Tag: Enigma Forenscis

Business Continuity and COVID-19

Cyber technology and preparedness experts Lee Neubecker and Geary Sikich talked about a business continuity plan way ahead of the COVID-19 virus hitting the US! What does the next couple of weeks look like? Tune in to find out.

Business continuity! It’s official, COVID-19 is upon us and the country is basically on lock down. Government restrictions are everywhere. Just about 15 days ago, Lee Neubecker and Logical Management Systems, President, Geary Sikich talked about what was going to happen when COVID-19 landed on our shores. It’s like they wrote the sequence of events!

Lee and Geary are trained experts in the field of cyber technology and preparedness. They foretold businesses will have employees work from home if they have a job that allows them to telecommute. They discussed different unique challenges businesses will experience when executives and employees take work computers home and remote in. Check out this video interview to learn a few interesting tips on business continuity.

Part 2 of the Coronavirus or COVID-19 & Business Continuity

COVID-19 and Business Continuity

Lee Neubecker (LN): Hi it’s Lee Neubecker, President of Enigma Forensics, and I’m back on the show here with Geary Sikich, President of Logical Management Systems. We’re continuing our discussion on business continuity planning as it relates to the Coronavirus, thanks again for coming back Geary.

Geary Sikich (GS): Thanks Lee for having me.

LN: So, can you tell everyone what other businesses are actually experiencing that are now at the stage where they’re dealing with government restrictions, either in China, or even in Seattle Washington, and what the reality of the challenges faced by businesses in communities where the corona outbreak is magnifying and spreading.

GS: Sure, the big one everybody is surely aware of was China and some of the things they did, in what people were calling “draconian measures”, which is essentially the quarantine that they set up. They literally lock down roughly about 56 million people and it got to the point where it was from the household where you were staying. They would allow one person to go out and buy whatever food you needed for the day. If that person didn’t have a mask on they were sent back, so no food, so that’d be a big impact. The employers for those employees who are now locked in on a quarantine basis set with empty factories and at about two weeks into that a lot of these employers were saying, “I can’t pay my people because my factory is not operating and I’m about to go out of business”. So, the impact is big in that regard. Just recently in France, the Louvre closed, and it’s closed now indefinitely as of this morning in response to a protect the potential of coronavirus expanding. Italy, there’s closing schools in Italy, they closed schools in China, also in South Korea. They’re doing similar things what we’re faced with here in the States is a very similar situation that is yet to unfold in its dramatic effect. But if we start to see the Coronavirus expand in the States, plan on seeing things like school closures plan on seeing things that are not going to be available on the shelf because the grocery stores are going to be emptied.

LN: That introduces a whole other element of risk, because for those parents of kids that have to be home many of those parents are only going to be able to work from home if they have a job that allows them to telecommute, and there’s, you were talking to me earlier about some of the unique challenges that have happened when executives take work computers home and they’re remoting in, and the one example I remember you saying was that with kids home alone and they have time on their hands, they’ve sometimes gotten into their parents’ computers and if those computers aren’t secure and they go to a game site, and they get hit by malware, the corporate network could be taken out.

GS: Yeah and it’s happened we’ve had it with the clients in different parts of the world where the company organization said it’s a great idea. We’ll set up a mini situation where you can work independently from home here’s a secure computer and over a course of time not much is happening and so, the secure computer becomes something of well we don’t let the kids play games on it and nothing’s going on so I’m not too worried, not realizing the potential exposure that they’ve put themselves in from a vulnerability standpoint. One of the key things, and I think this is a point that we need to emphasize, is that the criminal element people who want to do bad things has really taken advantage of the Coronavirus situation in a lot of different ways. By actually being able to interject malware in posing as a legitimate information site so here you want information on the Coronavirus, I’m here, and the next thing you know you’ve got malware downloaded into your system. So huge impact areas and in that regard.

LN: Yeah, I think that the whole notion of planning and thinking through how your business would respond if your employees weren’t able to come to the office is something that every organization should be doing now because it certainly is it’s not a question of if the virus will spread, it’s a question of you know how quickly and how large of an impact. We don’t fully know what is going to happen in every community with the weather, whether there will be better treatments available or not but we do know that it’s a risk and it makes sense to prepare for not having to have your workers come into your office, and how would you respond to that?

 GS: If you think about it in this context to leader there’s some real issues that you need to really begin to assess it all in a lot of detail. So, from a risk assessment standpoint, one obviously you want to look at how do I build contingency plans for us to work remotely whether it’s you working at your home or at a remote location that the company hires to have you know staffed. That’s great if you’re in the Information and Technology business or you’re in the financial sector you’re in a nonindustrial sector, how do you close down a steel mill and tell your employees we’ll go to this other place and work because there’s not the same facility. Here’s the real interesting thing that it but I think it’s a critical point and this is where we begin to start to realize risk management needs to begin to look at some things differently. One, you’ve got a facility it goes into lock down because of quarantine, no employees there. What’s your vulnerability for that facilities now sitting vacant. You have people maybe who want to break in? You still got your computers and other systems there that I would assume can still be hacked into in some way shape or form and you’ve got a lot of potential sensitive information.

