a clerk is to provide computer filing kiosks in every library in Cook County, so that individuals who are faced with a lawsuit that they have to file a response, can do it on evenings and weekends, they don’t have to take time off of work. They can go down, and we’re going to be training reference librarians who understand the electronic filing system, and will be able to provide assistance, showing individuals how they can upload into the system so that people can file and access 24/7.
LN: So you’ll be partnering with other governments that are there, the City of Chicago, other municipalities, to actually train their staff, so that if someone doesn’t know, they’ll have the convenience of going to their local library, instead of having to take off work to come downtown.
JM: Correct, correct. And we’ve got hundreds of libraries in this county. And they’re all potential points of access to our justice system. And as we move to an electronic system, we can increase the number of points of access, and start allowing people in their own neighborhoods to access justice. And that’s really important.
LN: What about those incarcerated that are in the Cook County jail, and what not, is there access to resources there presently?
JM: Absolutely, well absolutely. You know, one of the big problems we have is that the Illinois Department of Corrections has around 600 prisoner appeals pending in Cook County alone, where prisoners appeal their convictions. Maybe they’re trying to overturn the conviction or change the sentence. And right now, records access is so limited that some of those prisoner’s appeals have been pending for more than a year without the clerk’s office being able to get the record to the appellate court, and the appellate court can’t do anything without a record. That is a travesty. So accessing justice is important. I want to have a robust case management system so that those records are accessible, and can be assembled, and that we’re keeping complete files electronically so that they can be transmitted up to the appellate court, and won’t be getting lost.
LN: Great. Thanks for being on the show, this is really helpful.
Cloud-based storage of an organization’s data attracts cyber hackers like bees to honey. Hackers take time to study and find flaws to breach, extract and sell personal information data. Data Experts Lee Neubecker and John Blair discuss cloud data compliance and legal regulations put in place to protect cloud-based data.
Compliance and Privacy Laws
Cloud cyber risk goes hand in hand when storing data on the Cloud. New compliance and privacy laws have been enacted to protect this cloud-based private information. The State of Illinois has passed a privacy law that specifically addresses how companies gather and store private data.
The Illinois Policy Group, an independent organization that generates public policy, explained that in 2008, Illinois enacted the BIPA, the most stringent law of any state regarding the consent, notice and disclosure procedures private entities must follow when collecting, storing or using people’s biometric information, such as fingerprints, iris scans and face prints. This law forces companies into compliance and makes them more responsible for the collection and storage of private data ultimately, decreasing exposure to cyber risk.
Data Experts Lee Neubecker and John Blair say because of BIPA companies are now more aware of how they secure and store data. They discuss other data compliance and privacy laws such as; California Consumer Privacy Act (CCPA) and Health Insurance Portability and Accountability Act (HIPAA) and how these laws help regulate the healthcare industry and other organizations when storing consumer data, and vendor data in the cloud ultimately protecting the consumer. Watch this video interview to learn more.
View Part 2 of our 3-Part Series on Cloud Data
Lee Neubecker: Hi I am back again with John Blair. We’re continuing our discussion on cloud security and helping to minimize your cyber risk of having data in the cloud. And today, we’re going to be talking more about some of the compliance and regulatory issues and legal issues that companies face that are having their data and customer data, vendor data in the cloud. So, John, can you tell me a little bit about some of the regulations that impact the healthcare sector specifically?
John Blair: Yeah, the primary one is going to be HIPAA and associated as subsequent acts like HITECH and things like that that augment HIPAA and some of them more clearly defined some of the rules and regulations, primarily Security Rule and Privacy Rule. So those are going to be the ones that primarily come into play, but there are also individual state versions of healthcare acts that you need to abide by and each state has one so you also need to abide by the state regulations as well.
LN: Interesting. So it really, if a company’s operating in multiple states, they have a lot of issues to be looking at.
JB: They have a lot of regulations to be aware of and to be compliant with, yep.
LN: So I know here in Illinois, we have the Illinois Biometric Information Protection Act, otherwise known as BIPA and that’s been creating a lot of stir with Facebook recently had a settlement.
LN: And apparently Illinois Residents that have Facebook accounts might be entitled to around $200 per person.
LN: If you are in Illinois and have Facebook, so possibly you will be notified.
JB: Yeah, Illinois is the only one.
LN: And do you think it will be through Facebook Messenger?
JB: I do not but Illinois because of that law, Illinois residents are the only ones that are getting anything out of that lawsuit because of that, specifically because of that law.
LN: Got it.
JB: So I don’t know the details of the law but on the surface, it seems to be headed the right direction.
LN: Right, essentially they took the position that your biometric information, unlike your cell phone or your social security number, you can’t change it.
LN: So if that data becomes compromised such as your facial vector map,
LN: Or your fingerprint or your DNA, that you can’t swap it, it’s part of who you are.
JB: Right and those, you know, we’re finally headed in the right direction where it’s being considered personal.
JB: So which I totally agree with.
LN: We also had just last month the California Consumer Privacy Act, known as CCPA went into effect and that’s got a huge impact on anyone who does business with California residents.
JB: Yeah, that is yet to, I think people were preparing for that prior to that but it’s going forward, I’m sure there’s going to be a lot of repercussions from that because there’s going to be obviously companies and entities that don’t prepare well for that and are going to get caught up in it because it covers, California is a huge state, a lot of people so there’s going to be some lawsuits.
LN: So it’s also been such that if you’re making medical devices for consumers and you have that information, relaying over 3G, 4G networks, we’ve got CPAP machines, pacemakers, all other types Of information. LN: All kinds of monitors
LN: And that information going to the cloud, if you’re a California resident and that information gets breached, it could be used by marketers or it could be used In other ways to target people.
JB: Yeah hospitals are going to need to really step up their game with respect to that particular regulation. Hospitals traditionally are a little bit behind technically speaking from an IT point of view, they’re very much on the bleeding edge from a medical device IT point of view but they tend to lag behind because you can’t, it’s hard to afford both
JB: But this is going to, you know, how they allow individuals or access to their networks, what they allow in and what they allow out because that’s the channel these medical devices use is going to be very, very important that they get more control over those things.
LN: So as it relates to healthcare, what are some of the concerns about when a data incident is discovered to actually turn out to be a data breach, what types of reporting and notification requirements are unique to the healthcare sector?
JB: Well, first and foremost, you need to evaluate the situation and then have in conjunction with your legal team and compliance teams, establish whether or not you do officially declare it a breach which means you need to investigate it, you need to involve any vendors that were involved with that data because it may have been the vendor that you’ve contracted with that actually had the breach of the disclosure and not you but since they’re your vendor, you’re also on the hook and that flows all the way up from business associates, which is what those two entities will be up to the covered entity who actually owns the data. So after a thorough investigation and consultation with legal and compliance, a determination needs to be made whether or not you’ve formally declared a breach. And if so, then there’s all kinds of HIPAA standards that come into play about notification to the government, notification to each individual affected by the breach, what needs to take place with respect to that notification, there’s a timeline involved that needs to be met. So there’s all declaring it a breach is a very formal and arduous task.
LN: Yeah, not a pleasant one.
LN: In our next segment on securing data in the cloud, we’re going to be talking more about when a breach is discovered, some of the issues related to reporting the breach and what that can mean to an entity, especially if it’s not handled correctly. So thanks for being on the show again.
JB: Thanks, Lee.
View Part 1 of our 3-Part series on Data Cloud Storage
Coronavirus is here and leaving death and destruction in its path. Lee Neubecker and Geary Sikich uncover the Coronavirus and its global impact on businesses worldwide and what it means for us here at home in Chicago.
Coronavirus is here and globally impacting our world. Human beings are dying and the toll keeps rising more and more each day. That is the horrible truth of disease! Besides causing human pain and suffering the Coronavirus is also causing disruption and impacting many businesses that are dependant on each other. What does the impact look like? Forensic Expert Lee Neubecker and President of Logical Management Systems Geary Sikich dissect Coronavirus and the huge global rippling impact. For example; Chicago recently canceled the Housewares Show at McCormick Place which typically draws over 60,000 attendees. Everything associated with that conference will feel a significant downturn. ie. hotels, travel, transportation, local food, and beverage. As a result of this global business disruption, there will also be an increase of vulnerability and these experts anticipate an increase in cyber activity. Watch this video interview to learn more about other global industries impacted by the Coronavirus.
Part 1 of our 2-Part Series on Coronavirus
Lee Neubecker: I’m here today with Geary Sikich. He’s the president of Logical Management Systems, a cyber and business continuity consulting expert. And I’m Lee Neubecker, the president of Enigma Forensics. We’re a computer forensics firm that provides investigative assistance with matters involving litigation or otherwise investigations. Today we’re going to be talking about the Coronavirus and the global impacts. Thanks, Geary, for being on the show. Geary Sikich: Thanks, Lee, for having me back.
LN: So, Geary, can you tell everyone what’s happening right now globally, as it relates to the business environment in impacted nations?
GS: Well, the current state of affairs is that Asia is in a situation where Coronavirus continues to kind of expand. It’s expanding at a lesser pace in China, but it’s accelerated in places like South Korea and in Japan. And we’re starting to see it, obviously, move from those Asian countries into the Middle East. Iran has a huge issue with Coronavirus. Italy has another big amount of people that are confirmed cases versus cases under observation. So there’s a significant amount of human impact there. On the business side, this has disrupted a lot of businesses in just about every way you can imagine. So, the shipping industry? Tremendous disruption there. Airline industry? Tremendous disruption there. A lot of flight cancellations and other things. We’re seeing now sporting events, conferences, conventions, all kinds of things that are essentially money-makers in the normal sense, but also dependent on a tremendous chain of support to bring off. Suddenly a conference is canceled, and now you have hotels affected, you have transportation systems affected, you have all the food services affected. This kind of rippling through a lot of areas is causing a very very big concern with, not only businesses but governments. How do you control it and what do you do in this situation?
LN: So, here in Chicago, we have the Chicago Housewares Show canceled. Recently many vendors were coming from other nations where there’s a travel ban. And that impact certainly impacts the workers that are at the hotels, The audio workers.
LN: And whatnot, their hours get cut.
GS: Yeah, the interesting part about that is that when you begin to look They had on the news the other day, They had on the news the other day, was talking about the cancellation of this convention. 60,000 people come. And obviously there’s a lot of work that’s done: Setting up booths, displays, and all the other things that go along with it. Suddenly, he’s out of work for a period of time until the next convention comes in or maybe doesn’t come in. But that ripples through to hotels, food services, restaurants, your taxi cabs, your Ubers, your Lyft, your everything associated with coming to a place for a conference or a convention. So a huge impact. But then you also have So huge impact.
LN: But then you also have and these deliveries are now delayed because of the dockworkers that load up the equipment
LN: And these deliveries are now delayed where they have restrictions in place.
GS: And an interesting sidelight to that is that you look at the shipping industry and the amount of material that’s shipped by the containers those ships carry are what they call 20,000 TEU which is a 22-foot equivalent unit. Or 20-foot equivalent unit. Anyway, it’s a size that they have. If you look at that aspect, one of the things that some companies are starting to encounter, and I think you’re going to see more and more of this, is that because of delays in shipping, suddenly the container supply is not as available because your container, Lee, that you shipped, full of your product is sitting out in the ocean waiting to dock at my port, but it can’t come in because it’s quarantined? And now that container is going to sit. But John’s company needs a container to ship his product. Can’t get it because your container’s the one he would’ve normally gotten. So huge impacts in terms of ripple effects in a lot of it. So the average time that the container holds goods, in terms of the number of days is increased markedly. And the existence of the containers largely
LN: So the average time that the container holds goods, so there’s a shortage. Right. And if you think about this in another context, the number of things in the containers, it’s not just computer chips,
GS: Right. Roughly, and I heard a figure that was kind of astounding to me, but about 80% of all the containers are full of perishable foods.
LN: Oh yeah, certainly.
GS: You’ve got your bananas, and oranges and things that we don’t necessarily get in Chicago in the wintertime ’cause we don’t grow them.
LN: Oh yeah, certainly.
GS: You’ve got your bananas because it’s no longer fresh. I’ve got to decontaminate the container. because we don’t grow them, in terms of how these all are impacted. Which gets us into looking at, from a computer security standpoint. These are tracked. Barcoding systems and whatnot. How easy is it for that to get disrupted because somebody decides it’s an opportunity to hack into a network?
LN: Certainly, when systems are constrained and overworked, it’s the likelihood of a failure or an attack compromising the system goes up. So it creates a real opportunity for a hacker to strike and have a magnified impact, So here in Chicago, we have a lot of companies that are impacted by this. We’ve got Boeing, We’ve got United Airlines. Boeing. Major facilities for companies that, while headquartered elsewhere, operate big hubs out of Chicago. Especially in the airline industry.
GS: United Airlines. still, kind of the shipping center for a lot of the country. And if you look at the Chicago area, if you will, you’ve got then industries in Northwest Indiana, you’ve got industries south of Chicago.
GS: A huge amount of rail traffic that goes through. The expressway between Indiana and Chicago, 80, 94, is one of the heaviest traveled expressways in the world. You’ve got a number of other businesses that suddenly have the exposure that they hadn’t realized. A huge amount of rail traffic that goes through. What would happen if you took the casinos in the Chicago area and closed them down for two weeks? It’s not just casino workers. It’s not just the amount of money the casino’s going to lose by not being in operation. It’s the day worker. It’s what we call the gig economy. Those people who live paycheck to paycheck that are dependent. So suddenly, they’re without. How are we going to deal with making sure that there’s a, if you will, an equilibrium or a safety net for those entities? One of the things we’re faced with, starting to see now, the City of Chicago’s just announced they’re just putting together a pandemic taskforce. They’ve had a few months watching it unfold in China. much like the rest of the United States, and, if you will, the rest of the world in some respects. Why has it taken this amount of time, and what do we need to be aware of from a private-sector standpoint as to what the public sector is going to do? So from a planning standpoint, this is critical. If you’re a business and you’re putting together a plan, and your plan suddenly conflicts with the City’s plan or the State’s plan, what happens then? How do you deal with that?
LN: Those are all great points. In our next segment, we’ll be continuing our discussion, and we’ll be talking a little bit more about what it’s been like for businesses that are going through some of these extreme measures that are being put in place to help protect and contain the virus from spreading. Thanks for being on the show.
Your email has been frozen and your company website is down. Your IT department has confirmed a data breach. What do you do next? Incident Expert Lee Neubecker and legal expert Kari Rollins offer easy instructions about your next important steps.
It’s a fact! Your IT team confirmed a Data Breach or incident has occurred. What do you do after the fact? Forensic Expert Lee Neubecker and Legal Expert Kari Rollins say don’t panic! First, convene with your incident response team, start to investigate under privilege, and contact a 3rd Party forensic expert to help preserve vital information. Watch the rest of this video for further recommendations about data breach response after the fact!
View Part 3 of our 3-Part Series on Data Breach
The Video Transcripts of Part 3 of our 3-Part Series on Data Breach follows
Lee Neubecker: Hi I’m back again with Kari Rollins, and she’s here talking with me today about data breach incident response. The Sedona Conference recommends, how an organization should respond to such incidents. And we’re talking in this third part segment about what to do after an incident has been reported. So Kari, please tell me what the initial issues are that come to mind when you get that phone call from a client that says something happened.
Kari Rollins: Sure, so usually, as we were talking about in a prior segment, you may not know whether you’ve had a breach as defined by law. You are just told by your information’s security team, or an employee or a manager that you’ve had, there’s been an attack. Or there’s been, “I can’t get access to my email,” Or, “My account’s frozen.” So you immediately start to investigate. You want your.. according to your incident response plan which we’ll hopefully have in place, you’ll convene your incident response team; you’ll start to investigate under privilege. You’ll call if you need your outside forensic investigator to help you access it. Help you access what’s happened, right? That the facts in an incident are really, really important because they drive the legal conclusions. Have you had a breach, or have you had an incident that has resulted in the acquisition with just the access to personally protected information? Or are you.. did you have an incident where maybe the systems that house the personal information were accessed, but there’s no evidence that the malware ever made it into the room where the family jewels are hidden and they were taken out. And that’s an important part of understanding whether you actually have a legal obligation to notify regulatory authorities or consumers. So the first step is always convening the team, putting it under privilege, calling your experts, and starting to investigate the important facts. Was this an outside threat, was it an insider threat? I know you’ve had experience a lot with investigating internal threats, which are on the rise these days as I would expect.
LN: And a lot of these incidents, it may be reported as a data breach, and the question is well, how did it happen? And sometimes, it’s not too uncommon that IT staff don’t receive the resources they request, and that data incidents happen as a result of being under-resourced. And in circumstances like that, there’s still a lot of pressure on the people managing IT, to not only run the organization ongoing but to deal with this whole new layer of troubles. So having that team in place beforehand where those relationships are there really helps.
LN: And the other thing too is, you know, if there is a failure internally, it’s more difficult and less likely that you’re going to get the facts quickly if you’re using the team responsible in some way for the breach to report on what happened. I always recommend that after that initial meeting that preservation of key data occurs, and is offloaded outside the organization. You know, log files, certain key computers, email systems to the extent that they were modified so that there’s the ability to do that analysis. Because when an organization has an incident, it’s quite possible that all the data disappears, and the effort to cover the tracks.
KR: Or it’s not even, it may not be as nefarious as that. It could be that the teams are working so quickly a lot of the remediation plans are to thwart the malware and to remove it. But, in a lot of instances, you need to safely remove it and keep a copy of it, because you need to reverse engineer it. And understand how it got there, understand other signatures it might have; so being thoughtful, and we talk about this being thoughtful about evidence preservation is really critical, especially if you get to the point at which you do have a breach that requires notification. And litigation regulatory inquiry ensues, you will have been expected to preserve that evidence and show the chain of custody. Otherwise, you could have allegations of spoliation leveled against your company.
LN: And I’ve seen circumstances too where a legitimate data incident happens and we’re able to get it quickly and identify the impacted individuals. And sometimes it’s just been a few people; in a circumstance like that, it’s much easier to reach out to those individuals, make things right, and resolve the issue. And be able to report to them what happened. It’s much better than having to publish on your website and report to the attorney general that you had some massive data breach. So, not all data incidences are massive data breaches.
KR: That’s true, some of ’em impact you know, one or two individuals, and you may still have an obligation to notify them under the relevant law. But they don’t have to be the big massive breaches. And again, I think the great thing about the Sedona Conference Guide is that it’s, you know, it helps companies navigate small to big breaches. You know, it’s not intended to be the ultimate authority on the law in this area, because the law is ever-changing. But what it does is it helps companies issue spot from a practical perspective so that they know what laws they need to consult, and why and what issues they need to address, like for example, notifying your insurance carrier. One of the big questions we always get is, Well, we’re the victims, here; the company X is a victim of this cyber attack. Who’s going to pay for it?
KR: And so, insurance coverage for cyber incidents has is a really hot button issue these days. And so it’s important for companies to know in advance what their policies say, what the notification requirements are. Even if they just have a sniff of an incident – maybe it’s not a breach. So that the third party and first-party costs are covered, and that you’re working with your insurance carrier, and you’re working with your insurance council to ensure that coverage. And to make sure that you’re getting the right information to your insurance carrier about your forensic teams. Are they approved? What rate are they going to be reimbursed? What type of reporting do you have to do from a cost an expense perspective to your insurance carrier? So.
LN: And, it true that if companies use their own internal IT resources to do the investigation, that the insurance carriers usually won’t pay out their own internal resources?
KR: It really depends. It depends on the policy.
KR: It really depends on the policy. There are, in some instances, some policies would cover the first party staffing costs, so for example, if you had to pay staff overtime to work 24 hours a day to try and investigate, you may be able to claim that. But it really depends on your policy. There’s certain.. there’s certainly reimbursement line items for business disruption and business interruption. Or, you know the loss of business, loss profits line items, as a result of ransomware tax. But again, knowing your policy is a critical step in preparing.
LN: Where do you see the benefits of using an outside forensic investigator as opposed to internal IT to investigate when an incident happens?
KR: You know I think it’s two-fold, one, a lot of internal IT teams are taxed as it is with their day to day obligations. And if an incident is one that is medium-high critical, you want to be able to dedicate the resources to the incident to investigate swiftly, and to ensure that there’s no delay. And so pulling in a third-party forensic expert alleviates some of that burden and stress on the IT teams. And then separately and secondly, it also creates a level of objectivity that is.. that benefits the company in the event. Or in the unfortunate event, someone in the IT group may have made a mistake that caused the vulnerability. There’s less likely that that mistake would be covered up. Or there’s going to be more candor from the third party expert, the to management team say like, “Hey, this issue should have been addressed”. And it wasn’t, and now you know what thwarts may be in the event. You have some litigation down the road and you need to defend. But so I would say really sort of time and devotion of resources where needed, and objectivity.
LN: Great, well thanks a bunch for being on this show; this was great.
KR: Absolutely, thank you.
Part 1 of our 3-Part Series on Data Breach
Part 2 0f our 3-Part Series on Data Breach
To Learn More About Sheppard Mullin / Kari Rollins
Secure Cloud Data! Large organizations buy cloud services that provide storage on servers and other devices and connect with computer networking equipment throughout the world. So, how are they securing the data? Experts Lee Neubecker and John Blair say start with knowing what data is being stored.
What steps do organizations need to take when securing data in the Cloud?
The Cloud is digital storage that is physically secured and stored on big servers owned by big companies and made accessible through the internet. These big companies are connected with other computer networking equipment throughout the world. Does this sound too big to secure? Experts say there’s no time like today to understand where your data is stored and how it’s secured.
Today on the “The Lee Show”, Forensic Expert, Lee, and his guest John Blair who is cyber governance and information technology expert, explores the complexities of cloud-based security and storage. John suggests starting with obtaining a holistic inventory of your organization’s data and most of all be aware that some employees bring their own applications and use their own personal device to store organizational data. Check out this video on securing data in the cloud to learn more about cloud storage and cyber risk.
Part 1 of our 2-Part Series on the Securing Data in the Cloud
The Video Transcripts on Securing Data in the Cloud follows
Lee Neubecker: Hi, I’m here today with John Blair. John is a cyber governance and information technology expert. He’s on the show here today with me to talk a little bit about securing your data in the cloud. Thanks for being on the show again, John.
John Blair: Hi Lee, good to be back, thank you.
LN: So we’re talking about cloud cyber risk. What do organizations need to be looking at to help secure their data in the cloud?
JB: I think first and foremost, you need to understand where is all the data and how do people get data in and out of their environment? There’s a lot of things typically called Shadow IT, where certain departments or certain users might you know, for example, start sending things to Dropbox to sync data amongst themselves to make it easier for themselves. But they might be syncing confidential information that’s not on Dropbox and the organization has no idea about it. You know, that scenario plays itself out over and over and over again, where there might be departments that actually use applications in the cloud that thus obviously, are processing data as well that the organization might not know about either. So you need to get an inventory of data. Where is it from a holistic point of view?
LN: And today you have the Bring Your Own Cloud, BYOC,
LN: Many employees are bringing various apps with them that they’re used to using from their prior employers, and they’re wanting to use these apps. Sometimes they’re putting them on their smartphones and whatnot.
JB: And that’s driving a lot of the corporate action towards that. The cloud for first and foremost is a cost-savings for the most part. But what people are not realizing is that along with those savings comes certain responsibilities. And, from a user perspective, you know, people are used to as you said, people are used to certain applications, they’re used to certain things on their phone, or on a tablet or they’re used to working in a certain way with certain applications. And then you get in a corporate environment and those applications or that way of working might not be available. And so people start voicing that, and it becomes, you know, somewhat of a problem for corporate to adapt and keep up.
LN: So organizations, especially healthcare-related organizations, as well as financial services and other organizations that depend on intellectual property have a real risk here, don’t they with people bringing apps?
JB: They have a very big risk. Both of those sectors are heavily regulated. Data needs to be very tightly controlled. Breach notifications in the event that it happens become a very big deal, very public. And if you can’t explain where the date is, and where you know, who has it, then you have a problem.
LN: So isn’t there also risk not only faster dissemination of intellectual property and trade secrets, but what if the information becomes compromised by malware or a hacker to morph the data or destroy the data?
JB: Yeah, your only recourse at that point is to have really, really good backups. Because otherwise, you have no actionable direction to take. If you don’t have a backup of that data, you know, you have no ability to recover. It still might be considered a breach, a lot of times, and certain organizations or certain regulations. So you still might have to report it, even though the data has never left your organization, the fact you’ve lost control of it might be considered a breach. So that might be something you’d have to consider with your legal teams. But it’s not, it’s still a very big deal because you no longer are able to use it.
LN: So don’t you have a risk though, that if your backup is online, that the attacker could compromise your primary source and then your backup drive attached to your server?
JB: Well, hopefully, they haven’t gotten that far. But if generally speaking, your backups are always in the separate physical location, and not necessarily on the network.
LN: So you rotate them?
JB: and they’re separate, you know, media and things like that, but yeah, if you’ve gotten to the point where they’ve corrupted your database, they’ve encrypted your database, and they’ve also encrypted or destroyed your backups, you’re, in a very bad way.
LN: So knowing that hard drives sometimes fail, if you’re using a physical hard drive to write the data to, what do you think most organizations should be doing to ensure they have a certain number of versions that they can restore to?
JB: Well, normally backup systems are version controlled and so you do backups based on frequency. You do daily, you do hourly, you do you know, on the spot, so there point in time, a lot of times where there’s a lot of people, organizations, that can afford it have failover data centers, for example, that are mimicking the primary data center. So there is no loss of processing. but that’s very, very expensive to do. But yeah, you should definitely have you know, off-site storage of data. But those are all historical, and things that are not necessarily online that you can immediately refer to those lesser compromised to your point. LN: So when you’re considering bringing in a cloud provider to your organization, is it an official, non-shadow ware operation? What are some of the questions you ask of your vendors and things that you look for to help secure, ensuring those cloud providers are secure?
JB: Right. First and foremost, do they have some sort of testations with respect to the services you’re going to use for that provider? Cloud providers have hundreds and hundreds of services, not all of them are audited by an independent auditor, not that that guarantees anything, but at least if it’s the services you’re going to use or the applications you’re going to use. or the locations you’re going to use with that cloud provider, then you have something to point to say, you know, we did our due diligence, and they have these SOC 2’s or whatever form it might take. But you have to do something on them to ensure that, because the cloud is half their responsibility and half of yours, and you have to make sure they’re doing their half.
LN: So what other things do you think that organization should look for if they’re using data in the cloud, how to maximize the security of that data?
JB: First and foremost, I think they need to within their own organization, block these drop boxes and the Google drives and all that sort of stuff like that, so that people individually can’t make you know, downloads for example, from the database and then upload it to Dropbox or Google Drive or whatever, and then go home and look at the same documents. You know, from a personal perspective, that’s very convenient, it’s very nice to have to be able to sync and you know, you can use one, one central source of the information, but from a corporate perspective, that isn’t your data. It’s a corporation’s data. And so, you know, the corporation needs to be responsible and know where that data is going, and how to prevent it ideally, from getting there. It’s very easy to drop, you know, to block Dropbox at a network level, you know, but the problem is that there are hundreds of those types of things to block. And so you know, you need to do a lot more care from a corporate perspective internally to make sure that your users aren’t putting data someplace where you lose control of it.
LN: And are there any, any other things that you’d recommend adopting if you’re going to use these cloud platforms to help ensure that hackers don’t get access to user accounts?
JB: That’s an interesting one because as yours been, you know, almost all those user accounts have been hacked at one point or another. And so the only thing protecting me at this point is a password. I think multi factors in you know, bio authentication type of actions are the only thing you can do to improve your chances of those accounts not being used by inappropriate people. Because the accounts themselves are basically public knowledge, you know. Your, you know, your username is public knowledge, the only thing protecting it is a password.
LN: And so, you know, the multi-factor authentication actually addresses and requires that you have to have three factors. Something you know, something you are, or something you have.
LN: So, for instance, many people know their password. They might have a thumbprint or they might have their cell phone.
LN: That is something that they have. So you know, having that second factor makes it less likely that someone can simply get the password and get in.
JB: Right, where they send like to your point the phone, they send a code to your phone, you enter the code into the application–
JB: And then you gain access. Until then you’re simply at the network border.
LN: So on our next video, we’re going to be talking a little bit more about, again about the cloud, cyber risk security and specifically we’ll talk about some of the legal and compliance issues that arise. Thanks for being on the show.
JB: Thanks, Lee. My pleasure.
Other related articles about securing data
National Institute of Standards and Technology on Securing Data in the Cloud
“Wipe out court debt!” says Jacob Meister, candidate for the Cook County Clerk of Circuit Court. He has a plan to ease the crushing burden of fines, fees, and forfeitures. Check out this video to learn more about his solutions.
Debt forgiveness is now one of the most popular presidential campaign promises but what does it mean on the local level. What does debt forgiveness mean for the City of Chicago taxpayers?
Enigma Forensics President & CEO Lee Neubecker interviews Jacob Meister, who is running for the office of Cook County Clerk of the Circuit Court. Lee is interested to learn more about what are Jacob’s plans regarding debt forgiveness.
Part 3 of our 4-Part Series on the Cook County Clerk of the Circuit Court, Jacob Meister
Part 3 of our 4-Part Series on Jacob Meister
Lee Neubecker: Hi, I have Jacob Meister back to my show, Jacob thanks for coming.
Jacob Meister: Well, thank you for having me Lee.
LN: Jacob’s running for Cook County Clerk of the court. And we’re going to talk today a little bit about some things that have been trending in the news related to debt forgiveness. From the federal student loan debt, there have been talks about wiping out the debt owned, lots of people are concerned over medical-related debt. But now there’s been some, some calls by one of the candidates running, requesting that we just wipe away the Quartet. And I wanted to get your feedback on what the problem is there, and what do you think the solution is?
JM: Well, for years, I have been an advocate for easing the burden with court fees that are charged to litigants, fines, and forfeitures that go through the clerk’s office. The clerk is required to collect fines, fees, and forfeitures that are implemented usually by statute, or by sometimes by the court rules themselves. But what we see is a tremendous economic cost and social injustice that’s done. So just imagine you’re a single mother who’s been evicted from your apartment or your home. And you in order, you get a summons from the sheriff saying you must appear or you’re going to get a default judgment entered against you. But first, you have to file an appearance and pay a fee. It’s going to be $250 to defend yourself. And if you don’t, you’re going to get defaulted. And this is a crushing burden, you know, single mother, and it can affect that anybody who’s battling an addiction, be it child custody, it could be dealing with a divorce, it could be dealing with any number of things. We need to stop placing a crushing burden on the users of the court systems and make up a system that’s available to everyone.
LN: But who decides what that fee is?
JM: that with that state legislator, and that’s the Supreme Court, and the county board. some of those fees go there too. We have to stop squeezing court users to pay these fees and start paying for it in other ways. But in any event, I have been a supporter of for instance, when people get fines if you have a fine, you know, you would support and post fine and some people can’t pay it and it becomes this burden and you get trapped and sometimes you get imprisoned. Because you can’t pay these fines that you’ve been ordered to by the court. One of the things that we that I worked on in Springfield and we need to expand is allowing people to get credit for community service so that they have if they can’t afford to pay the fines, they have a way that they can provide community service and reduce that fine over time. We have to come up we have to be better about how we handle these things. We know, we have to stop taking away people’s drivers licenses, because they can’t pay their fines because that puts them in a cycle of debt that they can never get out of, because all of a sudden, they can’t drive themselves to work, they lose their jobs.
LN: They can’t get a new job,
JM: they can’t get a new job. Exactly. So we need to ease the burden there. I will continue to work with the folks in Springfield, with the folks in Cook County government, and with the courts. I’ve got very good relations there, And I will work to make sure that social justice is being achieved, and that we’re not putting people in a vicious downward spiral of debt.
LN: So some of the efficiencies you talked about earlier about making the court more efficient. Some of those efficiencies might help to pay for some of this relief on some of the oppressed people that are really being trapped in a cycle.
JM: Absolutely. Absolutely. Absolutely. And that’s the goal is to make sure that our courts are accessible to everyone, that we’re doing justice, and that we’re achieving social justice. We’re not just trapping People in a court system and in burdensome debt.
Don’t fail to prepare for a data breach! Check out what experts Lee Neubecker and Kari Rollins say are the three strategies to prepare for a data breach.
In the famous words of Benjamin Franklin “By failing to prepare, you are preparing to fail.” Forensic Expert Lee Neubecker and Kari Rollins with Sheppard Mullin agree with our Founding Father and warn that a data breach is inevitable, don’t fail to be prepared!
In her practice, Kari focuses on data privacy, data security and data breach preparedness. Together, they discuss two basic strategies to help you prepare for a data breach; understanding what data you have, where that data resides. Check out our video with transcripts to learn more on how to prepare for a data breach.
Part 2 of our 3-Part Series on Data Breach
The Video Transcripts of How to Prepare for a Data Breach Follows
Lee Neubecker: Hi, I’m back on the show again with Kari Rollins. Thanks for coming back again.
Kari Rollins: Thank you.
LN: We’re continuing our discussion about the Sedona Conference Data Incident Response Guide and some of the best practices of how to prepare for the inevitable data breach and what you should be doing beforehand. So Kari, can you tell me what some of the things are that you advise your clients to do in anticipation of a potential issue?
KR: Sure, and I think planning, in our view, is just as important as the actual response itself and how you investigate. And in the Sedona Response Guide, we’ve pulled together some suggestions for sort of two elements of planning. One is the more technical, understanding what data you have, where that data resides, what your network systems are so that when you do have an incident, and you have to understand what information may have been impacted, to understand whether you have a legal obligation to notify, you have a better understanding and a better map of what those systems are and the information they hold. And a lot of times, using not just counsel and conducting that analysis, but using third party forensic firms to come in and help with that data mapping process is a really important step in getting prepared to understand where are all of the jewels of the company lying within the systems to know what the type of critical impact could be if one of those systems is hit.
LN: And some of the problems I’ve seen is, oftentimes the documents that are distributed and given to legally become outdated, so this is something really that organizations should be periodically updating their network data map and actually using either consultants or tools to help them map out what devices exist on their network.
KR: Right, exactly. And to that point, too, understanding what contracts with those vendors control here. Especially in the event, you have an incident that impacts the system that is managed by a vendor, do you know what information is being controlled by that vendor, and how you all are going to liaise when that incident occurs, who’s going to take control, what the contractual obligations are? Because vendor management is a hot-button issue these days. The FCC itself just came down with a number of guidelines and best practices for vendor management, so being prepared in that sense, knowing where your data is, who your vendors are, who controls it is really important.
LN: Exactly, and I can’t stress enough, it’s important, too, that companies have offline backups of their data because if you have a storage mass go down suddenly, if your company doesn’t have offline documents that describe what the drive geometry for that raid array is, the ability to recover the data becomes compromised and if a hacker gets in and takes out a storage network and the documentation for how to rebuild that storage network is on that drive, that could cause a real problem.
LN: Do you see that this guide is applicable to companies that are concerned about cryptolocker type malware as well?
KR: Sure, I think this Incident Response Guide can help guide companies through any type of incident, whether it’s a ransomware attack, where their information is being withheld from them, whether for ransom or for other purposes, it could just be useful in investigating the so often seen phishing attacks that seek to attack the email accounts of employees and then further perpetrate other credential harvesting schemes. So it’s useful in the sense that it helps companies prepare for any of those types of attacks. And it does so by helping them with the data mapping, giving them some guidelines on that front. And then also helping them to craft an incident response plan, which I think it’s just as you were talking about, being prepared here with an incident response plan is also the other critical component of preparation and it’s not a one-size-fits-all for the companies. You can’t just, there aren’t these stock-standard off-the-shelf policies that you can then apply because each company has different data systems, and different requirements, and different teams. But this guide provides you with resources and guideposts for how you build that plan that makes sense in the context of your company.
LN: Exactly, and depending on where the company operates, if they operate in Illinois, they might be subject to BIPA, the Illinois Biometric Information Protection Act, which has a whole host of unique requirements. So in our next segment, we’ll be talking more about what should be done after a data incident arises. Just because it’s an incident, does not mean it’s a data breach, but there are certain things you want to do, like have your team in place beforehand. But before we leave, what are your recommendations and what does Sedona say about forming a team to be able to respond in advance of an incident?
KR: I think that is probably one of the most critical elements of an incident response plan is really just knowing who your team is going to be. Who are the individuals that you are going to call when an incident occurs and building that team, it’s important to have the right buy-in? Legal, of course, is extremely important because you want to be able to conduct the investigation under privilege, and in a fashion that gets the facts to your legal counsel in a timely and expedient manner so that you can understand the point at which you have information that suggests you’ve had a breach as defined by law. Because the point at which you learn you’ve had a breach is defined by law as to when your clock starts ticking for notification and that’s in some jurisdictions, that’s a really tight turnaround. So in the incident response plan, in the Sedona Conference Instant Response Guide, we talk about having that team. Having the information security teams, knowing who your third-party experts are going to be if you need third party support to come in and investigate, knowing who your crisis management team from a PR perspective would be. So having all of those individuals listed, with the contact information in the back of your plan so you know who to call, sort of the Ghostbusters, but the privacy busters of an incident, who are you going to call when you get an incident. So I think that’s most important because having the right people mobilized is going to save you time in the end.
LN: It’s important, too, that especially with your forensic experts, you want to make sure you’re working with experienced people that understand the sensitivity around email because as you investigate incidents, your initial impression of what happened or what is going on might change as you learn new information, so it’s important not to begin with the word data breach when you don’t know if it’s a true data breach. Because sometimes, an organization has a security incident but there’s no proof that any data actually exfiltrated or that it was used in any way, so that’s part of at least during that response that we’ll talk about next, those are part of the issues that need to be investigated, but being sensitive to that and making sure that privilege is in place and communications is definitely important.
KR: Yeah, exactly.
LN: Well, thanks and tune in to our next segment where we talk about what to do after the inevitable data breach.
View Part 1 of our 3-Part Series on Data Breach
Related Articles on How to Prepare for a Data Breach
Prepare for a Data Breach, Secure Your Supply Chain
Learn More About How to Prepare for a Data Breach. Check out Kari Rollins
What are some of the potential problems for an organization trying to secure Windows 7? Cyber Security Experts Lee Neubecker and Atahan Bozdag say it’s analogous to owning a home and not maintaining it, eventually something breaks and it’ll cost you a fortune to fix!
Securing Windows 7 Environments
On January 14, 2020, Microsoft announced support for Windows 7 has ended. As reported by Microsoft, “Technical assistance and software updates from Windows Update that help protect your PC are no longer available for the product. Microsoft strongly recommends that you move to Windows 10 to avoid a situation where you need service or support that is no longer available.” It’s official…it’s the end of Windows 7! We have to end our love affair with Windows 7 and move onto Windows 10. What does that mean for the end-user? Well, if you stay on Windows 7, you will deal with constant security threats, and there will be no more updates or support. If you upgrade it’ll cost you approximately $139 for a home computer, $199 for a small to large business and $309 to upgrade a workstation that needs a faster powerful operating system.
Cyber Security & Computer Forensic Expert Lee Neubecker and “Fellow Forensicator” Atahan Bodzdag break down what impact is imposed on cyber security when computers no longer receive service patch updates or support for Windows 7. They discuss the usage of Windows 7 by the Health Care organizations that are resistant to change or have application that have not been ported to work with Windows 10.
Atahan Bodzdag provides an overview of top three items that all organizations dependent on Windows 7 should be undertaking to maintain cyber security resilience.
Window 7 Security Vulnerabilities
The Video Transcript Follows
Lee Neubecker: Hi, I’m here today with Adahan Bozdag. Thank you for being on the show Adahan.
Atahan Bozdag: Thank you for inviting me, Lee.
LN: Atahan is a fellow forensicator and cybersecurity expert. He works within the healthcare sector and works internally to an organization, doing some of the things I do as an expert witness outside an organization. And today we’re going to be talking about Windows 7, the end of the life cycle of Windows 7, and some of the cybersecurity issues relating to organizations that are in Windows 7 and are trying to prevent future data breaches. So, Adahan, could you tell everyone a little bit about what Microsoft did recently as it relates to Windows 7?
AB: Well, as you said, Windows 7 end of life cycle happened. It’s was January 14, 2020. They stop patching Windows 7 environment, so it is vulnerable to any attack after the date. January 14, 2020.
LN: So then when people report their CVEs, detailing vulnerabilities on Windows 7, eventually they’re up there for the hacker world to see. and to exploit because Microsoft’s not patching that operating system.
AB: Very true. It’s a dream come true for the hackers.
LN: Yeah, well, no more data patches means what exactly?
AB: It means that you are more vulnerable to attacks.
LN: So every day the risk of cyber compromise only grows for organizations still on Windows 7.
AB: Very true.
LN: So, what is for the non-technical person out there, could you explain what this is analogous to?
AB: Well, I can give you the house analogy. You buy a house and you don’t do any upgrades. You don’t do any maintenance. Something is going to break. So this is what’s going to happen with Windows 7. Because there’s no more patch, there are no more updates, there’s no more security involved in it. At one point if you still continue using it, you will get breached.
LN: So, it’s kind of like your locks start to fall off the door at a particular time
AB: Exactly, exactly.
LN: And if you consider the contents of a health care provider, to have sensitive data like patient medical records, electronic medical records, protected health care information, or PII, all of that stuff is vulnerable to exfiltration?
AB: Yes, very, yes.
LN: So, why are people still using Windows 7, given this threat?
AB: Well, some applications are not upgraded to work with Windows 10, and what happens. So then a lot of people working in the corporate environment are resistant to change because the applications are not working with Windows 10. So those,
LN: Or they just like the cleanness of Windows 7, relative to Windows 10, which
LN: It has a lot of bloatware loaded on it if you’re getting the version off the shelf.
AB: True, true.
LN: Who really needs to have all these games on their environment?
AB: Exactly. But at the same time, every healthcare company that, you know, even my company that I’m working for, we have a golden image that we create, which are stripped down from all those games and stuff like that. So we don’t use those. But, to get there, there is always an image needs to be updated in Windows 10.
LN: So what are some of the potential problems for the organization that stays on Windows 7 and just doesn’t get with the program to migrate off?
AB: Well, first thing is, APT.
LN: What’s an APT?
AB: APT is an Advanced Persistent Threat.
LN: That’s like that nation-state, Big Brother lurking on the chips of the computer device, waiting for a moment to attack, right?
AB: They can infiltrate you. They can do nothing, just sit and wait, and look at your data. And we have seen that in many breaches. The time that you found out that the company was breached, they’ve been in the system for more than six, seven months. So they were collecting data slowly by slowly, and at one point they turned the engine on, and then the doomsday attack starts. Suddenly you start losing data. Deletion happens and then, they grab everything out from your system.
LN: “So there’ ve been a lot of nation-states making threats.
AB: Oh, very much so.
LN: This could be a huge opportunity for certain nation-states to get themselves onto hackable systems and merely wait until the opportune time to strike is such that they could magnify the damage.
LN: We have a power outage,
LN: And they were to strike at that time, that would probably magnify the damage significantly.
AB: Very, very much. And now you’ve been talking about those in your other videos about these kinds of things. The cyber realm is another way of attacking our national interests. Health care is one of them.
LN: So let’s assume that an APT gets into a health care environment, health care provider’s systems, and they’re able to access electronic medical records, EMR, patient health care information, what might they want to do with that information?
AB: Well, patient records, especially the names, social security numbers, medical records, everything is sellable in the Darkweb.
LN: And it’s worth a lot more than just giving social security numbers.
AB: It is. True. It’s like a single record may go for $35. If you got about 10,000 records, 10,000 records times about $35.
LN: It’s likewise though, that data exfiltrates, and it gets out there in the market, the health care providers are looking at potentially significant financial damages, as well as reputational damage.
AB: Yes, yes. Because when these things happen, suddenly you have to report this either to the government or to the media. And then afterward the penalties will come. And investigations cost a lot of money. Penalties are really severe And doing all of these things, and if you’re still in the Windows 7 environment you’re actually opening yourself to these kinds of attacks.
LN: Yeah so, when these data incidents happen, as you like to call them, what do you see the role of internal IT investigations versus an outside computer forensic firm like myself specializes in data breaches and EMR. What is the typical role and function of the internal versus the outside expert witness?
AB: Internal it’s you know like myself, we do the investigation internally but we would love to hire, I mean we would like to hire an outside investigation, to give unbiased information. Saying that if you go to the legal ways that you will be able to say that hey, I’m not involved with this company I’m doing this…
LN: Sometimes, there’s benefit to having an outside forensic expert that’s independent speak only to the issues that are relevant and not necessarily have a knowledge of who was in IT that got fired or any of that other stuff that isn’t really relevant to the investigation but could create risk for the health care provider.
AB: True. True.
LN: So with regard to reporting obligations, let’s say you find that there was indeed exfiltration of patient data and that information left the organization, what are the reporting obligations?
AB: Well the best way that I can tell right now is if you were at the hhs.gov or consult your attorney it will actually tell you especially the website, will tell you what are the reporting obligations. There are multiple levels. If I go into details over here, it’s not going to last.
LN: Got it. And so, we talked about exfiltration but what can happen if someone gets in and actually deletes patient medical records?
AB: Well, the first thing is in hospital systems that patient who’s going to be either going into surgery or something like that, they will not be able to get, pull out the data.
LN: And so people who have a need for critical life-saving care, might actually die.
LN: Or worse yet, if someone were to alter the medical records
AB: That is a threat
LN: And say instead of your left lung having cancer it’s your right lung and you get the wrong lung removed, that’s a real problem
AB: It’s a big problem.
LN: So if you have to say, wrap it up what would be the top three recommendations you make to health care organizations to help defend against the potential future data breach that’s from running Windows 7?
Top 3 Measures to Defend Windows 7
First is implementing operate plan to leave Windows 7, immediately. That’s a given fact.
Second, isolate Windows 7 legacy into VDIs which we call the Virtual Desktop Environments. Isolate them from the network.
And the third, make sure that your disaster recovery is in place and you do periodic tabletop exercises.
LN: Well thanks so much, that was really informative. I appreciate you coming on the show.
Most voters think the Clerk of the Circuit Court of Cook County’s office is ground zero of what’s wrong ethically in Cook County government. Candidate Jacob Meister vows to clean up the office and deliver much needed ethical reform.
Enigma Forensics President & CEO Lee Neubecker interviews Jacob Meister, who is running for the office of Cook County Clerk of the Circuit Court. Lee is interested to learn more about what Jacob Meister plans to do in his first 90 days in office.
View Part 2 of our 4-Part Series on Jacob Meister, Candidate for Cook County Clerk of the Circuit Court
The Video Transcript follows
Lee Neubecker: Hi, I have Jacob Meister, who’s running for Cook County Clerk of the Court. He’s back on my show today. Jacob, thanks for coming back on.
Jacob Meister: Thank you for having me.
LN: So, as a candidate for Cook County Clerk of the Court, which is one of the largest court systems in the U.S., what do you see as your top priority in your first 90 days in terms of fixing a big problem that needs to be addressed?