LN: And physical security becomes important in that case definitely.

GS: But how you do that if you’re under quarantine and you can’t bring in physical security per se.

LN: There’s a whole issue if you have in our next segment, we’ll talk a little bit more about what businesses should be doing now to be cyber ready for having employees where they can work remotely. We’ll talk about some of the strategies that you can take now to help maximize your readiness for such a circumstance where you have to either reduce your workforce and create space, or have people work completely remote. So, thanks for being back on the show.

GS: Thank you Lee, I enjoyed it.

To View Part 1 of the Coronavirus

Coronavirus: The Global Impact

Other Related Articles

Cyber Readiness: Power Grid Outages
Keeping Yourself Safe
Keeping Offices Safe

Official Website of Homeland Security and their Business Continuity Plan

https://www.ready.gov/business-continuity-plan

Keeping Yourself Safe

Keeping yourself safe in these trying times is a tall order. Clerk Karen Yarbrough says to use your common sense and practice social distancing, wash your hands and don’t touch your face.

The Corona Virus COVID-19 is upon us! We knew it was coming and Cook County Clerk Karen Yarbrough says let’s practice common sense. The health and well-being is the utmost importance for Clerk Yarbrough. She recalls lessons from her mother, wash your hands, don’t shake hands instead fist or elbow bump, sneeze into your elbow and don’t touch your face. Clerk Yarbrough sits down with Enigma Forensics CEO & President Lee Neubecker to discuss the safety measures the County has installed to keep the polling places safe. Check out this video blog with transcripts.

Cook County Clerk Karen Yarbrough says the 2020 Election will be safe!

The Video Transcript Follows

Lee Neubecker: Hi. It’s Lee Neubecker. President of Enigma Forensics. We’re a Chicago-based computer forensics and cybersecurity consulting firm. And I have the pleasure, again, of having the Cook County Clerk Karen Yarbrough on our show, to provide some common sense advice on what you should do at home and in the workplace to keep yourself safe from this Corona Virus outbreak concern.

Clerk Karen Yarbrough: Thank you, Lee, for opportunity to be here. I think we need to get across to people if they use their basic common sense and remember what mom used to say, they would probably be just fine. Now, 80% of the people who would even contract this, they’re going to be fine. It’s the folks whose systems are compromised, are the ones that probably are going to have some trouble. But, listen. When you sneeze, don’t sneeze out like that. Do it in your arm. Do it in your arm. Okay? Don’t touch your face. Don’t touch your face. I do it all the time. But, don’t touch your face. Don’t shake hands. We’re doing the bump these days. And the hand-bump. Yeah, we’re doing all of that. You know, some of this is basic. Okay?

LN: It’s space.

CY: Yes.

LN: Normally, you give me a big hug when I come in.

CY: No hugs.

LN: We did the elbow bump.

CY: Yes, that’s right. No hugs right through here, okay? Sorry, I’m a hugger, but I’ve just kind of pushed away. And the other we thing we just implemented today in our office, we usually have our meetings and everybody comes to the meeting, and everybody’s in the room. Everything’s closed up. So today we decided that we weren’t going to do it that way. We’re going to do it remotely. So, wherever you are, you tune into the meeting, and we’re going to have the meeting. So they have a name for that. It’s called social something…

LN: Social distancing.

CY: Distancing! That’s it, That’s it! So, that’s what we’re doing. And, little by little, as people get used to things, we’ll be fine.

LN: I think it makes sense to try to do this stuff before you have no choice.

CY: Yes.

LN: You can work out the kinks.

CY: Yeah, yeah. So far, so good. In our office we’ve had our challenges with some folks who have called off, said they’re not going to vote. I mean, they’re not going to… They can’t participate, they won’t be judges and that kind of thing. But we’ve been able to backfield them in. So I feel real good about March 17th. I think too, everyone should prepare for the likely event that as this thing continues that schools could be closed. That hasn’t happened yet, and it’s been evaluated on a case-by-case basis, but that’s a logical decision but that’s a logical decision that might be necessary in the future. And, so thinking about that now and thinking about if that happens, can I still answer my call at work maybe on my smartphone?

LN: Yeah. I think we’re going to adapt. I think we’re going to adapt to using smartphones

CY: Thank you Lee!

Other related videos in Cook County Clerk Karen Yarbrough Series

Keeping Offices Safe
Voting Tips with Clerk Yarbrough
Access to Justice with Jacob Meister

View CDC on Coronavirus Symptoms

https://www.cdc.gov/coronavirus/2019-ncov/symptoms-testing/symptoms.html?CDC_AA_refVal=https%3A%2F%2Fwww.cdc.gov%2Fcoronavirus%2F2019-ncov%2Fabout%2Fsymptoms.html

View this website to learn more information on Coronavirus

https://www.hopkinsmedicine.org/health/conditions-and-diseases/coronavirus/coronavirus-social-distancing-and-self-quarantine

Coronavirus: The Global Impact

Coronavirus is here and leaving death and destruction in its path. Lee Neubecker and Geary Sikich uncover the Coronavirus and its global impact on businesses worldwide and what it means for us here at home in Chicago.