JM: Well, the Clerk of the Circuit Court of Cook County’s office is ground zero of what’s wrong ethically in Cook County government, you know? The voters in recent years have elected a new Cook County Assessor, Fritz Kaegi, a new mayor, Lori Lightfoot, and have made clear that they demand ethical reform, in government, and the Clerk of the Circuit Court is ground zero of what needs to be fixed. This is an office that for decades and decades has been plagued with political patronage, political workers getting jobs at the public expense in order to do political work. We have to stop that, and in my first months in office, I want to make sure that we are cleaning up the office to make sure that we are delivering taxpayers value for their money and that employees are dedicated first, foremost and exclusively to serving the public interest in the clerk’s office. We cannot get over the operational problems that this office has until we first clean up the ethical issues. So, I want to make sure that the patronage in the office comes to an end. That we comply, there’s currently a federal decree, it’s called the Shakman Decree, that the office is under that requires patronage to hiring, to not be done by patronage. I want to make sure that people are promoted from within, not given these political jobs where employees are beholden to the party machine.
LN: Great, well, thanks for being on the show, Jacob.
More and more employers are using biometrics. Biometric information and is covered by the Illinois Biometric Information Protection Act or BIPA. Forensic expert Lee Neubecker and Vedder Price Shareholder David Rownd talk about the steps employers need to take so they don’t violate BIPA.
Employers Using Biometrics
What should employers do before collecting biometric information? Biometrics is on the cutting edge of technology and more and more employers are using biometrics in the workplace. Employers use biometrics to activate machinery or computer devices, to track employee time and attendance, and can be used to gain access to specific secured environments. The most common example of employer use of a biometric recognition system is the fingerprint.
Expert Lee Neubecker and Vedder Price Shareholder David Rownd discuss the necessary steps that all employers should do before installing biometrics.
Part 3 of our 3-Part Series on Biometric Data
The Video Transcript Follows.
Lee Neubecker (LN): Hi, I’m here again with David Rownd. David, thanks for being back on the show.
David Rownd (DR): Oh, thanks for having me again.
LN: So we are continuing our series talking about BIPA, the Illinois Biometric Information Protection Act. And what employers should do, especially those New York employers that have satellite offices in Chicago that track their employees and whatnot and how they should, things they might want to do beforehand so that they don’t get into trouble. With that David, what are some of the concerns and responsibilities employers have under BIPA?
DR: Well, first of all, they have an obligation to notify employees that they are using biometric information. And they have to tell them why they are using biometric information. They have to safeguard the information. They have to have policies in place to safeguard the information. And they are absolutely prohibited from selling the information to third parties.
LN: That would mean if they are using time tracking software they might want to check to see what adaptations those software companies have in terms of how they protect employees’ fingerprints and whatnot.
LN: And is it a good idea for the employer to actually get the employee to sign a consent form?
DR: Absolutely. In fact, they are required to obtain consent
DR: before doing this. And this is an important consideration for employers and it should be something that is well thought out and a program put into place that complies with the law before embarking on the use of biometric information.
LN: So employers if you have a trading firm here in New York that has a satellite trading, possibly an option firm, options are big in Chicago. What would you advise them to do just to do a check-up to make sure they are OK?
DR: Well, if you are going to be using your employee’s biometric information in Illinois it would be covered by BIPA. And you need to make sure you are in compliance with the law. And I think it makes sense for your in-house legal team or whatever counsel you rely on to go over what you planned to do and ensure that what you are going to be doing is in compliance with the law.
LN: So I think the intent though of a lot of these tracking features of time tracking software really is to try to protect employees from punching in for, you know, their friend that is running late. But there are other ways that employers can still do that without relying on fingerprints or retina scans.
DR: There are other ways. Smartphones can be used and they can be used without taking any biometric information. And there are other ways of doing it as well. But if you are going to be using biometric information, you certainly should make sure that you are in compliance with BIPA because it’s been a very active, very buried in litigation. There’s been a lot of class actions lately and a lot of companies have had some issues. Most employers would be well advised to make sure they don’t run afoul of the law.
LN: So why are we suddenly hearing so much about BIPA in Illinois? What happened last year that changed things?
DR: Well, there was an Illinois Supreme Court case that really kind of open the floodgates for plaintiffs to be able to sue. Normally in order to bring a lawsuit, you have to be able to show that you suffered some specific harm which is referred to in the law as damages, and that is an element of most civil causes of action. However, under the way, BIPA is written an aggrieved party can bring a private right of action under BIPA. And there’s the Illinois Supreme Court, a case called Rosenbach, last year, basically held that the mere violation of the law with the respect to someone’s biometric information makes that person an aggrieved party. So, the fact that your biometric information has come out of compliance in a program means you’d have the standing to bring a lawsuit. And more importantly, that you could potentially be the lead plaintiff in a class-action lawsuit which ups the ante significantly for employers and exposes them to much more significant liability.
LN: So this could expose any employer using time tracking that has a biometric component in Illinois?
DR: Potentially, yes.
LN: Now are there things that can help protect those employers though from getting in the crosshairs if they are using that software?
DR: Well, I mean, ensuring that you’re in compliance with the law, certainly. Which means making sure you’re getting consent. Making sure that the concent is informed consent and the consent is in full compliance with the requirements of BIPA. Not doing anything that BIPA prohibits such as selling the information to third parties. It sounds pretty obvious but it’s something that’s important to make sure you’re in compliance with the law.
LN: Now there was a case in Illinois involving, it was an athletic gym that had customer information and some of that information was alleged to have gone to outside parties. And I think that case settled, but it certainly not only employers could fall into the snare of BIPA, but consumers as well, people who do business with companies that choose to take their biometric data.
LN: Like possibly even Google and Facebook.
DR: Potentially, yes.
LN: Well, thanks a bunch. In our next segment, we’ll talk a little bit more about what is happening nationally with BIPA. And thanks again for being on the show.
DR: Thanks for having me.
View Part 1 of our 3-Part Series on Biometric Information
View Part 2 of our 3-Part Series on Biometric Information
ZyLAB is a global company that can help an organization who has to deal with various regulatory authorities spanning the globe. They are dual-headquartered in both Washington, D.C. as well as Amsterdam in the Netherlands. If your dealing with GDPR in the EU or CCPA in the US ZyLAB is equipped to provide service. In this video blog Lee Neubecker and ZyLAB’s Jeffrey Wolff discuss what differentiates them from their competitors.
Cyber Forensic Expert Lee Neubecker and ZyLAB’s eDiscovery Director Jeffrey Wolff discusses how ZyLAB Artificial Intelligence (AI) solutions can help your company. ZyLAB is an eDiscovery provider that works with government entities, corporations and law firms to provide data solutions. ZyLAB assists in extracting value from data, and not just metadata, but also document review that is about looking for entity information. ZyLAB is able to search for key people, places, and organizations that are mentioned in documents and/or emails, and quickly drill down to what is going on in your organization.
Watch this important final part of our 3-Part Series on Artificial Intelligence Solutions and eDiscovery. You will learn about what ZyLAB offers that will help your company with document review and ultimately save time and money.
Part 3 of our 3-Part Series Artificial Intelligence (AI) solutions and eDiscovery
The Video Transcript Follows.
Lee Neubecker (LN): Hi, I have Jeff Wolff, back on the show from ZyLAB. Jeff, thanks for coming back on.
Jeff Wolff (JW): Thank you.
LN: He’s their Director of eDiscovery, and I wanted to ask him some questions as it related to what differentiates ZyLAB from other products out on the market. Some of my clients may want to use this type of artificial intelligence program to help get through their review and see what the results are of using AI versus the traditional e-discovery review process, so.
LN: Jeff, could you tell us what sets ZyLAB apart from other competitors in the marketplace.
JW: Sure, sure, so first, I think ZyLAB is uniquely positioned in the fact we understand the corporate space quite well, as well as the law firm space, but we got our start in the corporate world, or in information governance. So we are very vested in search and data science, and that’s really where we’ve put a lot of our focus. We have both on-premise solutions, as well as cloud-based, SaaS solutions like every other next-gen provider. But we really push our interface, our user interface and our user experience, as one of the most unique selling points. And that is, that it is not difficult to start using. Anyone, any legal professional can pick up our product in an hour, from start to finish, and understand really how you utilize it. Drag and drop interfaces for getting data into the system, and immediate color-coding and tagging, easy search, and the ability to really visualize your data and understand what’s in the dataset.
LN: Okay. So, what would you say for a company that has to deal with multiple jurisdictions, they’re in Europe, they’re in the US.
LN: There are some unique challenges posed by all the various regulations out there, like GDPR.
LN: Maybe the have operations in China. How could you help a company that has to deal with various regulatory authorities spanning the globe?
JW: Sure, and that’s another advantage that ZyLAB has, actually, we’re actually a global company, so we’re dual-headquartered in Washington, D.C., here in the US, as well as Amsterdam in the Netherlands, in the EU. And as a result, we have cloud operations in both jurisdictions. So our global customers can actually keep US data in the US, and they can keep European Union in the EU, and not worry about that issue. But we also have the expertise, consulting expertise, in both environments, both geographic locations. For example, I’m doing a lot of work now with corporations, not so much focused on directly just on e-discovery, because e-discovery is a bit reactive, you know? Or corporations go through peaks and valleys with e-discovery, the litigation, something they have it, sometimes they don’t. What they constantly have though, are internal investigations, regulatory responses, in the highly regulated corporations. And more and more now, data privacy concerns. So, my European colleagues have been dealing with GDPR for a while, we’re now starting to feel it here in the US, with CCPA, the California Consumer Privacy Act. And there are a number of states on the horizon that are going to California’s examples, so corporations need to be able to find, and classify all the data that they have in their organization that has customer information because if those customers request it and they can’t provide it, they’re financially in a lot of trouble.
LN: Do you think that the regulations coming down on companies are going to fundamentally change how companies chose to communicate with their vendors, suppliers, and own employees?
JW: Absolutely. If you look at all the recent data breach situations, it’s typically not the organization that has the problem, and I won’t mention any of the large companies that have recently had data breaches, but it’s typically not the original company that had the issue, it’s one of their suppliers, or one of their vendors that had accesses to the database, and wasn’t protecting it properly, and that’s how the trouble began.
JW: Same thing with data privacy.
LN: The supply chain certainly is a huge point of vulnerability for all types of organizations. The governments, the military.
LN: and even corporations.
LN: So what do you see happening over the next few years with the adoption of AI platforms?
JW: I think the e-discovery market is going to fundamentally change. There’s still always going to be a need for discovery within corporations and law firms, but what you do you with the data is going to become much more important, so it’s going to be about how you can extract value from the data, not just metadata, which we’ve always been able to do for years now, but now more about looking for entity information. People, place, organizations that are mentioned in documents and emails, and collaborative environments, and being able to visualize those, and quickly drill down to what was going on in your organization. You know, if you got people that are going to the dentist three times a week, they’re not doing to the dentist, they’re doing something else, They’re just writing about going to the dentist.
JW: Software like ours that can identify those references in documents are going to be crucial to the success of organizations.
LN: That’s great. So it seems that there’s continued e-discovery service provider consolidation out there.
LN: The companies that are using tools that are more of a channel partner tool to resell.
LN: But as those companies consolidate, do you think that there’s going to be a movement away from those providers where, the company, the firms, directly do their own e-discovery?
JW: Oh, yes. Yeah, very much so. We’ve been seeing that over the last few years. A lot of companies, even small companies that tend to have, in the past, just used outside vendors for e-discovery, are now deciding that they prefer to control, not just the cost, but also their data. They don’t want their data outside of the organization for reasons we’ve already talked about. So they’re purchasing in-house tools that they can use themselves, and then they can invite outside counsel in to make use of, that way they control their costs, they control the efficiency, and they control the data.
LN: Well, this has been great. Thanks a bunch for being on the show.
JW: Thank you again.
LN: Take care.
Part 1 of our 3-Part Series on Artificial Intelligence
Part 2 of our 3-Part Series on Artificial Intelligence
What is a FIPS 140-2 and how does it play a role in medical devices? Are medical devices manufactured with security in mind? Experts Lee Neubecker and Keith Handler discuss medical device security.
What measures are in place to help protect medical devices from cyber compromise? President & CEO of Enigma Forensics, Lee Neubecker gained insight into the latest and greatest preventative measures being developed for medical devices. Lee sat down with the top engineer for Sterling Medical Devices, Keith Handler and explored technical measures applied to the manufacturing process of medical devices. Check out this video to learn all about the tech measures. You will be so much smarter if you do!
Part 3 of our 3-Part Series on Medical Devices
The video transcript of Preventative Measures: Medical Devices follows.
Lee Neubecker: Hi, I’m back on the show again with Keith Handler from Sterling Medical Devices. Keith, thanks for coming back.
Keith Handler: Hi Lee, thanks for having me.
LN: So in our 3rd segment on medical device security, we’re going to talk a little bit more about some of the hardware elements, how the software gets loaded onto medical devices and what things are in place to help protect medical devices from cyber compromises. So first, Keith, can we start off with telling everyone what FIPS 140-2 is and how that plays a role?
KH: Yeah, absolutely. FIPS is the Federal Information Processing Standard, 140-2 is the specific certification for encryption libraries. That certification means that those encryption libraries are proven to be usable and certified to be usable for federal systems and medical systems.
LN: Most hospitals require FIPS 140-2 for immediate devices if you’re transferring PHI, Patient Health Information. If you’re transferring that information to external storage, they want to make sure you’re using secure storage that meets federal information processing standards.
LN: So when you’re evaluating a device for security, what are some of the things that you do to help ensure that the firmware that’s stored on the chips is secure and safe?
KH: Well, an embedded device it’s a challenge, of course, you have limited space, limited capabilities typically, especially on lower power devices. If you’ve got the space and the ability, we can use hardware encryption chips, hard-circuits, those are usually the most reliable and the most performant. If not, there’s plenty of embedded libraries out there that are FIPS 140-2 certified. The main thing being that we never roll our own as far as encryption libs go, we use federally certified ones to ensure that we’re up to the current standards and encryption strength.
LN: Those standards change over time.
KH: Correct, yes.
LN: At one point and time, SHA-1 encryption used to be considered perfectly fine, but now with quantum computing, there’s been a rush to ditch SHA-1 and require SHA-2 as encryption library to help secure things.
KH: Yes, this brings up an important point actually. How do we keep things secure moving forward when new vulnerabilities are found, new attacks are found, libraries are cracked.
LN: Yeah so, what do hospitals and other healthcare providers need to be doing to ensure their devices stay secure once deployed?
KH: Well, hospital healthcare providers need to be making sure that they are up-to-date with the manufacture of all of their devices, that they are keeping apprised of any kind of recalls or anything like that. Manufacturers, the people that we typically deal with, product developers, their responsibility is to maintain a bill-of-materials, a cyber bill-of-materials; their libraries, their encryption circuits, make sure that they’re tracking the versions and things like that so that when a company has a vulnerability exposed, they can become aware and make updates and push them, software especially, as fast as possible.
LN: All right, so if an organization or a healthcare entity were to become compromised, have you been involved with supporting the client that underwent a cyber compromise?
KH: I have not, we’re usually in the earlier stages of developing the products prior to that occurring, and our products hopefully never get compromised.
LN: So I’d imagine though that if there’s a concern about the security of certain medical devices, that there’s a need to actually dump the firmware. Firmware is software stored on an embedded chip. But the firmware will persist after power-down, reboot to whatnot, but there is an ability to go and extract the firmware of the chip with the correct tools, such as a Bus Pirate, or other devices. And then what would you do to examine, if you had access to the firmware on a chip, how would you go about ensuring that that’s authentic?
KH: Well the first thing is if we’re going to push out firmware, things like that, you need to make sure that the device can know that it’s authentic. And we do things again, like digital signing, signature verification encrypting of that firmware package. That way we have a verification process in place to ensure that what we’ve got coming down is good.
LN: So that’s known as a hash.
KH: That’s part of it yes.
LN: So the hash value is the unique encrypted thumbprint generated by a hash algorithm and those hash values can be used to compare against the manufactures release version and what’s on the chip to determine, are they running the most recent up-to-date firmware, or are they running a older version or are the running something that’s rogue that is not known by the manufacturer.
KH: And that’s the real key, to make sure that what we’re running is what we expect it to be and not something that has been tampered with.
LN: How often are hospitals and IT staff actually auditing and checking their firmware?
KH: You know I’m not clear on that, but I would say almost certainly not enough.
LN: Yeah, so that’s one of the things that I know you’ve said earlier, that it’s important that all these entities using the devices, once they’re certified and deployed, there’s still a responsibility on the healthcare delivery organizations to make sure that they’re patching and updating those devices so that they keep the standards.
KH: Ideally. Nowadays, a lot more devices are connected, communicating out with central servers, and that gives them the advantage of being able to receive security updates, so it takes that middleman out, essentially, but that also opens up additional potential security holes that have to be considered and protected against.
LN: Yeah, and anything that comes to mind that you’re concerned about in regard to new threat factors?
KH: Well, you know, again, if I’m distributing firmware by handing it to you on a USB stick, you can be pretty certain that what I’m giving you is likely to be good. If I’m telling you download it from this site, you don’t know. For all you know, it could get tampered with in transit. So it raises a lot of additional risks.
LN: Do you think that there’s something to be said for going back to the old updates on CD, read-only media?
KH: Well, you know, information is what it is, and things mover faster nowadays, so I don’t know that it makes sense to move backward, it just means that we have to have more modern methods of protection.
LN: But thanks a bunch for being on this show. This is great stuff.
KH: You’re very welcome, and thanks for having me.
LN: It’s my pleasure.
View Part 1 of our 3-Part Series on Medical Devices
Artificial Intelligence (AI) is the fastest-growing eDiscovery solution in the Legal Industry. Just like in Henry Ford’s day, it’s the keen cutting edge shaving away costs by reducing time spent from evidence to production. Use AI and don’t land in the pitfall.
“Competition is the keen cutting edge of business, always shaving away at costs”…Henry Ford
Is there a pitfall if you use AI? Computer Forensic Experts Lee Neubecker interviews Chief Innovation Office with DISCO, Cat Casey both agree the largest pitfall in AI is NOT embracing AI! Artificial Intelligence (AI) is the fastest-growing eDiscovery solution in the Legal Industry. Just like in Henry Ford’s day, it’s the keen cutting edge shaving away costs by reducing time spent from evidence to production.
Cat explains DISCO was born out of the firm’s frustration with conventional eDiscovery tools that were slow and difficult for lawyers to use. Instead of being forced to adapt our work methods to technology, we wanted to invent technology that works the way lawyers work. DISCO was the result, and today we are the fastest-growing eDiscovery solution in North America. Both experts agree implementing AI will help companies gain a competitive edge. Watch this video to hear examples of how AI helps sharpen that edge!
Final Part of our 3-Part Series in Artificial Intelligence: Pitfalls in AI
The Video Transcript Pitfalls in AI Follows.
Lee Neubecker (LN): Hi and welcome back again Cat. Thanks for being on the show again.
Cat Casey (CC): My pleasure.
LN: Cat Casey from CS Disco. She’s a Chief Product Innovation Officer. Did I say that right?
CC: Chief Innovation Officer.
CC: Products too, though. It’s fine.
LN: They call her chief.
CC: They should.
LN: So we’re going to talk now, in this last part of our series on artificial intelligence, about some of the challenges of organizations that don’t adapt and don’t get on board. So, what do you see the potential risks and pitfalls for law firms that don’t begin to embrace so sort the form of a technology-assisted review or artificial intelligence to help speed up the review process?
CC: Well, at a very basic level, clients are getting smarter. We’ve got CLOC https://cloc.org/, we’ve got clients talking to each other more, and they’ve raised their expectations of how their firms are going to be competitive. And it used to be if you were big law firm A you would always have this corporate client for every anti-trust case they would always go to you. But now I was getting dozens of RFPs where they’re asking me what technology are you using? How are you driving innovation? How are you driving efficiency? Because there is a higher expectation of competition between outside counsel. That, maybe, wasn’t there a few years ago. And so, the client expectation is driving this appetite to investigate eDiscovery and Artificial Innovation (AI) based innovation in a way that wasn’t here a few years ago.
LN: Has there been any industry research that has attempted to benchmark the cost of a case using an AI platform to speed up review versus not, to your knowledge?
CC: You know. I can speak from Disco, and we see about a 60% reduction in time to evidence to production. And that translated to dollars. And so, I mean, 60% savings on the 80% of a case that is reviewed is substantial. The thing that I think is most important is cost-savings big, but getting evidence quicker.
LN: Yeah. Time is of the essence.
CC: That is the thing that is paramount because of a lot of these companies… I worked at a company that had very big budgets, but no amount of money, no amount of people, was going to be enough to get these insights I needed before the meet and confer. Or before I had a critical filing with a government investigator. And so, getting evidence quicker so I can start building my case, was the differentiator.
LN: Yeah, certainly if you’re working for a company facing a DOJ inquiry.
LN: Knowing the good, the bad, the ugly.
LN: As soon as possible can help you make better decisions for your clients. Which might involve, you know, settlement. settling. Yeah, yeah. There have been many recent settlements, recently, from big companies that didn’t want to get tied down at least.
CC: Well I’ve had cases where… One of my favorite ones I used tons of different AI and analytic tools. I had a big bank that had been fined billions of dollars and another big bank was, they had hired on people in that same group, and they were wondering if they would be subject to the same investigation. So, I did some social network analysis. Who was talking to who, with what frequency? I parsed Bloomberg’s chat. I parsed audio logs. And I used everything to keep triangulating down until I was able to identify the bad actors, saying the bad things, and the map of the structured data to show they didn’t do the bad things. And my company wasn’t on the front page of the Wall Street Journal. My company wasn’t fined. So it ends up being very compelling, even early in investigations.
LN: Yeah. Certainly responding quickly is important now. Have you seen any success stories as it relates to companies embroiled with data breach incidences, that have used your platform to help get ahead of what was going on?
CC: 100%. I mean PII, so personally identifiable information, is something that you’re going to have to notify if there is a breach. So if someone, say your Equifax, not that I’m naming them, but say you’re a big company with a lot of personally identifiable or health information. You need to identify it quickly, notify these people in their specific timelines. Tools, like Disco’s, help you use algorithms to find that quickly and act upon it. Otherwise, if you’re looking at 100 million records, there’s no amount of humans that could go through that, in a timely manner, where you’re going to comply with time obligations. And so, it’s majorly impactful.
LN: That certainly is. Well, are there any other things you want to say on the show before we wrap up?
CC: You know, adapt. The reality is no one wants to be the buggy whip maker in a Tesla world. The time to start investigating and vetting and ensuring that the tech you’re looking at isn’t hype is now. Because in a year, or three years, or four years, you might be behind the curve. So, find your resident dork, ask questions, dig into the tech. Now is the time.
LN: And it’s probably worthwhile, you know, without being biased towards Lit Funder, why not take a case try out Disco, try out another offering to see what really works. I mean you had the benefit of…
LN: You were on the other side working for the law firm, shopping for vendors.
CC: I did a 55 vendor RFP. I’ve seen everyone. I’ve looked under every hood. I mean there’s a reason I went to Disco. But there are other tools good out there. I think you want a toolbox with lots of different tools. If you’re a hammer, everything looks like a nail. Let’s be honest, litigation is always bespoke, so you want lots of tools that can help you address it.
LN: Great. Well, thanks again for being on the show.
CC: Yeah, my pleasure.
LN: This was great.
Watch the Entire Series on Artificial Intelligence (AI)
Facebook’s record-breaking $5 billion settlement, proves the FTC takes consumer privacy very seriously. Will Facebook’s settlement spark other class-action lawsuits based on claims of privacy abuse relating to the Biometric Information Privacy Act (BIPA)? Forensic Expert Lee Neubecker and attorney David Rownd from Vedder Price discuss the ramifications of this settlement and dissect what really constitutes biometric data?
Part 2 of our 3 Part Series on BIPA
The Video Transcript Follows.
Lee Neubecker (LN): I am back again with David Rownd, and David’s going to talk a little bit more about BIPA. We’re talking about in the news recently, Facebook just reached a very large settlement related to claims of abuse relating to BIPA. What does this mean with such a large settlement? Is this inviting all the plaintiff attorneys to file more and more class-action lawsuits?
David Rownd (DR): Well, this has been a very active area of the law, and yes, the answer is yes. There’s a lot of class actions going on in this area, and it’s largely as a result of the low threshold to become a plaintiff in that you don’t have to establish specific damages, and the mere fact that the law has been violated can make you an aggrieved party who has the standing to file a lawsuit.
LN: Just so we can be clear, can you give some examples of what constitutes BIPA biometric data and what isn’t?
DR: Well, fingerprints are biometric data, a retina scanner, the veins in your hands can be evaluated as biometric data, and other things as well.
LN: What about the way you walk or the way you talk?
DR: Their voice recognition has been considered to be biometric data. Handwriting is not biometric data.
LN: So, devices like Siri and Alexa, is there a potential they’re going to fall into that?
DR: I think that that is certainly a possibility.
LN: So are we going to have to sign a contract before we use Alexa or Siri to protect, for them to be protected?
DR: I wouldn’t propose to advise Siri and Alexa as to how to conduct their business.
LN: Very good answer.
DR: I think that there is a possibility, certainly.
LN: So what do you think the future holds for BIPA-related lawsuits?
DR: Well, this is certainly an opening for plaintiffs lawyers to go after, and you see this in a variety of different areas where the law creates a low threshold to get in the courthouse door and potentially high exposure for defendants. You have plaintiffs lawyers who are attracted to that and they go after it, and that’s currently what’s happening now with BIPA in Illinois and why there are so many lawsuits filed.
LN: And I think it relates to, the fees are based on each instance of biometric data, so potentially you have multiple videos, multiple pictures, this data is stored, and if you can be aggrieved without the data even getting hacked, it’s a very large potential, which is probably why Facebook settled because what it could be much greater. And they probably weighed their risk and decided it made sense to settle.
DR: I think that’s probably right.
LN: Well, thanks again for being on the show, I really appreciate it.
DR: All right, thanks for having me.
View Part 1 of our 3-Part Series on Biometric Data
Other Related Articles on Biometric Data
FTC’s Press Release on Facebook’s settlement on Biometric Data
You’re looking for the smoking gun and have tens of thousands of documents to review. Experts Lee Neubecker and ZyLAB’s eDiscovery Director, Jeffrey Wolff say Optimize with AI and make your review easier!
Optimize eDiscovery with AI! Lee Neubecker sets out on a quest to find out what’s happening with Artificial Intelligence as it relates to the eDiscovery review process. Lee visits eDiscovery Director, Jeffrey Wolff from ZyLAB and together they examine how new AI algorithms are coded for priority review and can rank documents for relevance, saving countless hours and dollars for the client. Utilizing new AI will optimize your current eDiscovery process.
Part 2 of 3 Part Series on Smarter Solutions eDiscovery
Optimize eDiscovery with AI Video Transcript Follows
Lee Neubecker (LN): Hi, I have Jeff Wolff back on the show again from ZyLAB. Jeff, thanks for coming back.
Jeff Wolff (JW): Thank you.
LN: And today we’re going to talk a little bit more about trends in Artificial Intelligence as it relates to eDiscovery and the review process that comes along with that. Jeff, what do you see happening right now with Artificial Intelligence as it relates to the eDiscovery review process?
JW: So what we’ve noticed over time is that, traditionally, Artificial Intelligence was always deemed to be only valid in cases where you had hundreds of thousands or millions of documents. And one of the changes that have happened over the last few years is that the Artificial Intelligence models have gotten so much better than you can now use them for much smaller data sets, and so we evangelize the use of Artificial Intelligence in smaller data sets, even, a thousand documents, you’re going to get a better review, more efficient, and more correct, faster, with AI than you would with a team of reviewers.
LN: So if you have a project and you’re using your platform, let’s say there are a million pages of documents that need to be reviewed. You put a review team on starting that process, and they start categorizing and coding, as they get through the first ten thousand documents, what is your software doing to help make this process more efficient and effective for them?
JW: Sure, so if you’re using traditional, what we call supervised machine learning, that used to be referred to as predictive coding, what our software allows you to do is train a small training batch, so a small sample of the documents, and code them for responsiveness, whether they’re responsive or not responsive. And we’ve made it very easy for users to do that. So, you can create issues, and for each issue, you get two tabs, responsive or not responsive, and you just train, you look through a bunch of training documents and you tag the documents appropriately, and the machine classifier learns, very quickly, what is responsive, what is not responsive. So, maybe after two or at most three training batches, the classifier is now bringing you back almost exclusively responsive documents. It’s already smart enough to do that. And so you only need a few training rounds to get the classifier well over the 80%, typical 80% precision and recall threshold that most attorneys feel is what the human is capable of, but the machine will do 90, 95% precision and recall, so you can be assured, not only are you getting a more efficient and more correct review, but you’re also doing it in a whole lot less time with a whole lot fewer people.
LN: And so, are your algorithms looking for synonyms, and similar phrasing that has equivalent word matches?
JW: It’s a bit of secret sauce. But, yeah, we use a support vector machine-based set of algorithms, kind of the most modern version of machine learning. And it is effective, it understands what our topics that were identified in the document, and what other topics are like them. So that’s how it’s doing an identification. But you’re effectively training in or on that.
LN: So the people using your platform, are they having to necessarily review all of the documents, or are you basically, based on the trained review process, you’re taking that universe of a million, and as they get through it, it’s starting to cluster.
LN: There’s a set that, this probably isn’t useful, and you don’t have to look at it, but you can look through it just to see.
LN: They have confidence that it’s not excluding relevant stuff, right?
JW: Yeah. What we find from an AI standpoint is that the two primary use cases that attorneys have when they use AI are priority review, so that means hey, I’m going to start teaching the data about, the classifier about my data set, and I’m going to show what responsive documents look like, and then I want it to rank all the remaining documents for me for relevance. And so I’m going to then put eyes on those top-ranking documents. That’s effectively looking for the smoking gun, right? That’s one. But they also use it a lot for QC and this is where I see I’m trying to put a lot more attorneys into utilizing AI, is you’ve already done your tagging, and you had eyes on all of your documents, now go back and use the AI and compare it against what your human reviewers did, and see if you’ve missed things. Because inevitably, your reviewers are not going to be all at the same level. Some people are going to miss-tag documents, and the AI has a really good chance of picking up those mistakes and showing them to you.
LN: So have there been any published studies that document the effectiveness of AI with the review process?
JW: There’s been a bunch of them. I know Law Geeks did one that was pretty interesting. What I’ve read recently is that only about, nationally, about 4% of all cases use Artificial Intelligence officially. But then again, there’s no requirement, in the meet and confer that you identify that you are using Artificial Intelligence in a discovery case. So a lot of attorneys can be used, and just not reporting it. Which is fine, because back when the review was manual, and you went through paper and bankers boxes, you didn’t have to document the process for that review. So why should you have to document the fact that you using a machine to do some of the identification of documents and responsiveness today?
LN: So are there potential problems as a result of using AI for failing to produce relevant documents?
JW: No, I think the case law already demonstrates that AI is an accepted form of using, of identifying reviewed documents, and again, even if you’re just using it for QC purposes, you’re still better off. You’re still less likely to miss things than if you hadn’t used it at all.
LN: Great, well, it’s been great. Thanks a bunch for being on the show.
JW: My pleasure, my pleasure.
View Part 1 of our 3 Part Series on Smarter Solutions in eDiscovery
Other Articles about Artificial Intelligence (AI)
More related articles
To Learn More about ZyLAB’s Ability to Optimize eDiscovery With AI
A cardiac pacemaker is a lifesaver for many and is considered an implantable medical device. The FDA imposes regulations to protect these devices. Experts Lee Neubecker and Sterling Medical Devices, top engineer, Keith Handler examine FDA Quality System Regulations, ISO standards, and FDA guidelines used by Sterling Medical Devices that are essential to the manufacturing practices.
FDA Cybersecurity regulations in medical devices is a tough topic! Consider the cardiac pacemaker, probably the most notable life-saving implantable medical device. Did you know that it is operated by a computer chip? Just like any other computer they can be vulnerable to cybersecurity breaches.
Experts Lee Neubecker and Sterling Medical Devices, top engineer, Keith Handler examine the FDA’s Cybersecurity quality system regulations, ISO standards, and guidelines followed by Sterling Medical Devices to ensure cybersecurity for all their devices.
Tune in to Part 2 of our 3 Part Series on Medical Devices
The FDA Cybersecurity Regulations: Medical Devices Video Transcript Follows.
Lee Neubecker (LN): Hi, I’m back on the show today with Keith Handler, Keith, thanks for being back on.
Keith Handler (KH): Thanks again for having me.
LN: And Keith, again, is from Sterling Medical Devices, and today we’re going to talk about what measures are in place, that the FDA imposes to help ensure cybersecurity on medical devices, especially safety of PHI, and safety of the operation of those devices for end-users. Thanks again for being here.
KH: Yeah, thanks for having me. So, cybersecurity. It’s a tough topic, and the FDA is still figuring out how exactly to deal with it. They have issued guidance that attempts to categorize how high the risk is of cybersecurity for a device and the basic standards you need to follow in designing, and testing, and documenting your processes for developing that device. That guidance is currently how we generally implement most of our analysis processes and controls. The FDA has chosen to recognize certain certifications, such as UL 2100-1-2.
LN: And what is UL 2100-1?
KH: 2100-1 is a certification for network-connected systems, as far as cybersecurity is concerned, and 2100-1-2 is a subset of that standard, specifically for medical devices connected to the internet or a network. Mostly that standard follows the 2100-1, with a couple of modifications, based on the fact that medical is safety-related.
LN: Have you seen any changes in the standard since the WannaCry attack that took out a lot of the UK hospitals?
KH: Nothing that I can point to specifically. You know, that really comes down to changing specific vulnerabilities, our knowledge about them, and the attack vectors that we know that are capable of executing these things, cataloging them, making sure that we plan for them in future designs.
LN: So I know Bluetooth is a protocol that’s vulnerable to exploitation. I think at one point in time, there was a warning that everyone should take their pacemaker and get it updated. Were you familiar with that?
LN: Can you tell people a little bit more about what happened?
KH: Yeah, well, in that specific case, I’m not actually 100% sure what occurred there, but most of the time your issues are, with a lack of authentication, a lack of encryption, you need to be sure that what the device is talking to on the other end is exactly who they expect it to be, what they expect it to be, and you have to make sure that that communication is secured and unchanged, unaltered. Typically, that’s done by using specific security libraries, integrating them in careful ways, making sure that all communication over the wire is encrypted, things like an asynchronous key generation.
LN: I think, just from my memory of events, one of the problems they discovered is that these protocols, there’s a period of time before authentication occurs, in the preamble when there’s broadcast of the Mac address, the wireless name, and whatnot, where there’s a potential to create an overflow situation, to actually compromise a device before encryption and authentication occurs.
KH: Yes, in certain system designs it is that way.
LN: And, unfortunately, these protocols are, you know, they’re everywhere. So, at the time, I believe that the chip makers and various equipment providers, not just only in the medical area, but across the board, had to create fixes that help protect against these types of cyber-attacks.
LN: So, you were talking about UL 2100-1-2, what about TIR57? Can you explain what that is?
KH: So, AAMI TIR57 describes how to marry up the processes of medical safety risk analysis and security analysis. It’s an attempt to show that the security analysis process is actually very similar and very familiar for anybody that’s done the safety risk analysis before. More of less, it takes ISO 14971 and applies security risk management to it with a mix of a little bit of some NIST standards in as well. But the general idea is to really categorize what assets you’re protecting in your system, and the known vulnerabilities that your system has, and then from there, you attempt to determine a list of known attack vectors and categorize the profiles of your possible attackers. With a combination of that type of information, you can assess what the real vulnerabilities and risks are for your system, and design in controls, from the ground up, to make sure that you’ve protected against them.
LN: Yeah, well, this is really fascinating stuff. I appreciate you being on the show, and I look forward to our next segment talking more about cybersecurity and how to keep these devices safe.
KH: Thanks again for having me, Lee.
Don’t Miss Part 1 of this 3-Part Series on Medical Devices
AI trends in the Legal Industry is revolutionizing data, and whittling down the amount of paperwork involved in legal practice. Lee Neubecker and DISCO’s Cat Casey discuss trends in the legal industry.
Paper death! Legal professionals get buried in a mountain of paperwork. Artificial Intelligence (AI) replaces that mountain of paper with cloud-based apps and whittles down costs. What’s new in Artificial Intelligence (AI) as it relates to the legal industry? Check out this video as Forensic Expert Lee Neubecker and DISCO’s Information Officer Catherine “Cat” Casey talk through AI trends in the legal industry.
View Part 2 of our 3 Part Series on Artificial Intelligence (AI) in the Legal Industry
The video transcript AI Trends in the Legal Industry follows:
Lee Neubecker: Hi, I’m back here again with Cat Casey from CS Disco. Thanks for coming back again.
Cat Casey: My total pleasure.
LN: We’re going to continue our conversation in this multipart series. This time, we’re talking about artificial intelligence and the trends impacting the legal industry and the whole eDiscovery industry as well.
CC: Absolutely, so in my role at Disco, I’m chief innovation officer, and one of the things I’m tasked with doing, both now and in my prior roles, is going out and figuring out what’s going on in the market, and what we’re seeing is AI written everywhere. Sometimes it’s true AI, sometimes it’s not, but what we are seeing is people want to find evidence faster. People want to eliminate those low-hanging tasks that aren’t the practice of law. And so, we’re seeing a lot of tools that are driving efficiency both in practice management and litigation management and in finding evidence.
LN: So where do you see we’ve gone in the last few years with AI in terms of advancements and providing products for the review process?
CC: When we first, I think, announced AI about 2006, seven, eight, nine, I was working as a channel partner with the company that patented the word predictive coding. That was the first AI model in eDiscovery and people liked it. They didn’t really want to use it. They were nervous. What I’ve seen is not only has the process improved instead of TAR 1.0, where you have a sample, you make decisions, and then, the algorithm might learn, we have continual models. So the tools got better, but the appetite to use them has increased dramatically, I think, in the last 18 months, because data’s getting very big, very complicated, and no amount of money or time is enough to actually get through it without using this sort of technology.
LN: So are you seeing that other messaging platforms are starting to become more a part of this process, like Slack?
CC: Oh, yeah.
LN: You’ve got all kinds of other messaging platforms, WhatsApp.
CC: Weird data is the new normal and I noticed it starting, I’ve been at Disco about a year, so starting my last 18 months at Gibson Dunn, where it used to be, okay, email, maybe text. That’s all I got to worry about. No, no, no, now I’m dealing with ephemeral messaging, which is self-destructing text messages. I’m dealing with collaboration tools like Slack and Messenger and Teams and each one of these tools has a challenge in terms of formatting the data, being able to review it, and relating it. Think of a given day. This morning, I was on Slack, then I was answering text messages, then I had a phone call, then I sent an email, then I went back to my Slack channel. That was before I got out of bed and if you want to recreate kind of this digital footprint of what people are doing, you need to have all of that info. And so, finding tools and partners that can deal with it is paramount.
LN: So does your platform at Disco, does it have APIs and import specs that match upon those alternate data streams?
CC: We do to a degree. We also do kind of a middleware layer of parsing and creating a new visualization, like say from a JSON file for Slack, we recreate that in our ecosystem and render it the way you would’ve seen it in the Slack dialogue box. And so, we’re developing more of those direct APIs of a 365 box, but we’ve worked on the visualization and ensuring that the data we receive is reviewable, usable, and easily rendered, so.
LN: Now, it’s interesting when we’ve collected cellphone data, we’ve used some of the popular tools on the market and the output of the data isn’t necessarily always easy for the attorneys to review. And what we’ve done is we’ve often taken the spreadsheet output of text.
CC: Oh yeah, yeah.
LN: So what are some of the challenges you see facing AI and its adoption over the next few years?
CC: Like with everything, it’s fear and desire. People desire the outcome of finding stuff faster, being able to practice law, but no attorney went to law school to play with relational databases and lambda calculus. I didn’t. And so, what ends up happening is there’s a fear of the unknown and a fear of explaining something to a judge who maybe didn’t even use a laptop when he was going to law school, probably didn’t. So there is a fear of using technology that folks don’t understand, a fear of explaining it, and that’s when having the right partner, the right person to testify, the right person to navigate you through this becomes so important.
LN: Have you seen much, part of my practice deals with patient electronic medical records?
CC: Oh yeah, yeah.
LN: And patient audit trails of EMR, electronic medical records.
CC: Oh, yeah.
LN: Usually, those records aren’t quite like an email thread. They’re more cryptic. They’re more accustomed to the specific platform the hospital’s use. Have you seen many of those cases come in where they’re pulling in the charts and various transcripts from the physicians and whatnot?
CC: I haven’t run into that as much at Disco, but when I was at PWC, we were doing very complex multilayer investigations, and so, we would have, sometimes, medical charts. Sometimes we would have trade databases and so, marrying and creating a story between that structured data and the unstructured data was always very challenging and very bespoke, and there’s some tech that’s beginning to create a unified place to do that. We’re looking in to do that as well, but it’s very hard to take that weirdly formatted data and render it in a way that then ties to what the humans are saying and then, help you get those facts to build your case.
LN: That’s great. Well, this has been great. In our next segment, we’ll be talking a little bit more about artificial intelligence and some of the potential challenges and impacts for organizations that don’t get on board. So thanks for coming on again.
CC: My pleasure.
View Part 1 of our 3 Part Series on Artificial Intelligence (AI) in the Legal Industry
View Other related blogs from Enigma Forensics.com
Does your employer require your fingerprint when you clock in for work? That fingerprint is considered private biometric information. BIPA is the Illinois law that protects its use. Experts Lee Neubecker and David Rownd share how this law affects employers that have Illinois based employees.
Biometric Information Privacy Act (BIPA) is a law that covers the employer’s use of biometric information of its employees. Biometrics are the physiological means to gather an individual’s uniqueness. The oldest most widely used is a fingerprint but other biometric identifiers may be also used such as; facial recognition, photos, retina scan, voice recognition, ear shape, and hand scans all are considered private biometric information. The Illinois BIPA law is designed to govern, secure, store and prohibit the sale of biometric information. Forensic Expert Lee Neubecker and David Rownd from Vedder Price discuss how BIPA may affect employers that have satellite offices in Illinois.
Part 1 of a 3 Part Series on Illinois’ Biometric Information Protection Act
The Video Transcript on BIPA: How It May Affect Employers in Illinois.
Lee Neubecker (LN): Hi I am here again with David Rownd from Vedder Price. Thanks for being on the show David
DavidRownd (DR): Thanks for having me
LN: David is an attorney that specializes in defending class action lawsuits also employment litigation, trade secret theft, and misappropriation. I asked him to come on the show today to talk a little bit about BIPA which is the Illinois Biometric Information Protection Act and specifically he deals with a lot of trading security-related financial services firms and since that law applies to Illinois and many trading firms in New York have satellite offices I wanted him to talk a little bit about the act and some of the concerns that employers should have if they have employees working in Illinois. So, David, can you tell us a little bit about BIPA what it is and what it entails?
DR: Basically it covers the employers use of biometric information of its employees and this can be a retinal scan it can be a fingerprint it can be a number of different things and it can be used for time cards access to the workplace and things like that and employers are using biometric information because its an easy way to keep track of employees. However, it is also a privacy issue and that’s where the BIPA comes in and BIPA is intended to regulate employers ability to utilize biometric information and put certain requirements on them for notifying employees they are using it and notifying employees why they are using it keeping written records of the biometric information and it specifically prohibits the sale of biometric information to third parties.
LN: It’s especially troublesome too because if you lose your biometric unique identifiers you can’t necessarily get those back unlike a social security number you could replace a social security number but if someone is able to copy your retina scan your fingerprints what not it could cause a lot of permanent damage.
DR: That’s true you only get one of those things
LN: So we will be talking later in the series next well be talking a little bit about what employers should do before they land in trouble with BIPA to help protect against finding themselves embroiled in litigation and then finally we’ll talk a little bit about some of the national happenings with Facebook and other entities who have been en snagged in the BIPA trap and we’ll conclude with there so thanks for being on the show today.
DR: Oh thanks for having me.
View related Employment Litigation articles on our website.
Artificial Intelligence (AI) can be used to vastly improve the eDiscovery document review process. Zylab is one of several eDiscovery vendors offering solutions utilizing AI. Lee Neubecker, Computer Forensic Expert, and President & CEO of Enigma Forensics met with Jeffrey Wolff, Director of eDiscovery Solutions at ZyLAB during his visit to the Legal Tech Conference 2020 in New York. Lee and Jeffrey discuss how AI can be used to conduct more effective eDiscovery.
Artificial Intelligence (AI) technology is everywhere. It’s hard to imagine how it’s being used in the legal industry where legal libraries filled with law books and courts filled with black-robed judges reign. In this formal traditional world, AI is now providing smart solutions for today’s electronically stored information or ESI and is streamlining the way the Legal Industry works.
In this video, Lee Neubecker, Computer Forensic Expert, and President & CEO of Enigma Forensics met with Jeffrey Wolff, Director of eDiscovery Solutions at ZyLAB during his visit to the Legal Tech Conference in New York. Lee and Jeffrey analyze how Artificial Intelligence (AI) develops smarter solutions in the eDiscovery process. Jeffrey shares with Lee that ZyLAB’s mission is to provide automated full-text retrieval using AI, for both on-premise or cloud-based solutions.
Watch Part 1 of a Three-Part Series on Artificial Intelligence (AI) and eDiscovery.
The video transcript of AI Smarter Solutions: eDiscovery follows.
Lee Neubecker: Hi, I have Jeff Wolff, back on the show from ZyLAB. Jeff, thanks for coming back on.
Jeff Wolff: Thank you.
LN: He’s their Director of eDiscovery, and I wanted to ask him some questions as it related to what differentiates ZyLAB from other products out on the market. Some of my clients may want to use this type of artificial intelligence program to help get through their review and see what the results are of using AI verse the traditional e-discovery review process, so.
LN: Jeff, could you tell us what sets ZyLAB apart from other competitors in the marketplace.
JW: Sure, sure, so first, I think ZyLAB is uniquely positioned in the fact we understand the corporate space quite well, as well as the law firm space, but we got our start incorporate, or start in information governance. So we are very vested in search and data science, and that’s really where we’ve put a lot of our focus. We have both on-premise solutions, as well as cloud-based, SaaS solutions like every other next-gen provider. But we really push our interface, our user interface and our user experience, as one of the most unique selling points. And that is, that it is not difficult to start using. Anyone, any legal professional can pick up our product in an hour, from start to finish, and understand really how you utilize it. Drag and drop interfaces for getting data into the system, and immediate color-coding and tagging, easy search, and the ability to really visualize your data and understand what’s in the dataset.
LN: Okay. So, what would you say for a company that has to deal with multiple jurisdictions, they’re in Europe, they’re in the US. JW: Sure. LN: There are some unique challenges posed by all the various regulations out there, like GDPR.
LN: Maybe the have operations in China. How could you help a company that has to deal with various regulatory authorities spanning the globe?
JW: Sure, and that’s another advantage that ZyLAB has, actually, we’re actually a global company, so we’re dual-headquartered in Washington, D.C., here in the US, as well as Amsterdam in the Netherlands, in the EU. And as a result, we have cloud operations in both jurisdictions. So our global customers can actually keep US data in the US, and they can keep the European Union in the EU, and not worry about that issue. But we also have the expertise, consulting expertise, in both environments, both geographic locations. For example, I’m doing a lot of work now with corporations, not so much focused on directly just on e-discovery, because e-discovery is a bit reactive, you know? Or corporations go through peaks and valleys with e-discovery, the litigation, something they have it, sometimes they don’t. What they constantly have though, are internal investigations, regulatory responses, in the highly regulated corporations. And more and more now, data privacy concerns. So, my European colleagues have been dealing with GDPR for a while, we’re now starting to feel it here in the US, with CCPA, the California Consumer Privacy Act. And there are a number of states on the horizon that are going to California’s examples, so corporations need to be able to find, and classify all the data that they have in their organization that has customer information because if those customers request it and they can’t provide it, they’re financially in a lot of trouble.