Coronavirus is here and globally impacting our world. Human beings are dying and the toll keeps rising more and more each day. That is the horrible truth of disease! Besides causing human pain and suffering the Coronavirus is also causing disruption and impacting many businesses that are dependant on each other. What does the impact look like? Forensic Expert Lee Neubecker and President of Logical Management Systems Geary Sikich dissect Coronavirus and the huge global rippling impact. For example; Chicago recently canceled the Housewares Show at McCormick Place which typically draws over 60,000 attendees. Everything associated with that conference will feel a significant downturn. ie. hotels, travel, transportation, local food, and beverage. As a result of this global business disruption, there will also be an increase of vulnerability and these experts anticipate an increase in cyber activity. Watch this video interview to learn more about other global industries impacted by the Coronavirus.

Part 1 of our 2-Part Series on Coronavirus

Coronavirus Series: Part 1 is about The Global Impact

Lee Neubecker: I’m here today with Geary Sikich. He’s the president of Logical Management Systems, a cyber and business continuity consulting expert. And I’m Lee Neubecker, the president of Enigma Forensics. We’re a computer forensics firm that provides investigative assistance with matters involving litigation or otherwise investigations. Today we’re going to be talking about the Coronavirus and the global impacts. Thanks, Geary, for being on the show.
Geary Sikich: Thanks, Lee, for having me back.

LN: So, Geary, can you tell everyone what’s happening right now globally, as it relates to the business environment in impacted nations?

GS: Well, the current state of affairs is that Asia is in a situation where Coronavirus continues to kind of expand. It’s expanding at a lesser pace in China, but it’s accelerated in places like South Korea and in Japan. And we’re starting to see it, obviously, move from those Asian countries into the Middle East. Iran has a huge issue with Coronavirus. Italy has another big amount of people that are confirmed cases versus cases under observation. So there’s a significant amount of human impact there. On the business side, this has disrupted a lot of businesses in just about every way you can imagine. So, the shipping industry? Tremendous disruption there. Airline industry? Tremendous disruption there. A lot of flight cancellations and other things. We’re seeing now sporting events, conferences, conventions, all kinds of things that are essentially money-makers in the normal sense, but also dependent on a tremendous chain of support to bring off. Suddenly a conference is canceled, and now you have hotels affected, you have transportation systems affected, you have all the food services affected. This kind of rippling through a lot of areas is causing a very very big concern with, not only businesses but governments. How do you control it and what do you do in this situation?

LN: So, here in Chicago, we have the Chicago Housewares Show canceled. Recently many vendors were coming from other nations where there’s a travel ban. And that impact certainly impacts the workers that are at the hotels, The audio workers.

LN: And whatnot, their hours get cut.

GS: Yeah, the interesting part about that is that when you begin to look They had on the news the other day, They had on the news the other day, was talking about the cancellation of this convention. 60,000 people come. And obviously there’s a lot of work that’s done: Setting up booths, displays, and all the other things that go along with it. Suddenly, he’s out of work for a period of time until the next convention comes in or maybe doesn’t come in. But that ripples through to hotels, food services, restaurants, your taxi cabs, your Ubers, your Lyft, your everything associated with coming to a place for a conference or a convention. So a huge impact. But then you also have So huge impact.

LN: But then you also have and these deliveries are now delayed because of the dockworkers that load up the equipment

GS: Systems.

LN: And these deliveries are now delayed where they have restrictions in place.

GS: And an interesting sidelight to that is that you look at the shipping industry and the amount of material that’s shipped by the containers those ships carry are what they call 20,000 TEU which is a 22-foot equivalent unit. Or 20-foot equivalent unit. Anyway, it’s a size that they have. If you look at that aspect, one of the things that some companies are starting to encounter, and I think you’re going to see more and more of this, is that because of delays in shipping, suddenly the container supply is not as available because your container, Lee, that you shipped, full of your product is sitting out in the ocean waiting to dock at my port, but it can’t come in because it’s quarantined? And now that container is going to sit. But John’s company needs a container to ship his product. Can’t get it because your container’s the one he would’ve normally gotten. So huge impacts in terms of ripple effects in a lot of it. So the average time that the container holds goods, in terms of the number of days is increased markedly. And the existence of the containers largely

LN: So the average time that the container holds goods, so there’s a shortage. Right. And if you think about this in another context, the number of things in the containers, it’s not just computer chips,

GS: Right. Roughly, and I heard a figure that was kind of astounding to me, but about 80% of all the containers are full of perishable foods.

LN: Oh yeah, certainly.

GS: You’ve got your bananas, and oranges and things that we don’t necessarily get in Chicago in the wintertime ’cause we don’t grow them.

LN: Oh yeah, certainly.