LN: Do you think that the regulations coming down on companies are going to fundamentally change how companies chose to communicate with their vendors, suppliers, and own employees?
JW: Absolutely. If you look at all the recent data breach situations, it’s typically not the organization that has the problem, and I won’t mention any of the large companies that have recently had data breaches, but it’s typically not the original company that had the issue, it’s one of their suppliers, or one of their vendors that had accesses to the database, and wasn’t protecting it properly, and that’s how the trouble began.
JW: Same thing with data privacy.
LN: The supply chain certainly is a huge point of vulnerability for all types of organizations. The governments, the military,
LN: and even corporations.
LN: So what do you see happening over the next few years with the adoption of AI platforms?
JW: I think the e-discovery market is going to fundamentally change. There’s still always going to be a need for discovery within corporations and law firms, but what you do you with the data is going to become much more important, so it’s going to be about how you can extract value from the data, not just metadata, which we’ve always been able to do for years now, but now more about looking for entity information. People, places, organizations that are mentioned in documents and emails, and collaborative environments, and being able to visualize those, and quickly drill down to what was going on in your organization. You know, if you got people that are going to the dentist three times a week, they’re not doing to the dentist, they’re doing something else, They’re just writing about going to the dentist.
JW: Software like ours that can identify those references in documents are going to be crucial to the success of organizations.
LN: That’s great. So it seems that there’s continued e-discovery service provider consolidation out there.
LN: The companies that are using tools that are more of a channel partner tool to resell.
LN: But as those companies consolidate, do you think that there’s going to be a movement away from those providers where, the company, the firms, directly do their own e-discovery?
JW: Oh, yes. Yeah, very much so. We’ve been seeing that over the last few years. A lot of companies, even small companies that tend to have, in the past, just used outside vendors for e-discovery, are now deciding that they prefer to control, not just the cost, but also their data. They don’t want their data outside of the organization for reasons we’ve already talked about. So they’re purchasing in-house tools that they can use themselves, and then they can invite outside counsel in to make use of, that way they control their costs, they control the efficiency, and they control the data.
LN: Well, this has been great. Thanks a bunch for being on the show.
Lee Neubecker: Thank you again.
LN: Take care.
JW: Bye bye.
View related articles on Artificial Intelligence
View ZyLAB’s for more information on (AI) Smart Solutions: eDiscovery
Forensic Experts Lee Neubecker and Cat Casey from DISCO discuss Artificial Intelligence (AI) as it relates to improving Legal technology.
Artificial Intelligence (AI) thinks, learns and problem solves more efficiently than humans. AI is all around us and in almost everything we touch, it is an algorithm that is designed to make our lives easier and is sometimes referred to as machine learning.
In the case of litigation, it can save time and money by streamlining the process of document review, eDiscovery, and preparation for forensic cases. Computer Forensic Expert, Lee Neubecker and Catherine “Cat” Casey who is the Chief Innovation Officer for DISCO discuss how AI works to improve legal technology.
DISCO is a leader in legal technology is a developer of a cloud-native eDiscovery software for law firms designed to automate and simplify error-prone tasks. They provide a myriad of different types of analytics that will supercharge searching data dramatically reducing time and money.
Part 1 of our Three-Part Series on Artificial Intelligence (AI)
The Video Transcript Follows.
Lee Neubecker (LN): Hi, I’m here today with Cat Casey from CS DISCO. Thanks for being on the show.
Cat Casey (CC): My pleasure.
LN: We’re going to talk a little about artificial intelligence as it relates to eDiscovery and document review. Cat, can you tell us just a little bit about what your firm does to help speed up the review process and lower costs for clients.
CC: Absolutely, we’re a cloud-native AI-powered eDiscovery company. And what that means is we’ve got vast amounts of elastic computational power that we can use to run a myriad of different types of analytics on data to supercharge your searching and dramatically reduce the amount of time it takes you to get to that key actionable evidence. So, we’ve kind of flipped everything on its head. Instead of being a question of how quickly can I read through all of this data, it’s how laparoscopically can I surgically find all of that key information. The results that we’re seeing are pretty resounding. Up to 60% reduction in time to get to that key evidence. Freeing up attorneys to get back to what they went to school for, the practice of law. It’s pretty compelling. We’ve had some pretty interesting additions, including even today, we just announced, I think, the first true AI in eDiscovery with AI model sharing. Basically, with each iteration, with each type of case that you conduct with DISCO, our algorithms are getting smarter. We’re extracting insights and building in more robust taxonomy and analytic structure to parse data, which is going to yield better and better results for our clients. It’s truly exciting.
LN: So we’ve come a long way from the early days when the attorneys wanted everything printed and Bates-labeled before they looked at it. To now, moving ahead using TAR, technology-assisted review, like artificial intelligence, which fits into that, correct?
CC: 100%, we have a continual active learning model, so it’s more reinforcement learning than a standard supervised learning model. Basically, from the coding of document one, our algorithm’s getting smarter and making recommendations on highly likely to be similar documents. We battle test the algorithm on an ongoing basis. Whether it is an affirmative or a negative for a suggested document, the algorithm learns more, and because of that, we prioritize the most relevant information quickly and people are able to then accelerate their review speeds by up to, I think we’ve had over 180 docs per hour. So, it’s pretty compelling and this is just the beginning.
LN: So your platform’s all in the cloud, correct? So companies or law firms, they need no infrastructure other than a browser?
CC: 100%, the nice thing, in my prior life, I ran a global discovery program, and I spent hundreds of thousands of dollars a year just to keep pace, just to have storage, just to have basic replication and back up, and all of that. Now, even a small firm, all the way up to an Am Law One firm or a massive Fortune One company, they can have the same robust technology without having to set up a data center, without having to invest a ton of money. It lets everyone level up and has a better experience throughout the discovery process.
LN: One of the challenges a lot of my clients always have is they have a need to understand what the costs are going to be and to be able to communicate to their clients those expectations so they’re not throwing their clients on the eDiscovery rollercoaster of non-controllable bills. How does DISCO help to address those concerns?
CC: Transparency is a major pain point. One of the banes of my existence used to be trying to normalize this pricing model versus this, versus this service provider, versus this technology. We just throw that all out. We charge one flat amount per gig. It includes analytics. It includes processing. It includes everything, and we work with you to get the volume of data that is being applied to that one flat cost per gig down. It eliminates that hide the ball gotcha moment and it gives a lot of transparency. And of course, if someone wants a different model, we’re happy to accommodate that. But in general, straight, simple, honest. It’s really rewarding for our clients.
LN: So, what cases, what types of litigation case matters do you see as having some of the best benefits of being migrated into your platform?
CC: Yeah, I think any case can. If you’re a tiny company, it helps you be David versus Goliath. Even on a small data volume case, you can start getting insights and reduce the amount of time you’re having to spend doing something maybe you can’t chargeback for. For a big massive case, because we are an AWS and we were built on kind of convolutional neural networking, we’re moving, and we have such a robust computational lift, even we’ve had 150 million documents with hundreds of users and we still have sub one second page to page. We are still lightning fast. And so, whether it’s a big case, a simple case, a complex case, there is a value proposition for almost anyone.
LN: In terms of the types of law firms that are using your platform, do you see many smaller, medium-size firms using your–
CC: Tons, actually tons. That was where we got our teeth. Boutique, we started as a boutique law firm. We actually were a bunch of attorneys that were frustrated that all the tools were terrible, and so they built their own. And so, the foundation of DISCO, we had a family of tons of boutique law firms that we were supporting, we still do to this day. The tool we built though, had a longer vision. It was built to be much bigger and more scalable, and as a result, that’s why you’re seeing us with major, the WilmerHales of the world, very large firms and very large corporations because the tool itself can scale up so much.
LN: Great, what are some of the challenges of working, that law firms find that already have entrenched solutions? There are other review products out there and if they really want to make the benefit of your platform, don’t they have to kind of fully use it for the case?
CC: I would say you probably don’t want to split the baby with a case. If you’re processing with another tool, you’re not going to get the same benefit as working with DISCO. But you don’t have to move your entire litigation portfolio to DISCO day one. We’re seeing a lot of people that are sunsetting Legacy Product and Legacy Platforms moving towards DISCO, but it’s not, “I’m going to move every single case today.” It’s going forward, we’re going to start bringing in new cases. There tends to be such an improved experience and improved UI for the attorneys that they start to not want to use the other technology as much.
LN: I know as a computer forensic expert, oftentimes we’re going out initially collecting and forensically preserving the data. But your product sounds like it would be right for a firm that does forensics that needs to collect different data from computers, possibly harvest just an email. Filter the dates and times of the email to a PST and then they can take those PSTs and upload it into your platform, correct?
CC: 100% and we also, we’ve productized some advanced ECA, where we charge a much, much lower rate. So, you get three months no cost hosting. It’s half the usual rate, and you can do ECA for up to three months. And the goal of that is to let’s whittle down to the most surgical, teeny, tiny, laparoscopic piece of data set that you can have. An example was we had a 20 million document case and we were able to run the ECA, get it down to about 5.6 million documents. Run more coaling, run our analytics, get it down to about 200,000 documents. And usually, that would be when you have to review every single one, but we were able to, with our workflow, with CAL, get it down to 140,000 documents. And so, if you think 50 bucks an hour, an attorney can only do 50 docs an hour, the cost savings is monumental.
LN: So as someone uses your platform and they start to tag and prioritize certain documents, your software learns based on that taking. It helps find related concepts to those conversations and what not?
CC: 100%, 100%.
LN: So really, the more that are reviewed as responsive, similar concepts and whatnot so that important links aren’t missed.
CC: 100% and because we do automatic batching, is every new batch of documents a person gets because we’ve applied this artificial intelligence and continual active learning model, it is a more relevant subset of data and people are able to go through it more faster. And sometimes, they will get to a point where they can say, “I’ve hit all my relevant information. “The rest is not relevant. “I’m going to sample it and statistically determine “I don’t have to review those last 100,000 documents “that maybe aren’t relevant,” and it’s pretty cool.
LN: In our next segment, we’re going to be talking What the trends are in the industry impacting law and eDiscovery. And then finally, we’ll talk about some of the pitfalls of what companies, organizations, and law firms face if they don’t embrace artificial intelligence to help make their review process more efficient. Well, thanks for being on the show.
CC: My pleasure.
More Related Articles About Artificial Intelligence (AI) )
View DISO’s website to learn more about AI trends in Legal Industry
Experts Lee Neubecker and Dr. Nicole Konkel make suggestions that will help make your LinkedIn profile look attractive to to an employer.
Prospecting for a new career can be a daunting task. Suddenly, you’re overcome by a huge tsunami of anxiety by just knowing a prospective employer will be looking at your social media presence. Take a deep breath, your new career will be within reach after you watch this video.
President & CEO Lee Neubecker and Human Resource Executive, Dr. Nicole Konkel offer responsible social media tips that will polish your LinkedIn profile and make you stand out. Their tips will help you establish a digital resume that will catapult you to a new career.
Part 3 in our Three-Part Series on Social Media Do’s and Dont’s
The video transcript follows
Lee Neubecker: Hi I’m back again with Dr. Nicole Konkel who’s an organizational development expert. And I asked her to come on to continue our earlier series talking about social media do’s and don’ts as it relates to being an employee. And so thanks for being on the show again, Nicole.
Nicole Konkel: Oh, no problem my pleasure Lee. Thanks for having me.
LN: So we talked a little bit about some of the things that you shouldn’t do. Can you tell people who are in an active job search mode, hoping to maybe work at your firm or some other firm? What are the things that you would suggest that they do as it relates to making their LinkedIn profile look attractive to an employer?
NK: Sure. So I always will tell people when you’re looking, actively searching for employment, make sure your LinkedIn page is open. I would caution you if you’re currently employed not to have a situation where you are shown as actively looking or actively interested in recruiters contacting you because obviously your current employer can see that. But what I want to make sure of is that your page is professional. Professional means no spelling and grammar errors. Professionalism also means outlining what your accomplishments have been. One of the things that people do when they’re looking for jobs is we want to talk about results, and not just job duties, but results. And so to make a big focus on that on your LinkedIn page.
LN: And certainly not having typos.
NK: Please no typos. No typos, no grammatically incorrect sentences, speak about yourself in the first person. You are selling yourself on LinkedIn, essentially and you want people to read that and say, “I want to contact this person.”
LN: And speaking of contact, what would you recommend people do with regard to the contact information tip?
NK: Well, I really, really encourage people to have a professional email address. So nothing with any sort of sexual innuendos. I would also say nothing that’s related to your birthday. Unfortunately age discrimination is is something that is real. And so we don’t want to have that be out there. And so I would just say my email address is Nicole, my former name [email protected] That’s what I wanted people to see. And so that’s what email I use when I’m in a job search.
LN: Now, what about the photo? What are your thoughts on what you’ve seen with LinkedIn photos, what’s worked, what hasn’t worked?
NK: What doesn’t work is a picture of your dog. What doesn’t work are selfies. I think that in this day and age, we all have the opportunity to have a professional headshot. There is no other type of photo that should be on LinkedIn In my opinion, other than a professional headshot. Even if you have to do it with your own iPhone or Android device, we are able to do that. But you should be in professional clothing, you should look like you are going on a job interview in that photo.
LN: And if you’re on a budget, you can use services like Upwork and find a photographer, that if you’re patient and flexible, you should be able to get a professional headsetset.org or even go to, one of the department store.
NK: Absolutely, I mean, you can easily do a professional headshot for $20 easily.
LN: And the other thing too is you can actually hire people who are professionals in HR to help edit your LinkedIn and give you that critique.
NK: Yes. Yes. I do believe there’s value in that. I do think that you should work with people that are reputable. Not everybody that says that they look at LinkedIn profiles and resumes should be and so I think you should look at some examples of work that they’ve done in the past to see if that’s something that will be beneficial to you moving forward. But in no time should you go into that thinking if this person does my resume or does my LinkedIn page, I’m automatically going to get a job. It’s still putting your best foot forward out there with all different types of aspects that are necessary for the job search.
LN: I’d like to see certification.
NK: For sure
LN: Papers, I especially like to see that the person can write.
LN: That’s not appropriate for all positions, but it’s helpful.
NK: For sure. Even if there is maybe you’re not the perfect grammatical person, you should be in your LinkedIn profile.
LN: You can get someone who has to check your page.
NK: Yes, exactly. And so there’s really not a reason why that should not be happening.
LN: What are your thoughts about, what’s your opinion when you see an employee that has reviews and how would you advise people to approach the review section?
NK: On LinkedIn?
LN: On LinkedIn.
NK: I honestly as an employer, don’t really pay attention much to the review section. But when I have, I’ve looked at the person that’s actually writing the review. I’ve actually gone in and clicked on their profile to see what role they actually have, how that person has interacted in the past. If it’s a former employer, that’s always good, for you to have a former boss or, supervisor or colleague, but it should definitely be a professional review. If you want to go have your friends to review so make sure they’re professional and they’re talking about work.
LN: I agree with that it when I look at the reviews if the reviews are written from people who clearly were a peer review helps as well.
LN: If it’s a supervisory review it means more, but I also look at the quality and caliber of the writing of the reviewers. So you don’t want to have someone writing a review on your page that has grammatical doesn’t really speak well.
LN: But I also look to see if It’s a review swap. Because essentially, the effective way to get a review is to write one. So I’ll look at the profiles to see that as well.
NK: Right. I think that that’s true. I think the most valuable review is from a former supervisor or a current supervisor that’s talking about your current work. When people are reviewing they should be talking about the results that you’ve done. It’s you know, John is a great person, is great, but it doesn’t tell a potential employer anything about how you’re going to be for them if they hire you.
LN: Something like John came in, took over our factory project, realigned the team, achieved a 20% growth and sales and 10% improvement and profitability that’s kind of action-oriented.
NK: Action-oriented is really what is going to get you noticed. When we’re talking about reviews when we’re talking about your resume when we’re talking about LinkedIn.
LN: Are there any other thoughts you have before we wrap up? NK: I just want people to know that LinkedIn is a great tool. But the best tool for actually getting whatever opportunity that you want and keeping it or being successful is being the best you, whether you’re in private or in social media. And so always keep that in mind. We are always under a radar, somebody is always looking at
NK: And so how do you want that to be viewed in the future
LN: Great. Well thank you so much for being on the show.
NK: Thank you for having me, Lee.
Watch Part 1 and 2 of our Social Media Do’s and Don’t Series
Hiring Managers are looking at your social media history so candidates should be doing the same. Everyone should be doing their homework. Lee Neubecker and Dr. Nicole Konkel discuss the how to use social media reconnaissance techniques to prepare for your next interview.
Keys to using social media reconnaissance before your interview
Social media is a valuable research tool to discover key hiring decision-makers when preparing to interview for your dream job. Matchmaking for that ideal employer-employee fit is now a two-way street. Hiring managers are looking at your LinkedIn, Facebook and other social media sites. Career seekers should be doing the same to prepare for that next interview. Job seekers are also looking at various websites to get a better understanding of the company’s culture, people and expectations. Performing your own homework including looking at online reviews from current and past employees can provide you a leg up on the day of your interview. Social media sites such as GlassDoor.com, Linkedin.com and even Facebook.com or Twitter.com may provide you with important insights that will enable you to ask thoughtful questions that demonstrate a deeper understanding of the prospective hiring organization.
President & CEO of Enigma Forensics, Lee Neubecker and Human Resource Executive, Dr. Nicole Konkel urge everyone to use all the social media tools to your best ability. Performing advanced social media reconnaissance of your prospective employer’s social media profile as well as your likely interviewers can provide you a leg up when you arrive for your interview. Listen to these important interview prep tips for seasoned experts in HR and online social media reconnaissance.
Lee Neubecker: Hi I’m back again with Dr. Nicole Konkel who’s an organizational design and development expert.
Nicole Konkel: Sure, yep, hi Lee. Great to be here again.
LN: And glad to have you on. I’ve asked Nicole to provide some insight to people out there on my network, as well as hers, that are looking for a job, in terms of what they should be doing to before they apply to their position, to make sure they’re well-prepared and they get off on the right foot. And that it’s a good fit.
NK: Sure, so Lee, I think it’s really important for you as a job seeker to interview and research the company that you’re applying for or applying to just as much as they’re going to do for you or to you. And so that means looking at social websites which will give you employee reviews and listen and not every review, most people don’t go to reviews to write good things. So we have to look at that and say who is giving this review? But look for patterns, look for employees saying the same things over and over again. That may not be any part of a culture that you would want to be in. Look for trends, look for better business bureau scores. Look for information on their current employees and look them up, look up their leadership teams.
LN: Now, I understand at least from reading that one of the most important determinants of someone’s happiness in a role in the relationship with their supervisor.
NK: For sure. LN: So would you recommend trying to find out who’s hiring for the role you’re applying for?
NK: Absolutely, you should definitely know who your potential supervisor is going to be. You should know if it’s a replacement position, why the last person left. You should ask these questions to every person that you interview with. Because what I can guarantee you is, in job searches that I do, I’m interviewing with multiple executives and companies. And every one of them is going to give you a somewhat different answer. While it may get you to the same place, it’s going to be a different answer and it’s going to give you a lot of insight.
LN: Well, I know too there are premium subscriptions you can sign up for, like in Linked In, that will give you more options where you can do the searching. And it might be helpful for you to know, who’s working at ACME Corp.?
NK: For sure.
LN: If you pay a little bit more you can see the employees you can tell who’s a second-degree connection, a third-degree connection.
LN: And if you happen to know someone in common, especially if you reach out to them before
LN: You can get intel on the person or the people working there that can really bolster your chances I’d think.
NK: Right, definitely a connection is going to be a really good step in getting you in the door for an interview. Versus just sending your resume like the other four hundred and ninety-nine people and hope that someone sees it. Most of the time they don’t get past the first 30. So I definitely feel, I don’t necessarily think you have to pay for additional services, I think a lot of that is out there for us to see for free. But definitely some benefits if you have the means to do so to get that additional information.
LN: Well, one of the things that people might not know about is that if you paid for the premium membership then you’ve already applied for a job at ACME Corp. you can see who’s clicking on your profile.
LN: And then you can tell who’s likely going to interview you. So without them even having to disclose who’s going to interview you you might be able to find out their interests, what shows they like.
LN: There’s a website called PQ, you can dig, you might be able to get details on their social media. The more homework you do, it always impresses people, you just don’t want to creep them out.
LN: It’s okay to say “I looked online, I’m interested in your company” “I understand you do this and that.”
LN: But it’s okay to say, “Oh I looked online probably the better that interview will go.
NK: Absolutely, I think it is very important to have details on those individuals are really like, “Oh wow. You looked me up?” Now, I wouldn’t necessarily say, “Hey, I saw it on Facebook “that you and your three kids went on vacation last week.” But I would keep it to the more professional accomplishments. If they have any reviews on Linked In that people have written for them, bring those things up because that only helps you.
LN: I recommend too that everyone consider making their own branded blog, like Dr. Nicole or I’ve got Leeneubecker.com because from time to time you move from company to company or you might sell a firm like I sold my firm, and someone wants to connect with you. NK: Exactly.
LN: When that happens, you have to be accessible.
LN: And sometimes you lose control over your old workplace email, which raises another important point. Do no use your company email on your Linked In account.
NK: Please don’t.
LN: Because you might find yourself suddenly severed from your job and you’ll lose all your connections.
NK: Right, you in any social media that is yours, you should be using your own information, not your company.
LN: That’s right, oh, I think we’ve got a like on our Linked In. Well, thanks a bunch for being on the show, this is great
Energy is vital to our everyday life. Companies face a competing demand to preserve data and at the same time continue to function. Experts Lee Neubecker and Geary Sikich give advice on how to overcome these challenges.
The Energy Sector provides the global economy with oil, gasoline, electricity, wind and natural gas. An Energy Industry incident could be a physical attack on a power grid or a cyber attack that stops a company from functioning. The properly planned and orchestrated energy sector incident response will minimize or reduce recovery time and loss. Potentially saving lives! Enigma Forensics CEO & President, Lee Neubecker and Geary Sikich, Principal at Logical Management Systems, Corp. strongly urge all companies to create an incident response plan.
This is the final segment in the four-part series on Energy Sector Cyber Insecurity.
Energy Sector Incident Response video transcript follows
Lee Neubecker: Hi I’m here again with Geary Sikich, and we’re continuing with our final fourth part segment in this discussion about global cyber insecurity as it relates to the energy sector. And in this segment, we’ll be telling you a little bit more about some of the things that need to happen, related to the incident response of a data breach, for the energy sector. Geary, thanks for coming back.
Geary Sikich: Thanks Lee for having me. I think this is, probably one of those areas that are challenging to talk about.
LN: Yeah, certainly, and at the forefront, when things first go wrong, there’s a need to immediately take action to help preserve the data, and collect data so that it can be analyzed. But at the same time, there’s a competing demand for wanting the organization to function. And sometimes those two needs, create conflicts.
GS: Yeah, they sort of butt heads if you will. Yeah, I think the issue for a number of organizations, and I’ve experienced being in the kind of command center if you will, of organizations where their website had gone down. And it was, one of these where a lot of stuff was processed through the portals that they had there. Suddenly there was this pressure to get things back up, and then to look at, what is this costing us? Because now our customers cannot execute their orders and whatnot. And that becomes a challenge because it’s the urgency issue. The other aspect is that when we look at incident response, and this is a little bit different from the typical natural disaster incident response. If I’ve been breached in a cyber incident, how long is it before I actually realize that I’ve been breached? It may not happen very quickly, it could be very subtle. And things could be manipulated, and suddenly I’m in a situation like some of the big companies that had data hack, where all the sudden personal accounts of cardholders are exposed. Now, what do I do? So there’s a lot of not the only rapid response that’s needed, but a lot of consequence analysis that’s really needed.
LN: Is it?
GS: How do you do that and yet maintain, as you were saying, and begin to look at that.
GS: From, not really a legal standpoint, but, from a defensive standpoint.
LN: Yeah, well there’s a lot that needs to happen in a short period of time, you have the collection and preservation. Which, forensic professionals are often called in, such as myself. To collect the data. Firewalls, servers, logs. Then you also have the analysis of that data to determine, what are the motivations of the attacker? Was it an attacker? Was it negligence? You know, oftentimes things go down, people assume it’s a cyber attack, external. It could be an internal attack, it could just be something as innocent as, I’ve seen a new system coming online that’s supposed to help back up and provide redundancy, actually reformat a storage NAS array, that it was supposed to help protect. So, these things can happen. And quickly understanding, making sure that data doesn’t disappear that could be used to rebuild is important And that’s where bringing in the outsider’s important because someone new coming in doesn’t have skin in the game. And, you really need that objective party, to help you figure out what’s happening.
GS: But I think that in that respect when you bring in someone from outside, they also have a vested interest in making sure that, from not only a reputation standpoint but also from the standpoint of the viability of their services, making sure that they’re helping to alleviate the issue. And to bring back some, equilibrium if you will. So there’s this issue of consequence management that comes to bear on those–
LN: And you have some conflicts that happen with having the people that were, kind of in charge of watching over the equipment, do the investigation. And that can cause some, serious problems to the organization. And it may be very well that, the attack wasn’t the fault of the people responsible for managing it. But, if for instance there was, an action that took place that might show some carelessness or mishandling of events by the people in charge of IT, there’s a real risk there that, that person might take actions that could result in further data destruction. In an effort to cover up, what had happened.
GS: So now in that respect, we need to protect, we need to begin to look at how we manage the data collection post-incident, or during an incident, if you will. There obviously some legal ramifications.
LN: Yeah well whoever does this might have to testify. And that’s another reason why having a third party come in to do this work is important. Because you may want, legal may want to know, “well before we put an expert up to testify in this, “just tell us what happened and how do we respond? “How do we get ahead of this?” If it was a problem with a vendor, you want to know that. Because the clocks ticking. You know from the time a data breach is confirmed, it is a real data breach and known, to the time it has to be reported, oftentimes its thirty days. So there’s not a lot of time, to wait around If your data breached before you get in your expert, your forensic expert to inspect.
GS: Okay, so we’ve got a legal consideration, that has to be looked at. Insurance today has changed in a lot of respects. So, business interruption insurance. Obviously, that’s a critical area because if you want to file a claim–
LN: Yeah you have to report it to the carrier, or even if you have cyber coverage, it might not be covered if you failed to notify the insurance company of the incident.
GS: So, when I look at that aspect and say, “I’ve got a business interruption policy,” you mention cyber. And now I know that there are other writers to those policies. Like for terrorism and things like that today. If I don’t have a cyber writer, which is a contingent business interruption issue, my business interruption insurance may not cover me, on something like that. So it really becomes more incumbent to have one, the knowledge, two, to be able to look at the legal considerations, three, to begin to understand insurance laws, what do I have from a coverage standpoint? Which is where the traditional risk management group comes into play. But IT’s got to coordinate with them, to ensure all that.
LN: Exactly, and I had Todd Rowe on my show, who’s an insurance cyber attorney, that deals with these coverage issues. So, that’s an excellent video to watch that delves into that more. The other things though with incident response, you know you have the potential PR issues that relate to being data breached. So really, you need to assemble your team, your in-house legal, your HR, your media advisor. Preferably you have a PR firm that has dealt with data breaches before. And then, you’ve got to put together a plan. And all this stuff needs to be going on in parallel. So while that’s happening, your internal people are probably trying to work on, getting their disaster recovery systems restored. You might even have an outside IT provider come in and help bring those systems back up online. The workload that happens when a data breach has occurred, is such that it really isn’t pragmatic or practical to try to have internal IT do all the work. And it also isn’t covered by insurance typically. The outside providers will usually be covered, but not the internal people.
GS: So, if from a structural standpoint, and I’ll draw this to the areas that I worked in many years back after some of the events in the energy industry. Oil spills and things like that. Where industries adopted what they called an incident command system. The United States now has the National Incident Management System. So with cyber though, the composition, in terms of that team, is not necessarily the same that we would see in a typical, incident command system as is generally presented. So from a functional standpoint, I think that there are some things that I would look at. One, somebody’s got to be in charge. Two, somebody’s got to look at planning. What’s going on, and future planning, what do we do? Three, operationally, what’s effected what’s not affected? How do we keep it from cascading? Four, a communications perspective. Internal and external. An administrative function, which looks at the financial aspects. An infrastructure function, which again, internal-external infrastructure. And then, the aspect of, you know, bringing this all together as a team. Your HR people, all these other things. So, yeah.
LN: That was an excellent wrap-up Geary. I really appreciate you being on the show. If you liked this video, please share it. And check out the other segments we did as well. Thanks again Geary for being on the show.
GS: Thank you, Lee. Very challenging to present on this topic. So much.
LN: Be safe.
Watch the other segments in our Cyber Insecurity in the Energy Sector Series.
The Energy Sector must protect the electric power grid system, oil, and natural gas infrastructures from the ever changing cybersecurity environment. Enigma Forensics CEO & President, Lee Neubecker and Geary Sikich, Principal at Logical Management Systems, Corp. cover the many steps necessary in detection and protection against any and all threats.
As global unrest heats up, the Energy Sector has to maintain its cool. What is the energy sector? The oil, electric power grid, natural gas refineries, and pipelines are all part of the intricate web of the energy sector. To avoid a disaster they must wrestle with the ever-changing cyber security environment, protect themselves from internal and external threats in all of the energy sector infrastructures all while keeping up with energy demands. That’s a mammoth task! Both experts agree Energy Sector protection can be achieved if approached with precision. Enigma Forensics CEO & President, Lee Neubecker and Geary Sikich, Principal at Logical Management Systems, Corp. cover the many steps necessary in detection and protection against any and all threats.
Part 3 in the four-part series on Energy Sector Cyber Insecurity.
Lee Neubecker: I’m back again with Geary Sikich and we’re continuing our series discussing cyber global insecurity, as it relates to the energy sector. And in this segment, we’re going to talk more about things that can be done to help protect against these cyber threats.
Geary Sikich: So Lee, when we look at protection, I think there’s a three-level process and I think you can describe some of the things that have to go on in these three levels. Strategically, I put together a business plan for an organization and that organization sets goals and objectives, one would be to have cybersecurity. Now, how do I execute that, what are the things that, at the operational and tactical level, the things that really are going to prevent, what are those things, what are those things that are going to help me?
LN: Well, much like we were talking before about detecting compromises, having a solid inventory on what your digital assets are, what computer devices, what cell phones, if you know what your devices are and you have that information available, you’ll be able to spot when something goes wrong. So, part of protecting is doing the bean-counting work of inventorying your digital assets.
GS: So, it’s not just an audit process, it’s a much more of a detailed look at what those assets consist of?
LN: Yeah and once you know what your assets are, you can figure out, who are they assigned to? If someone leaves your organization, you should have accountability steps in place to retrieve those assets. You should also be inventorying the state of those assets, are they fully patched and up-to-date? If you’re not patching your devices, you’re at great risk of cyber compromise.
GS: So is identity, not only do I have to worry about being compromised from an external source but I also have the internal threat of a disgruntled employee, of someone leaving the company, not with any mal, you know, intent, no malicious intent, if you will but just not following up on what I should have done as they out-process.
LN: Exactly, password rotations, people have weak passwords, people become compromised, people reuse their passwords. As someone reused their password for one of your important infrastructure systems on a popular social media site and that site becomes compromised, guess what, those passwords get loaded up into software for hacking and they do what’s known as “credential-stuffing attack”, they loop through and they fire at every device they can using the username and password, the known username and password and that’s how a lot of people fall prey to attacks.
GS: So, in that context, should you store passwords via one of them, like Google Chrome or some of the other, Internet Explorer, those types of things, should you store passwords that way?
LN: I recommend against storing it in your browser. If you’re going to store them somewhere, I think a password management tool like LastPass, that has two-factor capabilities, two-factor authentication essentially means that you have to know your, it’s something you know, plus something you have or something you are and in the case of LastPass, you’re typically using either your cell phone with an app that has an authenticator, that’s something you have, plus your master password and that helps protect against someone intercepting your password and being able to log on.
GS: So, in essence, protection is not a simplified process, protection is something that we have to, sort of, dedicate ourselves to conscientiously and make sure that we continue to maintain an up-to-date awareness, in order to be able to fully protect ourselves.
LN: Exactly and that brings in your staff, you need to know that your staff are being educated about popular ways that companies become compromised like if a bunch of USB devices are dropped in the parking lot, they might say things like “payroll” or something on it, would your employees plug that into your computer, you know, are you testing for that? You know, there are things you can do, there are services out there where you can have your own organization spearfished by a white-hat hacker, that’s going to tell you who clicked and then you know who you need to educate.
GS: So, we’ve made two points thus far on protection. One is that it needs to be part of the business plan, it has to be audited. In terms of auditing, knowing what you have devices-wise. Second is that you have to have educated employees. Now, both of those aspects present somewhat of a business conundrum, if you will. Education doesn’t necessarily equate to dollars coming in but from a protection standpoint, I think the sales point would be that it prevents dollars going out and the better educated, the more aware so that we can look at the other aspects that we discussed, detecting and protecting being two.
LN: Unfortunately, if you run an organization today, you have a new job, which is to make sure that you’re cyber secure and it’s a serious threat that corporate boards are making their CEOs accountable for so you know and it’s multi-faceted, you got to train your employees, you got to nail what you have, you got to make sure what you have is up-to-date and patched and then you also need to make sure that you have some mechanism to monitor and record events so that you can tell if you become compromised so the protection really requires much more today than it used to, it’s, the number of ways that an organization can become compromised, can be via an employee’s cell phone that becomes compromised and then it launches an attack on your internal systems.
GS: So, in the, it’s kind of like the mindset, if you will, has to be changed, in terms of looking at management and their commitment to cybersecurity protection. In the days past, we looked at protection. “What can I do, put up a wall, what can I do, “I can physically protect my facilities and my operation.” Now, today, that becomes more of a challenge because we’re dependent more on things that are not necessarily in the realm of physical protection per se so we really have to be getting to rethink how we look at protection and then ensure that the process is continuous, not a one-time situation.
LN: Exactly and certainly, you know, a DR, known as disaster-recovery planning and contingency planning can go a long way, you know, a simple act of making an offline backup on a periodic basis and you know, maybe that’s only once a month for some organizations but at least, if you have something offline, if you get hit by a Cryptolocker attack, the risk comes down to “well, what does it cost “for us to rebuild the last month?” Or maybe it’s the last week or maybe it’s last night so thinking through, I think going through the disaster-recovery planning exercise is a really good way to help protect your organization.
GS: Okay, I agree with you on the planning aspect. The caution I would say with that is that all too often, organizations develop disaster-recovery, business continuity, other types of plans to deal with emergencies, the response. The challenge is that those plans need to be kept, as you did say, with the cyber up-to-date and consistently reviewed, we have to have it in the mental work.
LN: And that’s where having someone like you and myself come into audit the business risk and actually inspect to see is the plan being followed, is the C-suite having a false sense of security because there’s this plan that was produced years ago, that no one’s really looked into, you know, it doesn’t take but you know, I think, you and I onsite for one day, we could help poke holes and give a report of, is an organization following their plan or does it look like everything’s far off but you’re not going to get that reporting from your own people internally.
GS: Yeah, I think it’s a challenge for people internally because there’s a vested interest, number one. Number two, they think that, in a lot of respects, they’ve done what needs to get done. The other aspect and I think this is important from what you pointed out, is that when you begin to look at today’s plans, you have to realize, they’re kind of reactive, in many respects, they’re not very proactive so they react to an event happening. That’s good because that helps companies become more resilient but it doesn’t keep them from protecting themselves as they need to.
LN: Exactly but there’s also a financial component to these plans, you know, it’s not uncommon that IT, they’ll go through this exercise and then afterwards, they’ll say “well, I need this subscription, this software, “I need this vendor” and none of that funding comes through but it’s much better and that sometimes gets lost in the minutiae from planning to execution and if that, in fact, is happening, you’ll want to know about it before you need the DR and it’s not there.
LN: So, I think that wraps up our section on protection. In our next segment, we’ll be talking a little bit more about responding to the crisis of a cyber breach, as it relates to the energy sector.
Watch the other segments on Cyber Insecurity in the Energy Sector
Part 1 – Global Energy Sector: Insecurity
Part 2 – Energy Sector: Intrusion Detection
Watch other related video segments
To learn more read this government report about Cybersecurity for the Energy Sector delivery system
After the most recent Iranian attacks most people don’t think about the danger to our Energy Sector that lurks in the global underworld. Cyber Security Experts Lee Neubecker and Geary Sikich are on the job! They say we can tighten our security and detect cyber attacks before they happen.
Energy Sector Intrusion Detection is complicated and delicate and necessary to maintain our power grid. The Energy Sector provides energy for the world and must be secured and protected. Many detection tools and resources of expert precision are used to ensure the security of these precious resources. Think about it? What do you do on a daily basis that doesn’t involve energy or some type of energy? Enigma Forensics CEO & President, Lee Neubecker and Geary Sikich, Principal at Logical Management Systems, Corp. put your mind at ease and dissect cyber security and intrusion detection systems that are utilized by the Energy Sector.
This is Part 2 in the four-part series on Energy Sector Cyber Insecurity.
Lee Neubecker (LN): Hi, I’m back on the show again with Geary Sikich, thanks for coming back on the show.
Geary Sikich (GS): Thanks for having me back Lee.
LN: So we’re continuing our series discussing about global cyber insecurity as it relates to energy sector. In the second part of the series we’re talking more about detection of compromise. Um Geary, what’re your thoughts in this area?
GS: I believe that there’s a lot to be looked at in terms of the detection aspect, and this is one of the areas where you from a forensic standpoint, provide sort of a critical juncture, what’re you seeing that the general person, and even the general employee of the utility, might not be seeing? And might not be aware of?
LN: Well we know from reports by Dragos Cyber Security firm, that there’s a number of groups, I think around 11 groups are specifically targeting the energy sector. This report just came out this month, so there is a heightened attack readiness requirement to defend against these attacks. And the key thing that organizations need to be doing is they need to know that they have their firewall actively logging, and they need to be looking at those logs.
GS: Those are all state sponsored groups, right?
LN: Well, we don’t know exactly who they are, there could be terrorist cells, the Dragos report doesn’t give attribution as to the entities behind them. They describe the types of attacks, and the character of the attack methods, but there is a number of them that you can check out, there’s a link that will take you to their report if you’re interested in reading it. But you know, often times organizations fall compromised, and they don’t know it, and these things go on for a long time. There was a credit reporting agency attacked recently, for instance.
GS: So from a detection standpoint, the challenge that industries are faced with, cause our focus is going to be on the energy industry, so we’ll get energy industry. In general, the challenge that they face then, is that it’s not just what we perceive could be state sponsored hacking of their systems, it could be individuals, it could be terrorist cells, it could be pretty much anyone with a desire to infiltrate a system whether it’s to do harm, or whether it’s just to see if they can do it
LN: Exactly. The barrier to entry to launching one of these attacks is much lower. It requires knowledge, but the knowledge could be in the head of a teenager, that got rejected at school and wants to take the power out in his town. So that’s a legitimate problem. Now related to detection, I mentioned the firewall logs, there’s a great product out there called, Canary. Have you heard of it?
GS: No, it’s new to me.
LN: Essentially, it’s a company they tell these little devices, you deploy in your network, and they can pretend to be a payroll mass, health care information system storage database, or you can make it be whatever you want. But it’s essentially trying to lure an attacker. So if someone’s in your network, there going to scan your network to look for resources and it will detect people trying to brute force that item. So these items are a great way to have another way of knowing are you compromised. If organizations that had recently been publicly compromised, that didn’t know it for many years had some of these devices in place, they would probably know pretty quickly, like within a day or so, of someone getting through their firewall.
GS: So the challenge then I guess, from a detection standpoint, and the way we’ve seen it, and in discussions with organizations that I’ve worked with. Is that it’s not a single point of penetration that we have to worry about, it’s become multiple points of penetration, and multiple points that are not necessarily hard wired into the operating system. So utilities in a lot of respects have gone out to do with their status systems, monitoring your water usage, or electric usage, all remotely, and you periodically might see a utility vehicle drive by, and they may have a cellular type phone system, that goes by and scans your homes to see what your energy usage is. So those all become a factor. We get into detection in terms of things, we’ve mentioned today shipping is a big issue, and we mentioned with the current situation with Iran, the concern over the Strait of Hormuz, but shipping in general, navigation systems, have been targeted, not only by state actors, but by other groups. So you have navigation systems which is not just water born shipping. Think of where navigation systems are today. Look into your pocket and see your cell phone.
LN: Well we had the recent issue with the Boeing Max airplane, it turned out the sensors were damaged. Well these sensors they’re called MEMS sensors, they’re a combination of electro-mechanical sensors, and if the chip is hit at the frequency that matches the natural frequency of the component board, it can actually cause the chip to malfunction and report erroneous readings temporarily. Or if the frequency matches and it’s of a great enough amplitude it can actually damage the chip. And there hasn’t been much discussions about whether these chips were cyber-attacked but it’s very possible, if you look up University of Michigan, they have research on MEMS chip sensors and interestingly enough, the patent for these sensors was a Boeing patent. So there’s not a lot of talk about that and I think more likely if the chips were damaged, it’s more likely they were damaged while they were on the ground interestingly enough, the two crashes that occurred were in countries that had a lot of terrorist activity.
GS: I think the other aspect with detection is that when you begin to bring out a point like that, people have a tendency to assume durability of systems when systems can be very sensitive to, if you will, shocks, minor shocks to the system. So it’s not necessarily the physical attack, you could take the example recently Puerto Rico has had an earthquake. What damages were incurred by the, on their systems as a result? That are undetected yet. The sensitivity of systems I think has become really critical in a lot of these aspects.
LN: But like with these chips we’re blending mechanical with computer embedded processors. So like these chips think of an opera singer, that sings the natural frequency of a wine glass. If he sings it loud enough, that glass will shatter. It’s the same concept with this chip. You can fire sound at it, if you’re close enough, or if you have a strong enough amplifier, you could fry it. Now that could happen, a drone could potentially launch a sonic attack, someone onboard, a passenger could do it, cleaning crew coming through could do it. So these are some questions that it’s kind of a new paradigm but we even had issues with military aircraft having this uptick in crashes, and these same types of systems are in the newer military helicopters and planes and whatnot. So I think it was good that the military grounded some of these devices that were having these problems, And you know the investigation, I’m sure, continues and the public may not fully be briefed on this, but it is a threat that needs to be detected before people die.
GS: So the real issue with the situation that we’re in, with this kind of global insecurity if you will, is our ability to detect has been I’ll put it in these terms, if our ability to detect has been compromised by virtue of the disruptive technologies that exist that are making detections more and more of a challenge, because they’re becoming more and more subtle in how they entered in the system. So I can have a system that looks like it’s working perfectly, and yet at a point be compromised like the mechanical system that’s supposed to open a valve, and it’s been doing it for a long time, and then suddenly it either leaves it open, or completely shuts it.
LN: This is where it’s important that these entities have an accurate inventory of what their equipment is, and they also have an accurate inventory of the embedded systems and what that software code should look like. And they should have procedures in place to periodically verify that the embedded firmware chips that do these functions haven’t been altered. Otherwise they won’t even know, and something could happen at a very critical time. So that wraps up our section on detection. In our next segment will be talking about helping to protect against these types of attacks.
Watch the other segments on Cyber Insecurity in the Energy Sector
Learn more about cyber security and data breach from Enigma Forensics.
Check out the government’s directives on cybersecurity as it relates to energy infrastructure.
One can’t overstate how much of our personal lives we reveal to our smartphones and that includes criminals too. Watch this three-part series to learn more.
Introduction of our four-part series on Mobile Phone Privacy and Security.
Cell phone privacy is a real concern for both individual users and law enforcement. Literally, everything you do on your smartphone or any other device is vulnerable and completely defenseless against criminals and sometimes the government. Think about what you have on your phone and how it’s used on a daily basis. All of your personal contacts, photos, videos, text messages, emails, online bank or other accounts, GPS locations data, basically, your history of who, what, where, when and how about yourself all exist on your smartphone. We can’t overstate how much of our personal lives are revealed and how much our cell phones are vulnerable if disclosed to unauthorized parties.
Guess what? Criminals have cell phones too, and their information can lead to not only solving a crime but saving lives. Law enforcement agencies continue to call for access to encrypted communications and devices, while tech companies warn that doing this would weaken the protection and allow potential criminals to take advantage of that same access. Leading computer forensics expert Lee Neubecker, CEO & President of Enigma Forensics discusses the issues relating to cell phone privacy and the government’s desire to have a back door into your smartphone with the Data Diva, Debbie Reynolds of Debbie Reynolds Consulting.
Cell Phone Privacy: Part 1 of 4
The video discussion transcript follows.
Lee Neubecker: Hi, it’s Lee Neubecker again, and I have “the Data Diva”, Debbie Reynolds back on my show again.
Debbie Reynolds: Hi!
LN: Thanks for being on.
DR: Thank you, Lee, for having me. I’m happy to be here.
LN: So we’re going to try something new. Instead of doing a big long eight to ten-minute video clip, we’re going to do a multi-part series, and this one’s going to be on the topic of…
DR: Cell phone forensics and recent incidents in the news having to do with the government asking private companies to unlock or create back doors to cell phones.
LN: Yeah, so cell phone privacy is an issue that many people are concerned about There’s a legitimate national interest in being able to investigate when terrorists use cell phones to conduct attacks. But there are also some concerns that every business should be concerned about if there’s a single back door key because we know the government can’t keep their keys in place. At least that’s what happened to the FBI, the NSA, then other agencies that were breached following the OPM breach.
DR: That’s right.
LN: So in the first segment of our four-video series, were going to be talking about what was reported by the Inspector General’s report from the FBI involving the San Bernardino terrorists when they wanted to get into the cell phone.
DR: Right. And next, we are going to talk about the privacy issues related to the FBI or possibly companies creating back doors, the court issues, the key solutions, and also the imperatives of organizations or companies not wanting to create these types of vulnerabilities in their inventions.
LN: Then you’ll get to hear us banter a little bit about what we think should happen
DR: That’s right.
LN: And then finally, in our last segment, the Pensacola Navy Yard station shooting that happened just this week. The FBI again approached Apple wanting help to get into the phone because they haven’t been able to get into the phone, and they’re wanting to know who else was involved, who they were texting with and whatnot so that they can help prevent other such attacks. So, that will be the wrap-up, and we welcome your comments on the website, your likes, and feel free to check out our video and share it.
Understanding EMR Audit Trails is important to any company dealing with (PHI). They must have all the necessary security measures in place and follow them to ensure HIPAA Compliance.
Understanding EMR Audit Trails is essential to a patient’s medical history In medical malpractice litigation. The Health Insurance Portability and Accountability Act (HIPAA) requires that the Electronic Medical Records (EMR) maintain an audit trail including all of the metadata. This EMR audit trail is a piece of highly relevant evidence as to who accessed what in the record, what entries were made and/or changed, by whom and when. Computer Forensic experts are key to effective electronic discovery during medical malpractice litigation.
How do hospitals record, protect, and store data? HIPAA sets the guidelines for the most highly sought after information by the world’s best technology hackers. Medical records are worth 4 times more than credit card information. Managing Personal Healthcare Information (PHI) places Healthcare facilities at risk of cyber attack 24/7, 365 days a year.
Check out this video with Enigma Forensics, President & CEO, Lee Neubecker, and John Blair, a noted Healthcare Industry Cyber Security Expert where they discuss the importance of protecting Personally Identifiable Information (PII).