GS: You’ve got your bananas because it’s no longer fresh. I’ve got to decontaminate the container. because we don’t grow them, in terms of how these all are impacted. Which gets us into looking at, from a computer security standpoint. These are tracked. Barcoding systems and whatnot. How easy is it for that to get disrupted because somebody decides it’s an opportunity to hack into a network?

LN: Certainly, when systems are constrained and overworked, it’s the likelihood of a failure or an attack compromising the system goes up. So it creates a real opportunity for a hacker to strike and have a magnified impact, So here in Chicago, we have a lot of companies that are impacted by this. We’ve got Boeing, We’ve got United Airlines. Boeing. Major facilities for companies that, while headquartered elsewhere, operate big hubs out of Chicago. Especially in the airline industry.

GS: United Airlines. still, kind of the shipping center for a lot of the country. And if you look at the Chicago area, if you will, you’ve got then industries in Northwest Indiana, you’ve got industries south of Chicago.

LN: Rail.

GS: A huge amount of rail traffic that goes through. The expressway between Indiana and Chicago, 80, 94, is one of the heaviest traveled expressways in the world. You’ve got a number of other businesses that suddenly have the exposure that they hadn’t realized. A huge amount of rail traffic that goes through. What would happen if you took the casinos in the Chicago area and closed them down for two weeks? It’s not just casino workers. It’s not just the amount of money the casino’s going to lose by not being in operation. It’s the day worker. It’s what we call the gig economy. Those people who live paycheck to paycheck that are dependent. So suddenly, they’re without. How are we going to deal with making sure that there’s a, if you will, an equilibrium or a safety net for those entities? One of the things we’re faced with, starting to see now, the City of Chicago’s just announced they’re just putting together a pandemic taskforce. They’ve had a few months watching it unfold in China. much like the rest of the United States, and, if you will, the rest of the world in some respects. Why has it taken this amount of time, and what do we need to be aware of from a private-sector standpoint as to what the public sector is going to do? So from a planning standpoint, this is critical. If you’re a business and you’re putting together a plan, and your plan suddenly conflicts with the City’s plan or the State’s plan, what happens then? How do you deal with that?

LN: Those are all great points. In our next segment, we’ll be continuing our discussion, and we’ll be talking a little bit more about what it’s been like for businesses that are going through some of these extreme measures that are being put in place to help protect and contain the virus from spreading. Thanks for being on the show.

GS: Thanks, Lee.

Other related articles

Data Breach Response Experts
Energy Industry Incident Response

City of Chicago’s response

https://www.chicago.gov/city/en/depts/cdph/provdrs/health_protection_and_response/news/2020/march/public-health-officials-announce-new-presumptive-positive-case-o.html

For information about how you can prepare from the Center Disease Control.

https://www.cdc.gov/coronavirus/2019-ncov/community/index.html

Data Breach Response After the Fact

Your email has been frozen and your company website is down. Your IT department has confirmed a data breach. What do you do next? Incident Expert Lee Neubecker and legal expert Kari Rollins offer easy instructions about your next important steps.

It’s a fact! Your IT team confirmed a Data Breach or incident has occurred. What do you do after the fact? Forensic Expert Lee Neubecker and Legal Expert Kari Rollins say don’t panic! First, convene with your incident response team, start to investigate under privilege, and contact a 3rd Party forensic expert to help preserve vital information. Watch the rest of this video for further recommendations about data breach response after the fact!

View Part 3 of our 3-Part Series on Data Breach

Part 3 of our 3-Part Series on Data Breach

The Video Transcripts of Part 3 of our 3-Part Series on Data Breach follows

Lee Neubecker: Hi I’m back again with Kari Rollins, and she’s here talking with me today about data breach incident response. The Sedona Conference recommends, how an organization should respond to such incidents. And we’re talking in this third part segment about what to do after an incident has been reported. So Kari, please tell me what the initial issues are that come to mind when you get that phone call from a client that says something happened.

Kari Rollins: Sure, so usually, as we were talking about in a prior segment, you may not know whether you’ve had a breach as defined by law. You are just told by your information’s security team, or an employee or a manager that you’ve had, there’s been an attack. Or there’s been, “I can’t get access to my email,” Or, “My account’s frozen.” So you immediately start to investigate. You want your.. according to your incident response plan which we’ll hopefully have in place, you’ll convene your incident response team; you’ll start to investigate under privilege. You’ll call if you need your outside forensic investigator to help you access it. Help you access what’s happened, right? That the facts in an incident are really, really important because they drive the legal conclusions. Have you had a breach, or have you had an incident that has resulted in the acquisition with just the access to personally protected information? Or are you.. did you have an incident where maybe the systems that house the personal information were accessed, but there’s no evidence that the malware ever made it into the room where the family jewels are hidden and they were taken out. And that’s an important part of understanding whether you actually have a legal obligation to notify regulatory authorities or consumers. So the first step is always convening the team, putting it under privilege, calling your experts, and starting to investigate the important facts. Was this an outside threat, was it an insider threat? I know you’ve had experience a lot with investigating internal threats, which are on the rise these days as I would expect.