Understanding EMR Audit Trails video transcript follows:
This is the third of the last video in the three-part series on Health Care Industry Cyber Threats: Watch Part 1,Watch Part 2
Lee Neubecker: Hi, I have John Blair, a cyber security expert in the field of healthcare, and John is also involved with understanding patient medical, electronic medical record (EMR) audit trails, so I asked him to come on the show and talk a little bit about that with me. John, thanks for coming back on the show.
John Blair: Thanks, Lee. Glad to be back.
LN: So John, can you tell everyone a little bit about what HIPAA requires of healthcare organizations as it relates to tracking data of caregiving and the patients?
JB: Sure. Most of this is obviously directed at hospitals, but HIPAA also has things called business associates, and any interaction from any entity with, or any user with, PHI is going to be subject to these audit logging. Hospitals use systems called EMRs, so generally those, the audit trails are built into the EMRs by default, but obviously entities can turn those off if they so choose or configure them differently. HIPAA requires that you pretty much log any interaction, whether it’s read-only, view-only, edit, whatever that interaction might be. Identify the user, identify the time, what was done to the record, and that has to be maintained for several years. So it doesn’t matter what a user does with the record. Even if they just view it, that counts as a valid interaction and has to be logged and maintained.
LN: In fact, all of these hospital software systems out there have to be HIPAA compliant, or else the hospitals wouldn’t be able to use the software packages. Isn’t that true?
JB: Right, right. There’s a lot of federal regulations regarding that, that the standards that these systems have to meet in order to get refunds or rebates from the government.
LN: So Medicare funding, reimbursement, obviously is important.
JB: All of that stuff. And audit logs of user activity and interactions, or any interaction with PHI, is a critical component of that.
LN: You know, what I’ve seen is sometimes despite the software packages being EMR, audit trail compliant, that there’s the ability for the software that’s deployed to be altered so that the audit trails aren’t retained as long as required by law.
JB: Yeah, sometimes the storage of the audit logs, it can be overwhelming. So oftentimes they are archived offsite or inappropriate access is given to the audit log itself. And then it possibly can be changed, which ruins the integrity of the log, obviously, and that would be a very bad thing should something come up down the road and you needed that log.
LN: Yeah, and certainly, someone who has the master database administrator password to that back-end system, they could do whatever they wanted.
JB: Yup. But there’s supposed to be logs of that activity, as well, and reviews of those logs, but you’re absolutely right. If you’re an administrator, you can do a lot of damage.
LN: Yeah, I’ve assisted clients before involved in litigation, medical malpractice litigation, with just seeking the truth of what’s there in the records. Most of the time, they think many hospitals are compliant and do have those audit trail records.
LN: But, they don’t necessarily want to make that data readily available.
JB: No, they don’t. And it depends, it’s a case-by-case scenario, under the advice of counsel and things like that, but it’s very, very sensitive information, and obviously, it’s a public relations nightmare to have a breach of patient data, so they take those things very, very seriously.
LN: Absolutely. So can you tell everyone what PHI stands for?
JB: It’s Protected Health Information, as defined by HHS, there are 18 very specific fields that comprise PHI. PHI is a subset of PII, which is Personally Identifiable Information, but with respect to healthcare, it’s primarily PHI that we’re worried about and those 18 identifiable fields.
LN: Why would hackers want to target health care records?
JB: It’s far more valuable now than several years ago, it was credit card information, basically for year after year. Now, the credit card companies and technology with respect to how quickly a card can be replaced and deactivated. And so, just more money in it to steal medical information. And there’s more flexibility, as well. You can go get drugs, you can do a variety of things, whereas, with the credit card, it’s just money.
LN: If people wanted to launch a targeted scam on individuals, certainly having records that would enable them to filter patients that have Alzheimer’s, might give them an unfair advantage at duping people out of their savings.
JB: Absolutely. Because generally if you get someone’s entire record, you’re getting everything about them: their Soc number, their address, phone numbers, relatives, I mean, all this information is now at your disposal. And loans can be taken out in their names, it’s just a disaster waiting to happen.
LN: So Electronic Medical Records, known as EMR, represent an important target that hackers seek, because of the value of that information, and the uniqueness.
JB: Yup. The price of those records, per record, now varies, but I believe it’s in the $150, $200 range per record if it’s a breach now, and laptops can hold hundreds of thousands of records. So it can be very, very expensive.
LN: But it seems that this is a problem, too, that it isn’t just localized to any one area, it’s universal.
JB: Yeah, it’s across the board. Anyone dealing with PHI has this problem.
LN: How does the cost of a patient medical record compare to a credit card record, compare to the black market?
JB: Yeah, for the last several years, medical records have gained in value every year, while financial records, credit card information have devalued. And it’s to the point now where medical information’s worth four times as much as financial information. And that’s only increasing.
LN: So does that mean that people that work in the healthcare sector in IT and security are going to get paid four times as much as the people of the financial sector?
JB: I wish.
LN: Well, thanks again for being on the show, this was a lot of good stuff. I appreciate this.
JB: Thanks, Lee, appreciate it.
Other related stories about EMR Audit Trails
Other resources to learn more about EMR Audit Trails.
DHS has issued an advisory warning of potential cyber attacks by Iran against the U.S. Organizations should watch this short video detailing the top ways to protect yourself from Iranian Cyber Attacks.
D.H.S. Alert – Iran Cyber Threat Readiness
On January 4, 2020 Department of Homeland Security (DHS) has issued an advisory warning that Iran maintains a robust cyber program and can execute cyber attacks against the United States. Iran is capable, at a minimum, of carrying out cyber attacks with temporary disruptive effects against critical infrastructure in the United States. Previous homeland-based plots have included, among other things, scouting and planning against infrastructure targets and cyber enabled attacks against a range of U.S.- based targets. The Iranian Cyber Threat is real and warrants proactive measures to ensure cyber threat readiness and minimize the risk of a successful cyber attack.
Check out Enigma Forensics, Lee Neubecker, President & CEO, and John Blair, noted Healthcare Industry Cyber Security Expert to learn more about what can be done to deter such cyber-attacks and maximum readiness to an Iranian originated cyber attack.
Video Discussion on Iran Cyber Threat Readiness
This is the first video transcript of a three-part series.
Lee Neubecker (LN): So John, thank you for being on the show.
John Blair (JB): Thanks, Lee.
LN: John is a cybersecurity expert that focuses on the healthcare sector. Can you tell us a little bit about what organizations should be doing right now in response to concerns about potential Iranian cyber strikes on U.S. companies?
JB: Sure. I’m a pragmatist, so I think you should execute the basics first. Make sure your devices, it’s a border level of your network, and the devices are patched. You might want to start increasing your network monitoring for the next few weeks, to monitor the activity coming through, check your firewall rule sets, these types of things, just to make sure that you get a comfort level. I’m a firm believer in executing the basics solidly, and then monitoring. Because if you’re a target, and the people know what they’re doing, there’s not much you can do to prevent it anyway.
LN: So one of the things too, that I would add to that is, I think it’s important that people have a command of what’s on their network, which is basic inventory of your digital assets, so you know what your devices are.
JB: Yes, you do need to know your environment.
LN: Like you said, knowing what’s on your network, monitoring your log files and patching your devices, those three things go a very long way.
JB: A very long way. And they’re just good practice anyway. That’ll prevent most things from going bad.
LN: Great, well thanks for being on the show.
JB: Sure, thank you.
Articles & Resources Related to Cyber Threat Readiness
Resources on the Internet Related to Cyber Threat Readiness
Click here to view the DHS Iranian Cyber Threat Advisory.
Cyber Essentials: Building a Culture of Cyber Readiness– a guide for leaders of small businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices. Department of Homeland Security
“Cybersecurity for Small Business: The Fundamentals” – a set of training slides and speaker notes to help small business owners educate themselves and their employees about cybersecurity best practices and resources. National Institute of Standards and Technology
Cyber Readiness Program – The Cyber Readiness Program is designed to provide practical resources and tools to help organizations like yours take action to become cyber ready. Completing the Program will make your organization safer, more secure, and stronger in the face of cyber threats. (Note: account with login is required.) Cyber Readiness Institute
Smart TV’s may be recording you or your children without your knowledge.
Enigma Forensics, CEO & President, Lee Neubecker talks about the FBI’s warning about Smart TV’s and other smart home devises that are not secure. Lee adds to that warning that a hacker can actually see through to your living space by using the built in camera on your Smart TV. They can also listen to you and record your conversations, or exploit your TV to show content that is not suitable for your children to watch. In fact, most of our smart devises don’t have any security at all. Fortunately, there are a few things you can do to strengthen your security. Tune in to engimaforensics.com to learn more.
The transcript on FBI Warning on Smart TV’s follows:
Hi, so all of you should be aware that FBI has issued an advisory and warning to consumers purchasing Smart TV’s for your homes.
Specifically, you should be on the lookout for TV’s that have cameras. It could be recording you or your children without your knowledge. One popular measure they recommend is using black electrical tape to cover the top of the camera. If the camera’s physically covered you can’t record.
However, you have to be aware that many of these TV’s are also listening to you and maybe taking up voice commands, recording your conversations and possibly even retransmitting that information to other parties. It’s also possible that a hacker could get into a TV and exploit your TV display inappropriate content that your children might see.
So for more tips on how to secure your home, check out our website, we have a link that gives advice on this and as it relates to your TV, you want to make sure you know what you’re buying and it’s best to buy a TV that doesn’t have a known camera in it if you’re concerned about not being recorded.
Engima Forensics CEO & President Lee Neubecker and Tressler, LLP, Cyber Insurance Coverage Attorney Todd Rowe sit down for a video discussion. These experts stress the importance of understanding the full scope of your data risk in case of a cyber attack. Both agree cyber attacks are getting more and more sophisticated and urge every company no matter the size to take the necessary steps to protect themselves before a date breach occurs. Prepare your company by working with computer forensics experts and legal counsel and create a game plan to lessen the potential threat posed by a cyber attack. Tune in to find out more about cyber insurance and maximizing your potential for coverage when a cyber attack strikes.
The transcript on Cyber Insurance Coverage follows:
Lee Neubecker: Hello, today I have Todd Rowe on the show. Todd is a specialist in cyber insurance related litigation and data breach litigation Todd, thanks for being on the show.
Todd Rowe: No, thank you, this is great. I appreciate it.
Lee Neubecker: And so, Todd, can you tell us a little bit about how cyber has evolved over the last five years?
Todd Rowe: It’s wide open, I mean, we’ve seen everything. First, I think, when we look at the threats, and the evolution of a cyber threat or a privacy threat, we’ve seen things from the classic data breach, which would have been the target data breaches move into more of a social engineering component and tricking users that way, by emails and things like that. Getting around the technology safeguards a little bit and getting in there and tricking people is the biggest development I think we’ve seen in the evolution of threats.
Lee Neubecker: And, how has coverage evolved for cyber insurance over the last five years?
Todd Rowe: Yeah, I mean, we’ve seen huge leaps in insurance coverage and what the policies look like and what we would call cyber policies. We’ve seen the developments first in what would be considered first party insurance coverage, which would be actually responding to the damage that happens. And then, the third party liability piece, responding and giving a defense in the case of an incident. While we’ve seen a lot of developments, I think, with cyber insurance, we still don’t see the uniform policy language. So, there’s still a lot of uncertainty there, but we’ve seen some big developments recently.
Lee Neubecker: So, when a company suspects that they have a data breach incident, what’s your first role on the ground, talking with the client in terms of what you’re advising them?
Todd Rowe: Yeah, all things being equal, we would have loved to have been in there before there was an incident. Preparation is always the best scenario, and what preparation should look like is a corporation or a business working with forensics and legal and getting a game plan together, assessing what those threats might be, and what to do if there are those threats. But, afterward, hopefully you have the game plan. If you don’t, it’s pretty much all boots on ground, getting in there with forensics and legal, and understanding what the threat was, and making sure that the threat is extinguished, and moving on and notifying people that were involved in the threat.
Lee Neubecker: I know from experience that companies that take the time to proactively assemble their team before something happens, and bring in legal, forensics, and outside help, are often in a much better situation when something goes down. They face less downtime, their business can be back up and running. I think the biggest challenge I’ve seen is when companies have no idea what is legitimately their, what their devices are, because when you’re trying to assess are we still compromised, you need to know what good looks like. And if you haven’t mapped out your organization’s IT resources, that really creates a problem.
Todd Rowe: From our point, there’s always been, it’s been a tough sell to go in and try to get in before there’s an incident. A lot of corporations don’t want to think about something until it actually happens. But, the sort of, the wisdom in getting in there beforehand is getting that game plan together, figuring out what data you’re storing and what data you can get rid of. And so, the more data you can get rid of, the better you do on cutting down your liability in the end. Also, working on technology safeguards and having those in place. So, working with forensics, legal, and even PR a little bit really helps in the long run, no doubt about it.
Lee Neubecker: So, if you have cyber insurance, does that mean that you don’t have to worry about a cyber incident?
Todd Rowe: The thought right now, I think, and it has been for a number of years, is an incident’s going to happen, and it just, you need to go in and do things to prep. And while we were discussing earlier, the preparation that you need to do to get sort of an inventory, cyber insurance is another piece of that preparation that needs to be in place. Once again, working with professionals, insurance professionals, brokers, forensics, legal, on what that cyber product that best suits your needs, is the best situation to have that in place once something happens. It will happen, it’s just a matter of having all the right pieces in place when it does happen.
Lee Neubecker: So, if a company has, is storing biometric information, which could even include video cam footage of a certain resolution, what are some of the unique challenges that are raised by some of the laws here in Illinois and elsewhere?
Todd Rowe: Really, being in Illinois is, and I don’t want to use a cliche, but is on the cutting edge of biometric data. And we have BIPA, which is the Biometric Information Protection Act. And what that does is it protects a lot of things like face scans, and finger and thumbprint templates. And, I think one of the biggest issues we see is recently, now BIPA’s been around for 10 years or so, it’s been around for a long time. But we’re seeing a huge uptick in BIPA cases right now, because a number of businesses went in and put in timekeeping systems for their employees that work on thumb and finger scans rather than the old punch card systems. So, the law didn’t change, but the technology did, and so now, there was warnings that should have been put in place before you take that biometric data with those systems. So, they put the systems in, and they didn’t necessarily have the law in place. That’s a perfect scenario where we could’ve had forensics and legal all working together beforehand to avoid a lot of liability, so.
Lee Neubecker: So, what do you see happening in the future with the insurance coverage laws? Especially, you know, one of the concerns I have is, you know, there’s this act of war exclusion, and if you have cyber insurance and you’re hacked by someone outside of the country, what happens there, is that covered?
Todd Rowe: It depends, really, on the policy form. So, we’ve seen, once again, Illinois is on the cutting edge of that law as well. A lot of insurance policies, CGL, commercial liability policies, and even some cyber policies to some extent, have terrorism or war exclusions, excluding acts of war. And that was fine when we were looking at Pearl Harbor, perhaps, or something like a real act of war where a government might declare war on a country, and some damage that results of that would be an act of war. But, with privacy and hackers, and hackers sitting in nation states, but maybe not being an agent of that nation state. So, the case that we have right now that gives a good example of this is a Zurich case, insurance case with Mondelez, they’re a snack food maker. And, Zurich denied coverage, and it looks like the hacker may have come from perhaps China or North Korea. So, what do you do with that, as far as, if you’re going to exclude coverage for that, nobody’s declared war on any of those countries, so that’s going to be a struggle. And I think that demonstrates some of the strengths and weaknesses of cyber coverage right now, as it stands.
Lee Neubecker: And, what do you see happening, what’s the likelihood that the federal government stops in, steps up to the plate should a major data breach happen that could be considered an act of war?
Todd Rowe: Yeah, I mean, well first off, the government brings up another point, as far as right now as it stands, privacy and data laws, we just have a patchwork of things here in the U.S. Of course, there’s frameworks that have been adopted in, for example, the E.U. with GDPR, and we don’t really have that in the U.S. So, we first don’t really have a clear idea of who would do the response in the government. Would it be the Federal Trade Commission, or who would handle that type of situation? So, we have a lot of state laws, so we have a lot of problems like that. And, we have California, which is adopting some stronger guidelines as well. So, what would happen there as far, it’s going to be really left to ironing things out with the insurers and the insurance. Once again, what a great opportunity to sort of look at this issue before an incident happens. You really wouldn’t want to get into this complex of an issue when you’re trying to respond to an incident. So, another reason is, to go and prep a little bit, would be exactly what we’re discussing right now.
Lee Neubecker: Yeah, I know from experience that clients of ours that have had data breach incidents, if they’re working with someone that’s experienced litigation professional in the area of cyber and insurance, the likelihood that, you know, my firm’s fees get covered goes way up, and there are, there’s a potential for coverage of that forensic response. But ideally, you want to have your own team. You want to be picking your team. You don’t want the insurance companies assigning your people, if you can avoid it.
Todd Rowe: Yeah, a lot of insurers do have panels, and there are a lot of insurers that prefer that, because they don’t know where to go. So, that actually, if there’s an incident, that helps out. But, the best scenarios, and we’ve been involved in a lot of responses, and the best scenario is when we’ve had an opportunity to sit down, and maybe you and I talk, the forensic side of things and the legal side of things, and figuring out exactly how we can cooperate and what that response would look like. So, absolutely, if you can sit down and chat beforehand, you’re going to really save yourself a lot of stress and pressure.
Lee Neubecker: Well, thanks a bunch Todd, for being on the show. This has been great.
Todd Rowe: Absolutely, thank you so much, I appreciate it.
More articles that relate to data breach response and cyber insurance coverage follow:
Are you ready for a power outage? Check out this video for Cyber Readiness and Power Outages tips.
Enigma Forensics CEO & President, Lee Neubecker and Geary Sikich, President of Logical Management Systems, tackle the strategies you need to know to prepare for a cyber attack. Each describes in detail the importance of cyber readiness starting with power outages.
The transcript of the video follows:
Lee Neubecker: Hi, I’m here today with Geary Sikich. Geary is the President of Logical Management Systems. Thank you, Geary, for being on the show.
Geary Sikich: Thank you, Lee.
Lee Neubecker: So we’re here to talk a little bit about cyber attacks on the power grid, and what impacts that could have on businesses and individuals alike. All right, Gary, is the future of war likely to be cyber, in your opinion?
Geary Sikich: Well Lee, I think there’s three aspects of that that we need to look at. There’s what I’ll call a strategic aspect, which in effect, we’re already in a cyber war in many respects. Nation states are using cyber in a lot of different ways. Not necessarily as disruptive as it could be, but it’s got the potential to expand. There’s then another level down from there which I’ll call operational, which is targeting specific locales and areas. And then, what I’ll call a tactical level where you’re targeting individual facilities to include even neighborhoods at this stage. And one of the things I think you’re going to see in the future is that there’s going to be more of a reliance on these disruptions because of the great impact they have on businesses as well as the general population.
Lee Neubecker: Yeah so, one of the things that I had lectured on before was some research that came out of Princeton University on a topic called MadIoT, which relates to manipulation of end user demand by attacking insecure Internet of Things, IoT, devices in homes and whatnot. And essentially, what the researchers found was that by taking over enough routers in homes, you could compromise Wi-Fi devices attached to high-wattage appliances like Internet-enabled microwaves, toasters, heaters, things like that that would draw a lot of current, air conditioning systems and that by attacking adjacent neighborhoods, you could manipulate power demand in one neighborhood such that the power’s going off or down low, and then the adjacent neighborhood causing all these appliances to come on, which by only creating a small disturbance in balance of power, Kirchhoff’s law that dictates the flow of electricity could cause faults in lines as electricity moved from one neighborhood to another in spikes, and that that type of attack could effectively knock out parts of the grid. There are a lot of factors, obviously, that could knock out the grid, but what have you been advising your clients to do in advance of such an outage, to help them mitigate the risk and protect themselves?
Geary Sikich: One of the things we look at with that issue, and it’s a very big issue, and it ties into the areas I previously mentioned, the strategic, operational, and tactical, is to begin to look at how you can be resilient as an organization. So, I’ll give you an example. A colleague who was at a firm in Southern Illinois, they were about to move to a larger building. And one of the things he was charged with was developing the plans and then getting the move set up. They didn’t have a generator, and I highly recommended to him that they get a generator. They decided to do it, and to their benefit, once installed and once they got it in the building, they had a localized power outage which, for them, was a non-event so to speak because the generator immediately kicked on. They didn’t lose any power. As a commodities trading firm, they’re very dependent on the ability to communicate electronically for trade. So when we got to analyzing things, I asked, “What did you think?” and he said, “Well, it cost “probably a quarter of a million.” And then I asked the second question, which I think was more relevant and important as he understood it, “What was the cost in lost trades, if you’d have not “had the generator?” He said, “About $2 billion.” So the immediate impact on these things is that organizations really need to think about how can they secure a power supply for themselves so that they can effectively operate independently of the grid in times of a crisis?
Lee Neubecker: So an adversary of a financial services company could actually cause massive harm by targeting and causing a power disruption, knocking out the trading facilities–
GSL Yes. LN:Costing them billions of dollars.
Geary Sikich: Yes. And the interesting part about that is, that when you begin to look at it, it’s not just that immediate impact, it’s the cascading impact that goes throughout the entire system. So you knock out the trading aspect, you suddenly knock out the logistics of movement of products and services, and it cascades throughout the entire system if you will.
Lee Neubecker: So what do you see are the other downstream potential impacts to a prolonged outage?
Geary Sikich: Oh, prolonged outages are one of the concerns that a lot of organizations have. What do I do to keep my business in business if we’re faced with a long-term outage? Natural disasters have shown us that it can take up to and beyond a couple of years to recover. A lot of organizations literally could go out of business as a result of not being able to have the financial resources to weather a storm like that.
Lee Neubecker: Well, this has been great stuff. I really appreciate you coming on the show, Geary. Thanks a bunch.
Personal Cell Phone Forensics inlcudes social media, business and personal messages, photos, emails and GPS.
Leading computer forensics Expert Lee Neubecker, discusses the complexities of cell phone forensics with Debbie Reynolds from Debbie Reynolds Consulting. We both agree the litigation involving cell phones becomes personal and proves difficult to gain possession. Personal and business text messages, social media posts, photos, GPS records, emails, are all weaved together and become part of the discovery equation. eDiscovery in today’s era is incomplete without including data from smart phone including text messages, Skype, WhatsApp, Slack, Signal and other messaging platforms. Learn more about eDiscovery as it relates to personal cell phone messaging systems by watching Reynolds and Neubecker discuss the topic in today’s blog video interview.
The video interview transcript follows:
Lee Neubecker: Hi, I’m here today again with Debbie Reynolds, and we’re going to talk about something interesting, which every piece of litigation now is getting into. We’re talking about cell phone forensics. What’s been your experience with litigation involving cell phones and discovery?
Debbie Reynolds: Well, whenever they’re cell phones involved eye-rolling begins because people take their cell phones very personally. As opposed to someone’s laptop, which maybe they don’t want to give up, they will fight tooth and nail not to give up their cell phones. And obviously people, they mix work with pleasure and they’re doing different things. They may not want you to see, even if it’s nothing criminal going on, people just feel very tied to their cell phone. The hardest thing is actually getting possession of it and letting them know that you’re not going to look through their juicy texts or their photographs, especially if it’s not an issue in the case.
Lee Neubecker: I know that whenever you need to get into text messages, it becomes a sensitive topic for people. But there are effective ways to get effective discovery without totally trampling over someone’s privacy in many issues involving contract disputes or other civil litigation, what’s important is to identify the relevant custodians. Let’s say we have your cell phone in the conversation with mine, we can then take that, we can create a single PDF document showing each conversation thread and then you could quickly go through it, if it’s your phone in which your attorney identify relevant, not relevant, and then only take the ones that are between the relevant parties and load that up into the review platform.