LN: And a lot of these incidents, it may be reported as a data breach, and the question is well, how did it happen? And sometimes, it’s not too uncommon that IT staff don’t receive the resources they request, and that data incidents happen as a result of being under-resourced. And in circumstances like that, there’s still a lot of pressure on the people managing IT, to not only run the organization ongoing but to deal with this whole new layer of troubles. So having that team in place beforehand where those relationships are there really helps.

KR: Yes

LN: And the other thing too is, you know, if there is a failure internally, it’s more difficult and less likely that you’re going to get the facts quickly if you’re using the team responsible in some way for the breach to report on what happened. I always recommend that after that initial meeting that preservation of key data occurs, and is offloaded outside the organization. You know, log files, certain key computers, email systems to the extent that they were modified so that there’s the ability to do that analysis. Because when an organization has an incident, it’s quite possible that all the data disappears, and the effort to cover the tracks.

KR: Or it’s not even, it may not be as nefarious as that. It could be that the teams are working so quickly a lot of the remediation plans are to thwart the malware and to remove it. But, in a lot of instances, you need to safely remove it and keep a copy of it, because you need to reverse engineer it. And understand how it got there, understand other signatures it might have; so being thoughtful, and we talk about this being thoughtful about evidence preservation is really critical, especially if you get to the point at which you do have a breach that requires notification. And litigation regulatory inquiry ensues, you will have been expected to preserve that evidence and show the chain of custody. Otherwise, you could have allegations of spoliation leveled against your company.

LN: And I’ve seen circumstances too where a legitimate data incident happens and we’re able to get it quickly and identify the impacted individuals. And sometimes it’s just been a few people; in a circumstance like that, it’s much easier to reach out to those individuals, make things right, and resolve the issue. And be able to report to them what happened. It’s much better than having to publish on your website and report to the attorney general that you had some massive data breach. So, not all data incidences are massive data breaches.

KR: That’s true, some of ’em impact you know, one or two individuals, and you may still have an obligation to notify them under the relevant law. But they don’t have to be the big massive breaches. And again, I think the great thing about the Sedona Conference Guide is that it’s, you know, it helps companies navigate small to big breaches. You know, it’s not intended to be the ultimate authority on the law in this area, because the law is ever-changing. But what it does is it helps companies issue spot from a practical perspective so that they know what laws they need to consult, and why and what issues they need to address, like for example, notifying your insurance carrier. One of the big questions we always get is, Well, we’re the victims, here; the company X is a victim of this cyber attack. Who’s going to pay for it?

LN: Yes.

KR: And so, insurance coverage for cyber incidents has is a really hot button issue these days. And so it’s important for companies to know in advance what their policies say, what the notification requirements are. Even if they just have a sniff of an incident – maybe it’s not a breach. So that the third party and first-party costs are covered, and that you’re working with your insurance carrier, and you’re working with your insurance council to ensure that coverage. And to make sure that you’re getting the right information to your insurance carrier about your forensic teams. Are they approved? What rate are they going to be reimbursed? What type of reporting do you have to do from a cost an expense perspective to your insurance carrier? So.

LN: And, it true that if companies use their own internal IT resources to do the investigation, that the insurance carriers usually won’t pay out their own internal resources?

KR: It really depends. It depends on the policy.

KR: It really depends on the policy. There are, in some instances, some policies would cover the first party staffing costs, so for example, if you had to pay staff overtime to work 24 hours a day to try and investigate, you may be able to claim that. But it really depends on your policy. There’s certain.. there’s certainly reimbursement line items for business disruption and business interruption. Or, you know the loss of business, loss profits line items, as a result of ransomware tax. But again, knowing your policy is a critical step in preparing.

LN: Where do you see the benefits of using an outside forensic investigator as opposed to internal IT to investigate when an incident happens?

KR: You know I think it’s two-fold, one, a lot of internal IT teams are taxed as it is with their day to day obligations. And if an incident is one that is medium-high critical, you want to be able to dedicate the resources to the incident to investigate swiftly, and to ensure that there’s no delay. And so pulling in a third-party forensic expert alleviates some of that burden and stress on the IT teams. And then separately and secondly, it also creates a level of objectivity that is.. that benefits the company in the event. Or in the unfortunate event, someone in the IT group may have made a mistake that caused the vulnerability. There’s less likely that that mistake would be covered up. Or there’s going to be more candor from the third party expert, the to management team say like, “Hey, this issue should have been addressed”. And it wasn’t, and now you know what thwarts may be in the event. You have some litigation down the road and you need to defend. But so I would say really sort of time and devotion of resources where needed, and objectivity.

LN: Great, well thanks a bunch for being on this show; this was great.

KR: Absolutely, thank you.

Part 1 of our 3-Part Series on Data Breach

Data Breach Response Experts
Part 1 of our 3-Part Series

Part 2 0f our 3-Part Series on Data Breach

Prepare for a Data Breach
Part 2 of our 3-Part Series
Data Breach Response
Data Breach Incident
Data Breach Response Experts
Data Breach Incident Response

To Learn More About Sheppard Mullin / Kari Rollins

https://www.sheppardmullin.com/krollins

Prepare for a Data Breach

Don’t fail to prepare for a data breach! Check out what experts Lee Neubecker and Kari Rollins say are the three strategies to prepare for a data breach.

In the famous words of Benjamin Franklin “By failing to prepare, you are preparing to fail.” Forensic Expert Lee Neubecker and Kari Rollins with Sheppard Mullin agree with our Founding Father and warn that a data breach is inevitable, don’t fail to be prepared!

In her practice, Kari focuses on data privacy, data security and data breach preparedness. Together, they discuss two basic strategies to help you prepare for a data breach; understanding what data you have, where that data resides. Check out our video with transcripts to learn more on how to prepare for a data breach.

Part 2 of our 3-Part Series on Data Breach

The Video Transcripts of How to Prepare for a Data Breach Follows

Lee Neubecker: Hi, I’m back on the show again with Kari Rollins. Thanks for coming back again.

Kari Rollins: Thank you.

LN: We’re continuing our discussion about the Sedona Conference Data Incident Response Guide and some of the best practices of how to prepare for the inevitable data breach and what you should be doing beforehand. So Kari, can you tell me what some of the things are that you advise your clients to do in anticipation of a potential issue?

KR: Sure, and I think planning, in our view, is just as important as the actual response itself and how you investigate. And in the Sedona Response Guide, we’ve pulled together some suggestions for sort of two elements of planning. One is the more technical, understanding what data you have, where that data resides, what your network systems are so that when you do have an incident, and you have to understand what information may have been impacted, to understand whether you have a legal obligation to notify, you have a better understanding and a better map of what those systems are and the information they hold. And a lot of times, using not just counsel and conducting that analysis, but using third party forensic firms to come in and help with that data mapping process is a really important step in getting prepared to understand where are all of the jewels of the company lying within the systems to know what the type of critical impact could be if one of those systems is hit.

LN: And some of the problems I’ve seen is, oftentimes the documents that are distributed and given to legally become outdated, so this is something really that organizations should be periodically updating their network data map and actually using either consultants or tools to help them map out what devices exist on their network.

KR: Right, exactly. And to that point, too, understanding what contracts with those vendors control here. Especially in the event, you have an incident that impacts the system that is managed by a vendor, do you know what information is being controlled by that vendor, and how you all are going to liaise when that incident occurs, who’s going to take control, what the contractual obligations are? Because vendor management is a hot-button issue these days. The FCC itself just came down with a number of guidelines and best practices for vendor management, so being prepared in that sense, knowing where your data is, who your vendors are, who controls it is really important.

LN: Exactly, and I can’t stress enough, it’s important, too, that companies have offline backups of their data because if you have a storage mass go down suddenly, if your company doesn’t have offline documents that describe what the drive geometry for that raid array is, the ability to recover the data becomes compromised and if a hacker gets in and takes out a storage network and the documentation for how to rebuild that storage network is on that drive, that could cause a real problem.

KR: Absolutely.

LN: Do you see that this guide is applicable to companies that are concerned about cryptolocker type malware as well?

KR: Sure, I think this Incident Response Guide can help guide companies through any type of incident, whether it’s a ransomware attack, where their information is being withheld from them, whether for ransom or for other purposes, it could just be useful in investigating the so often seen phishing attacks that seek to attack the email accounts of employees and then further perpetrate other credential harvesting schemes. So it’s useful in the sense that it helps companies prepare for any of those types of attacks. And it does so by helping them with the data mapping, giving them some guidelines on that front. And then also helping them to craft an incident response plan, which I think it’s just as you were talking about, being prepared here with an incident response plan is also the other critical component of preparation and it’s not a one-size-fits-all for the companies. You can’t just, there aren’t these stock-standard off-the-shelf policies that you can then apply because each company has different data systems, and different requirements, and different teams. But this guide provides you with resources and guideposts for how you build that plan that makes sense in the context of your company.

LN: Exactly, and depending on where the company operates, if they operate in Illinois, they might be subject to BIPA, the Illinois Biometric Information Protection Act, which has a whole host of unique requirements. So in our next segment, we’ll be talking more about what should be done after a data incident arises. Just because it’s an incident, does not mean it’s a data breach, but there are certain things you want to do, like have your team in place beforehand. But before we leave, what are your recommendations and what does Sedona say about forming a team to be able to respond in advance of an incident?

KR: I think that is probably one of the most critical elements of an incident response plan is really just knowing who your team is going to be. Who are the individuals that you are going to call when an incident occurs and building that team, it’s important to have the right buy-in? Legal, of course, is extremely important because you want to be able to conduct the investigation under privilege, and in a fashion that gets the facts to your legal counsel in a timely and expedient manner so that you can understand the point at which you have information that suggests you’ve had a breach as defined by law. Because the point at which you learn you’ve had a breach is defined by law as to when your clock starts ticking for notification and that’s in some jurisdictions, that’s a really tight turnaround. So in the incident response plan, in the Sedona Conference Instant Response Guide, we talk about having that team. Having the information security teams, knowing who your third-party experts are going to be if you need third party support to come in and investigate, knowing who your crisis management team from a PR perspective would be. So having all of those individuals listed, with the contact information in the back of your plan so you know who to call, sort of the Ghostbusters, but the privacy busters of an incident, who are you going to call when you get an incident. So I think that’s most important because having the right people mobilized is going to save you time in the end.