Debbie Reynolds: Right. And to one thing, one very effective thing that people are doing now, and that’s something that you do, Lee, is where someone, they don’t want the other side to see their whole cell phone so they’ll have a forensic company collect the phone and say, only give them X. That’s actually a very secure way. It gives people peace of mind knowing that they’re not giving everything over, that the forensic folks can actually do some of this pre-work before people actually start looking at things.
Lee Neubecker: Yeah. And like what I’ve done is, they’re not going to pay me to spend time looking at their photos, nor do I want to look at that stuff.
Debbie Reynolds: No. No one cares. I think that’s what people don’t understand. We’ve been working on cases for over 20 years and I really don’t care what’s on the phone or what you said or what videos on there. It really makes a little difference to us.
Lee Neubecker: What I try to do is I try to quickly create almost a summary index of okay, these are the conversation threads. Tell me which phone numbers are relevant, aren’t relevant, who are the relevant parties, and then we can just pull those specific threads out, put them up into the review platform.
Debbie Reynolds: Exactly.
Lee Neubecker: Now, sometimes there’s issues where photos are relevant specifically, if it’s important that you know the whereabouts or someone on a given date and time. Photos often can establish whether or not someone was really at home sick or out on vacation somewhere. There’s embedded GPS data that is recorded into most photos that are taken with smartphones.
Debbie Reynolds: Unless someone decides to strip it out. I think if you don’t do anything to it, it will collect that data. But there are ways to strip that information out. And also, people can turn off GPS tracking on their phone.
Lee Neubecker: Yeah. Well, thanks for being on the show again today.
When employees leave a company, it is common that departing staff may take electronic files belonging to their former employer. Matthew Prewitt, a trade secret litigator shares his experiences pursuing and defending against such litigation. The role of computer forensics and the importance it plays in getting to the truth is discussed in this informative interview.
Leading computer forensics Expert Lee Neubecker discusses trade secret misappropriation by a departing employee and how that can lead to a competitor gaining an unfair competitive edge. The Chair of Schiff Hardin’s trade secret practice, Matthew Prewitt, emphasizes the importance of working with a computer forensics expert to preserve digital evidence and perform effective discovery that can later be used if litigation is necessary. Enigma Forensics staff are experts when investigating a departed employee using computer forensics.
The transcript of the video follows:
Lee Neubecker: Hi, I’m here today with Matt Prewitt. Matt is the chair of Schiff Hardin’s trade secret practice, and is an experienced litigator that focuses on the area of trade secret theft. Matt, thanks for being on the show.
Matthew Prewitt: Thanks for having me, Lee.
Lee Neubecker: We’ve had cases we worked on before involving departed employees. Could you tell everyone a little bit about your experience in this area, dealing with trade secret theft?
Matthew Prewitt: Sure, I mean as a trial lawyer, I’ve litigated both sides, sometimes, defending the departing employee, and/or that employee’s new employer, other times representing as the plaintiff, the company that the employee left.
Lee Neubecker: So, can you tell people generally what happens when you’re on the side of that had the employee that left? What happens at ground zero?
Matthew Prewitt: Well, ideally, the company would already have in place a structure of trade secret protection, and contractual, policy, and technology protections against unfair competition by the departing employee. So, that framework consists of, typically, a confidentiality agreement with the employee, perhaps a set of restrictive covenants, like a non-compete agreement, and then, hopefully, handbook policies that govern the conduct of the employee. Those will be coupled with restrictions, of course, that integrate with the company’s relationships, with its vendors and customers. Basically what the company ideally should be doing, is sitting down with outside counsel, in-house counsel, IT, and thinking about all the places where the company has sensitive, competitive information, trade secrets, or other confidential information, that are at risk when an employee turns out to be disloyal.
Lee Neubecker: So, when a client calls you, and they suspect that someone took stuff, what do you advise them to do, initially?
Matthew Prewitt: Well, I mean the first is to assess the situation and, that consists of identifying, with these days, almost everything is electronic of course, so, the first part of the assessment is to identify the types of electronic information that the departing employee would have access to. Either legitimately, during the course of that employee’s work, or, by exceeding the policy limits or protections that the company had in place. You’re doing, you’re identifying those areas for two reasons, one, preservation of evidence is very very important. And there’s no way to know what you need to preserve if you don’t know what the employee had access to, or potentially could’ve stolen. And then the other reason is to assess the competitive risk, and to begin to develop a plan for the investigation, and perhaps litigation response if it turns out to be warranted.
Lee Neubecker: And, so, typically, I know part of that initial response, when I’ve worked with you in the past, you want a forensic image made of the employee’s computer, before anyone mucks it up.
Matthew Prewitt: That is a, certainly an important starting point. With the changes in technology, for better or for worse, the places where the relevant data reside and the places that need to be preserved are, are multiplying instead of getting narrower, so, the hard drive of the laptop remains a very important source, because, forensically, it is often times the area that is most susceptible to forensic analysis and investigation. But there certainly are other places, as well. Cloud storage, the company’s computer network, personal email account of the employee, personal phone, company-issued phone, it goes on.
Lee Neubecker: I know when I first started in this area many years ago, the misappropriation was on a CD-ROM, and now, you’ve got smart phones, you’ve got USB drives, but the cloud is a whole other area of concern, because, companies can connect to Dropbox, Box.com, various other place, AWS, and move data to the cloud, so that, that becomes another point of concern in a need to be able to collect and preserve data from sources other than the computer.
Matthew Prewitt: You’re absolutely right, Lee.
Lee Neubecker: So can you tell us any war stories about what, what’s happened in the past when you’ve used forensics to pursue a case, and what kind of result you’ve been able to get for your clients?
Matthew Prewitt: Sure. I mean the forensic examination is really a critical part of a trade secrets case, especially if you’re on the plaintiff side, because, in, when you’re in court, trying to enforce restrictions against a departing employee, the, for better or for worse, the court is typically going to start that process with having, with some sympathy to the departing employee. I mean we are in America, and people are supposed to be rewarded for their ingenuity and hard work, and, employee mobility from one company to another is a basic value of our society. So, showing the court that the employee cannot be trusted to do the right thing, to be an honest and ethical employee at the new employer, at the new, at the competitor that she or he’s goin’ to, is really really important for building an effective non-compete case, or trade secrets theft case as a plaintiff.
Lee Neubecker: So for instance, if your client had a policy of no USB drives, and didn’t use USB drives, but yet, your forensic expert reported that a USB device was plugged into the computer the day before they filed their resignation, and that various files appear to have been copied to that drive, that would be something that would be compelling in support of an injunction, correct?
Matthew Prewitt: It’s certainly a brick in the building that you’re trying, or the story that you’re trying to build from court, absolutely.
Lee Neubecker: So there’s other pieces too, have you had situations where you’ve petitioned the court to allow discovery of that departed employee’s home computer, or the new workplace computer?
Matthew Prewitt: Yes, part of the forensic exercise is demonstrating the need for that discovery. And so, what you’ll want to start with as part of your initial investigation, is to have your forensic expert look for evidence that will show that the employee has used her home computer, has used external devices, has copied to the cloud, and once you can show the migration of data, under suspicious circumstances, off the realm of the company-owned hardware or accounts, then that’s the central starting point for demonstrating the court that you need a more invasive approach into the personal devices and accounts of the departing employee.
Lee Neubecker: Great so, let’s say that the plaintiff attorney has established convincingly with their forensic expert that data was misappropriated, and that the data clearly is confidential, and trade secret-type information. If you’re advising the new company that hired the sales person, and you saw the report and you believed the report to be credible, how might you try to help that new employer end the litigation and get things to a peaceful place?
Matthew Prewitt: Hopefully that they, the new employer has already laid the foundation for that scenario by instructing the employee before arriving, that they should not copy or take things with them, from their previous employment, should not load things onto the company network that are… belong to the previous employer, et cetera. And, to have done that in writing. If that’s happened, that puts the new employer in a potentially awkward spot, because you have an employee who not only has, has taken his former, his or her former employer’s stuff, but then has also disregarded the instructions of the new employer as well. That’s the situation where the new employer may be seriously considering terminating its relationship with the new employee.
Lee Neubecker: I’ve seen that happen, I’ve also seen situations where, the employee who departs agrees to have forensic inspections on his computer, and, signs an agreement that pretty much guarantees that if he’s caught doing something with this, that he’s going to have, face massive legal costs, and admit to wrongdoing.
Matthew Prewitt: That’s where that trust factor or credibility factor, that comes, that’s one example of where it becomes really critical. Not only is the court typically going to be inclined to the defendant departing employee’s situation, and want that employee to be able have gainful employment, many courts are also going to want to give that employee a second chance. And the second chance here is the chance to turn over the, turn over the information, and provide exactly the kind of affidavit or certification you’re referring to.
Lee Neubecker: Great well, I appreciate you being on the show and talking about this topic. It’s one that impacts most businesses, so, thanks again for being on the show.
Keys to Investigating Departed Employees using Computer Forensics
Forensically preserve the departed employee’s computer storage media before any examination of the contents occurs
Look for recently accessed files as reported by shortcuts and other system activity logs
Analyze recently deleted files to look for evidence of trade secret theft
Investigate recent connections of external storage to the computer
Build a timeline of events that led up to the departure to assist in an efficient investigation
Hire an experienced computer forensics expert – that’s us
An electronic medical record (EMR) audit trail is a log file required by HIPAA of all electronic medical record software systems. The EMR audit trail documents all points of access of a patient electronic medical record system including any actions to modify, view, print or amend the record by replacing or adding new data.
Electronic Medical Record (EMR) Audit Trails are key to effective electronic discovery during medical malpractice litigation. Renowned EMR Computer Forensics Expert, Lee Neubecker interviews Insurance Defense Attorney Bill McVisk who usually helps defend hospitals embroiled in medical malpractice litigation. McVisk discusses common areas of confusion during discovery of patient medical records. Neubecker relays some of his past experiences helping plaintiffs uncover important medical records that are often hidden from plaintiffs during discovery. Enigma Forensics has assisted counsel with conducting depositions relating to Electronic Health Records (EHR) and EMR. The two discuss how electronic medical record systems have often made the process of discovery more difficult and confusing to attorneys and litigants.
The transcript of the interview follows:
The transcript of the interview follows:
Lee Neubecker: Hi. I’m here today with Bill McVisk. He’s a patient medical records expert, a litigator. He works with hospitals that are dealing with EMR-related patient medical records and whatnot. I had him on my show today because I want to talk a little bit about electronic medical records. Bill, they said that electronic medical records were going to revolutionize everything and make everything so much better. What’s the reality of what’s happened since we’ve brought about medical records?
Bill McVisk: A lot of EMR has been great. I mean, there’s an ability of doctors to provide records to other people that they couldn’t have done before. There’s the ability, for instance, of a radiologist to look at a film that was taken, and he can be in San Diego, and the patient can be in New York, and it still works. The problems, though, there are some problems. I mean, the biggest problem I see is that anyone who’s ever gone to a doctor’s… the doctors are focused on their computers instead of focusing on the patient. What they’re doing is hitting all sorts of drop-down menus and stuff, and I think we’re losing something from the standpoint of presenting physicians and nurses in malpractice cases. It creates a situation where you don’t really get a sense of exactly what that nurse or doctor is thinking, and so the records just aren’t quite as helpful in medical malpractice cases as they used to be. On the upside, we can read them now, whereas in the past we had to worry about doctors’ handwriting.
Lee Neubecker: Yeah. I know from experience working as a EMR, a patient medical record expert, that discovery can often become challenging. When an attorney is preparing a witness for deposition related to patient medical records, what are some of the things that you look for and care about in that process?
Bill McVisk: Well, the first thing, quite frankly, is to make sure I have the entire record. I can’t tell you how often I’m getting records where I get part of the record, and for some reason, I don’t know if it’s stored on a different server or what, I’m not getting all of the record. I may get all the physician’s part of the record but not the nurse’s part of the record, and obviously, that’s essential. Other problems, like when I’m preparing a witness for a deposition, the big problem is that they’re not used to seeing these records printed out. I mean, in the past, they would look at the chart, it would be exactly the same as the chart they were looking at in the hospital. Now, they are looking at the chart on a computer screen when they’re in the hospital, but when you’re preparing them for a deposition, you’ve got a paper chart, and the paper chart prints out terribly. Every time there’s a slight change of any kind in the record from one minute to the next, the chart prints out the page again and again and again, so there’s all this stuff, and it’s just getting the nurses and the doctors to know where in the chart their entry is going to be makes it a little bit harder.
Lee Neubecker: Yeah. I have experience working with that, and I know that HIPAA requires that every instance of that medical record, pre-editing and post-editing, that that data be preserved and discoverable, but in reality, a lot of the software packages, they only have reports that run the last version, so to get into the true audit trail, you often have to get into the database backend to get access to that information.
Bill McVisk: Well, and I think audit trails are the other aspect of things that makes it a little bit harder in this situation. In the past, we basically, I could give the original medical record to the plaintiff’s attorney to inspect. If somebody had erased something or done something like that, it’d be pretty obvious. I would hopefully know about it before the plaintiff’s attorney would know about it. Then I’d deal with that. But, it may not be obvious now because people can go in, change records, and now, if an audit trail is suddenly showing me, “Oh, my god, somebody was in and did something “to the record,” and it’s two or three weeks after the treatment was over, or, say, two or three hours after a terrible incident occurred, that’s going to make it look concerning. So I think from our standpoint, it’s a matter of making sure healthcare providers are aware of how to do it in a way that isn’t going to look like you’re trying to fake or lie.
Lee Neubecker: And there’s a big difference between accessing a medical record, and editing it.
Bill McVisk: Right.
Lee Neubecker: That’s where sometimes attorneys on both sides become confused about the significance of what’s happening with the patient record.
Bill McVisk: Right. I mean, records get accessed all the time. Maybe it’s to prepare for a deposition. You have to access the record to look at it. Maybe it’s because there’s followup treatment and you need to access the record. That happens all the time, but sometimes, on these audit trails, it’s not always easy. Is this just an access, or is somebody going in and changing something?
Lee Neubecker: And there’s a whole other layer, too. I know from my experience working with many of the packages that the hospitals often use systems that have something known as sticky notes, where they can put comments about a patient. There’s a wide perception that those notes aren’t discoverable. Just because the software doesn’t have a report that will run it, doesn’t mean that if someone like me is coming in, and I get access to the backend database, those comments about the patient and whatnot become apparent. But unfortunately, it’s difficult to get at that data if you don’t know what you’re looking for.
Bill McVisk: And that creates a real problem if you’re defending the hospital, because if I don’t know about these sticky notes in the beginning, first of all, I’m not going to be thinking, “Oh, my goodness.” Then, if you come and discover them, it obviously is going to be, “Oh. I was trying to hide those notes,” or, “The hospital was trying to hide those notes,” which is always the worst thing you can do as a defendant in litigation. And they’re clearly, if there’s something about a patient in those notes, it’s almost never privileged, it is discoverable, and it should be provided immediately.
Lee Neubecker: Also, you know, there’s a tendency I see for the hospitals to try to cover things up. Do you think that there’s some value in bringing in, when you’re defending a hospital, your own forensic expert to dig around and find out what’s really happening?
Bill McVisk: See, I don’t think the hospitals are intentionally trying to cover stuff up. I really don’t think that’s, I’ve almost never seen that happen. There may be, you know, one or two, but in most of these cases, I think the hospitals are trying to find out what the truth is. That being said, the hospital may not be aware that some of these things, because the risk management for the hospital might not be fully aware of all of the situations that are involved in electronic medical records, and yes, at that point, it may be a good idea for me just to have somebody like you go through those records, let me know. Before I produce them to the plaintiff, I would like to know what’s out there.
Lee Neubecker: It would probably be a lot more useful for you to get just a listing of the changes on the record so you’re not looking at the whole document, but maybe here’s a first instance, and then change one, change two, change three, so you can see before text, after text.
Bill McVisk: Sure.
Lee Neubecker: That’s the type of thing that, unfortunately, there’s not canned reports that are in the software that do that. I think that could be by design of the software makers because they don’t want to make it worse for their clients, the hospitals, but it’s certainly possible that it’s just something that was never asked for.
Bill McVisk: That’s quite possible, and I don’t know any of these software makers, but to me, it would be really helpful to know what those are. Of course, that does make it more discoverable, easily discovered by the plaintiff’s attorneys, but on the other hand, I as a defense attorney need to know about it, and if there’s a change that’s improper, I need to know about it right away.
Lee Neubecker: Yeah. What kind of problems can occur when different providers have different EMR systems?
Bill McVisk: Well, that can create problems of a number of ways. Sometimes, the software of one hospital doesn’t communicate with the software of another. There have been situations, for instance, where a physician enters an order for something to happen, and then because of the software problems, it doesn’t get to the provider who’s supposed to do it, and they don’t know that they’re supposed to do it. That creates serious problems for patient care. And similarly, it’s like, if a hospital is discharging a patient to a nursing home, and they want the nursing home to have a certain specific type of care regimen afterward, that can create problems if they don’t communicate well.
Lee Neubecker: Well, thanks a bunch, Bill, for being on the show. I appreciate it.
Enigma Forensics’ CEO Interviews Cook County Illinois Clerk Karen Yarbrough on election security. The two discuss progress made in securing the vote against cyber attacks over the last several years.
Clerk Yarbrough has been working to streamline and improve the efficiency of the Clerk’s office while ensuring that the next 202o election is protected against rogue nation states that may want to compromise our next election cycle.
Transcript of the interview is as follows:
Lee Neubecker: I am here today with Karen Yarbrough she is our Recorder of Deeds and Clerk in Cook County here in Chicago.
Clerk Karen Yarbrough: Well not quite Recorder of Deeds anymore Lee, I am now the Cook County Clerk and will be taking over the Recorder of Deeds office in about a year. We actually went to the voters and the voters decided that they were going to do a consolidation of the two offices and so I will pick up the Recorders job in about a year.
Lee Neubecker: So you must have a lot of integration going on with technical resources.
Clerk Karen Yarbrough: You can imagine, and yes we do. I have a very capable staff and we’re trying to get our arms around you know in the clerk’s office there are a number of duties and responsibilities we have elections of course, we have vital records and then we also are involved with taxes, and so I’ve been in this job since December. And what I’m trying to do now is get ready for 2020 and the big election for sure. But also we are absorbing the duties of the recorder of deeds. Big undertaking.
Lee Neubecker: So with all the talk of election hacking and whatnot by different nation states and foreign entities. What kind of things are you involved with, with Cook County with helping to defend against the voting system being attacked the next election cycle?
Clerk Karen Yarbrough: Well for starters Lee, our approach is a multi-leveled risk management approach. We know that there’s no system is foolproof. I mean you know it’s not a perfect system. No system is. Knowing that, we tend to look at every aspect of our system. We have these guiding principles. Defend Detect and Recover. What that simply means is we have a plan we have a plan A plan B all the way to Z.
Lee Neubecker: So its more than just putting your head under the covers.
Clerk Karen Yarbrough: Oh, no, no, no. I noticed when we were in the Recorder Deeds office our systems were attacked on a daily basis. People scraping our sites and in all of these kinds of things. So I am aware of this business of you know people trying to steal data and and what-have-you. But the elections are absolutely positively important. People need to understand that their vote does count and it will count. All the noise we’re hearing from Washington DC really makes people nervous.
Lee Neubecker: What kind of hings have happened to help make sure that wasn’t going to happen. Let’s say if the computers all get zapped to make sure that votes that are casted get counted.
Clerk Karen Yarbrough: Well first of all I have a team of experts. On staff. We’re sharing a gentleman with the city of Chicago who is at the top of the food chain when it comes to people who know about this kind of thing. Having those people on board working with the city of Chicago, we also have a two-factor login authentication of course the firewalls VPN and dedicated private data networks. Then we’re going to be able to lock down our systems both on the hardware and software lock them down before and after elections. So those are the kinds of things that we’re doing. And I think we’re going to be ready coming 2020.
Lee Neubecker: I understand that you’re currently doing some projects to seek outside computer forensic experts. What is your office looking for assistance with right now?
Clerk Karen Yarbrough: I think we’re putting something right now, I might want to defer to John Mirkovic who’s with me here today, on how that’s going. John’s been with me since I was actually in Springfield as a legislator and he has been working on the Blockchain Initiative and certainly this, and so, if you would, could you defer to him, so he can talk about what we’re doing there because John keeps up with this more than I do.
Lee Neubecker: Sure absolutely. What, in the event that a data breach were to happen, what kind of things are in place to make sure that you can recover and get back?
Clerk Karen Yarbrough: Sure. Okay having those plans certainly are important. But you know the Cook County just spent 32 million dollars on new voting equipment. That voting equipment that we have it’s almost like going back to the future,you know all the talk about, you know,voting on the internet and all these kinds of things,up come at some time, at some point in the future. But today we need to know that those votes are safe. So with the system that we have now. I don’t know if you remember,but you would have a system where you have on the side this kind of ticker tape thing that would show you how you voted.
Lee Neubecker: Paper audit trail.
Clerk Karen Yarbrough: Okay yeah well nobody noticed it. I mean I shouldn’t say nobody. But many people didn’t notice that with the new equipment, and we piloted it actually in your suburb and a couple of others. So we ran it through, and people loved it. It was so simple. So you know, you vote, you can either vote, the same way you vote now. So you could use your stylus or what have you. You place your vote, but then it’s going to shoot your ballot out to you. You’ll be able to hold that in your hand. You’ll be able to see if everything you voted for is there. And then you, not somebody else, but you will be able to post and cast your ballot.
Lee Neubecker: So the key thing is, well while the votes are being stored electronically there’s also be printed, they’re also being verified in a print out, that people can see. And then they can take it over and feed it and then scan it so you have another level of detection done, you’ve got the paper vote locked up in a box.
Clerk Karen Yarbrough: Exactly. And let’s say you mentioned something about the whole system blowing up. Okay so if the whole system blows up we still have that paper ballot locked away so that if we have to go back and let’s say everything blew up and people are running all around, with what have you. We can go and retrieve those documents and by hand we can actually,you know, count those those votes, so people should feel confident.
Lee Neubecker: It’s a great Improvement.
Clerk Karen Yarbrough: It is.
Lee Neubecker: I was brought in to consider bidding on the suburban voter audit project for the forensic project. At the time, what I was concerned about, is there wasn’t a simultaneous printout. And at certain points in time, the votes only existed electronically in storage media. They would be transferred to a consolidator that would transmit it. There was a potential at the time, that someone could have a USB device preloaded with 118 votes but in a different distribution. They could swap that device out and put it in the consolidator. But that doesn’t doesn’t exist now with the new equipment.
Clerk Karen Yarbrough: Not at all. So we’re happy about that. Let me tell you, we’re happy about that. The voters who voted in the last election, both the voters and our folks who run the elections, the judges, and what have you, just absolutely love the new system. They liked the fact that they were going to have that ballot in their hand. We shared with them, what happens now? I said well your votes are going to be counted. I said well what if? That’s the same questions that you ask. Well what if? Well we’ve taken all those precautions. But, Lee, I know, like you know, while you have a better mousetrap today, you always have to stay on your P’s and Q’s. The young man I was talking about Raoul, is his name, we share with city Chicago, everyday he’s checking our system, right now, we’re just about we’re ready to go. I think if we had to have an election today, we could have that election and have the confidence that we need to know that we’re going to have a good election, it’s going to be safe, people are going to feel good about how they’re gonna be able to cast their ballot. I’m just excited about the whole thing.
Lee Neubecker: I appreciate everything you’re doing to help secure the vote in Cook County and all your effort to streamline the government. Clerk Karen Yarbrough: Well thank you so much for the invitation to come on. I’m just thrilled and I know that you’re a real geek and you know all of this stuff. But thank you so very much for having me on.
Lee Neubecker: Thank you Karen Yarbrough!
Watch the second part in this two part series on Cook County Election Security here.