LN: It’s important, too, that especially with your forensic experts, you want to make sure you’re working with experienced people that understand the sensitivity around email because as you investigate incidents, your initial impression of what happened or what is going on might change as you learn new information, so it’s important not to begin with the word data breach when you don’t know if it’s a true data breach. Because sometimes, an organization has a security incident but there’s no proof that any data actually exfiltrated or that it was used in any way, so that’s part of at least during that response that we’ll talk about next, those are part of the issues that need to be investigated, but being sensitive to that and making sure that privilege is in place and communications is definitely important.

KR: Yeah, exactly.

LN: Well, thanks and tune in to our next segment where we talk about what to do after the inevitable data breach.

KR: Right.

View Part 1 of our 3-Part Series on Data Breach

Data Breach Response Experts

Related Articles on How to Prepare for a Data Breach

Forensic Data Collection
FDA Cybersecurity Regulations: Medical Devices
Forensic Data Collection

Prepare for a Data Breach, Secure Your Supply Chain

Keys to a Secure Supply Chain

Learn More About How to Prepare for a Data Breach. Check out Kari Rollins

https://www.sheppardmullin.com/krollins

More About Sedona Conference Data Breach Guide

https://thesedonaconference.org/search/node/data%20breach%20guide

Jacob Meister’s First 90 Days

Most voters think the Clerk of the Circuit Court of Cook County’s office is ground zero of what’s wrong ethically in Cook County government. Candidate Jacob Meister vows to clean up the office and deliver much needed ethical reform.

Enigma Forensics President & CEO Lee Neubecker interviews Jacob Meister, who is running for the office of Cook County Clerk of the Circuit Court. Lee is interested to learn more about what Jacob Meister plans to do in his first 90 days in office.

View Part 2 of our 4-Part Series on Jacob Meister, Candidate for Cook County Clerk of the Circuit Court

Part 2 of our 4-Part Series on Cook County Clerk of Circuit Court Candidate Jacob Meister

The Video Transcript follows

Lee Neubecker: Hi, I have Jacob Meister, who’s running for Cook County Clerk of the Court. He’s back on my show today. Jacob, thanks for coming back on.

Jacob Meister: Thank you for having me.

LN: So, as a candidate for Cook County Clerk of the Court, which is one of the largest court systems in the U.S., what do you see as your top priority in your first 90 days in terms of fixing a big problem that needs to be addressed?

JM: Well, the Clerk of the Circuit Court of Cook County’s office is ground zero of what’s wrong ethically in Cook County government, you know? The voters in recent years have elected a new Cook County Assessor, Fritz Kaegi, a new mayor, Lori Lightfoot, and have made clear that they demand ethical reform, in government, and the Clerk of the Circuit Court is ground zero of what needs to be fixed. This is an office that for decades and decades has been plagued with political patronage, political workers getting jobs at the public expense in order to do political work. We have to stop that, and in my first months in office, I want to make sure that we are cleaning up the office to make sure that we are delivering taxpayers value for their money and that employees are dedicated first, foremost and exclusively to serving the public interest in the clerk’s office. We cannot get over the operational problems that this office has until we first clean up the ethical issues. So, I want to make sure that the patronage in the office comes to an end. That we comply, there’s currently a federal decree, it’s called the Shakman Decree, that the office is under that requires patronage to hiring, to not be done by patronage. I want to make sure that people are promoted from within, not given these political jobs where employees are beholden to the party machine.

LN: Great, well, thanks for being on the show, Jacob.

JM: Thank you, Lee.

View Part 1 of our 4-Part Series on Jacob Meister

What does the Cook County Clerk of the Circuit Court do?
Part 1 of our 4-Part Series on Cook County Clerk of the Circuit Court Candidate Jacob Meister

Other Related Articles

Cook County Security
Cook County Clerk on Election Security

How ZyLAB Can Help Your Company

ZyLAB is a global company that can help an organization who has to deal with various regulatory authorities spanning the globe. They are dual-headquartered in both Washington, D.C. as well as Amsterdam in the Netherlands. If your dealing with GDPR in the EU or CCPA in the US ZyLAB is equipped to provide service. In this video blog Lee Neubecker and ZyLAB’s Jeffrey Wolff discuss what differentiates them from their competitors.

Cyber Forensic Expert Lee Neubecker and ZyLAB’s eDiscovery Director Jeffrey Wolff discusses how ZyLAB Artificial Intelligence (AI) solutions can help your company. ZyLAB is an eDiscovery provider that works with government entities, corporations and law firms to provide data solutions. ZyLAB assists in extracting value from data, and not just metadata, but also document review that is about looking for entity information. ZyLAB is able to search for key people, places, and organizations that are mentioned in documents and/or emails, and quickly drill down to what is going on in your organization.

Watch this important final part of our 3-Part Series on Artificial Intelligence Solutions and eDiscovery. You will learn about what ZyLAB offers that will help your company with document review and ultimately save time and money.

Part 3 of our 3-Part Series Artificial Intelligence (AI) solutions and eDiscovery

The Video Transcript Follows.

Lee Neubecker (LN): Hi, I have Jeff Wolff, back on the show from ZyLAB. Jeff, thanks for coming back on.

Jeff Wolff (JW): Thank you.

LN: He’s their Director of eDiscovery, and I wanted to ask him some questions as it related to what differentiates ZyLAB from other products out on the market. Some of my clients may want to use this type of artificial intelligence program to help get through their review and see what the results are of using AI versus the traditional e-discovery review process, so.

JW: Sure.

LN: Jeff, could you tell us what sets ZyLAB apart from other competitors in the marketplace.

JW: Sure, sure, so first, I think ZyLAB is uniquely positioned in the fact we understand the corporate space quite well, as well as the law firm space, but we got our start in the corporate world, or in information governance. So we are very vested in search and data science, and that’s really where we’ve put a lot of our focus. We have both on-premise solutions, as well as cloud-based, SaaS solutions like every other next-gen provider. But we really push our interface, our user interface and our user experience, as one of the most unique selling points. And that is, that it is not difficult to start using. Anyone, any legal professional can pick up our product in an hour, from start to finish, and understand really how you utilize it. Drag and drop interfaces for getting data into the system, and immediate color-coding and tagging, easy search, and the ability to really visualize your data and understand what’s in the dataset.

LN: Okay. So, what would you say for a company that has to deal with multiple jurisdictions, they’re in Europe, they’re in the US.

JW: Sure.

LN: There are some unique challenges posed by all the various regulations out there, like GDPR.

JW: Right.

LN: Maybe the have operations in China. How could you help a company that has to deal with various regulatory authorities spanning the globe?

JW: Sure, and that’s another advantage that ZyLAB has, actually, we’re actually a global company, so we’re dual-headquartered in Washington, D.C., here in the US, as well as Amsterdam in the Netherlands, in the EU. And as a result, we have cloud operations in both jurisdictions. So our global customers can actually keep US data in the US, and they can keep European Union in the EU, and not worry about that issue. But we also have the expertise, consulting expertise, in both environments, both geographic locations. For example, I’m doing a lot of work now with corporations, not so much focused on directly just on e-discovery, because e-discovery is a bit reactive, you know? Or corporations go through peaks and valleys with e-discovery, the litigation, something they have it, sometimes they don’t. What they constantly have though, are internal investigations, regulatory responses, in the highly regulated corporations. And more and more now, data privacy concerns. So, my European colleagues have been dealing with GDPR for a while, we’re now starting to feel it here in the US, with CCPA, the California Consumer Privacy Act. And there are a number of states on the horizon that are going to California’s examples, so corporations need to be able to find, and classify all the data that they have in their organization that has customer information because if those customers request it and they can’t provide it, they’re financially in a lot of trouble.

LN: Do you think that the regulations coming down on companies are going to fundamentally change how companies chose to communicate with their vendors, suppliers, and own employees?

JW: Absolutely. If you look at all the recent data breach situations, it’s typically not the organization that has the problem, and I won’t mention any of the large companies that have recently had data breaches, but it’s typically not the original company that had the issue, it’s one of their suppliers, or one of their vendors that had accesses to the database, and wasn’t protecting it properly, and that’s how the trouble began.

LN: Yeah.

JW: Same thing with data privacy.

LN: The supply chain certainly is a huge point of vulnerability for all types of organizations. The governments, the military.

JW: Yep.

LN: and even corporations.

JW: Yes.

LN: So what do you see happening over the next few years with the adoption of AI platforms?

JW: I think the e-discovery market is going to fundamentally change. There’s still always going to be a need for discovery within corporations and law firms, but what you do you with the data is going to become much more important, so it’s going to be about how you can extract value from the data, not just metadata, which we’ve always been able to do for years now, but now more about looking for entity information. People, place, organizations that are mentioned in documents and emails, and collaborative environments, and being able to visualize those, and quickly drill down to what was going on in your organization. You know, if you got people that are going to the dentist three times a week, they’re not doing to the dentist, they’re doing something else, They’re just writing about going to the dentist.

LN: Yeah.

JW: Software like ours that can identify those references in documents are going to be crucial to the success of organizations.

LN: That’s great. So it seems that there’s continued e-discovery service provider consolidation out there.

JW: Mhmm.

LN: The companies that are using tools that are more of a channel partner tool to resell.

JW: Yes.

LN: But as those companies consolidate, do you think that there’s going to be a movement away from those providers where, the company, the firms, directly do their own e-discovery?

JW: Oh, yes. Yeah, very much so. We’ve been seeing that over the last few years. A lot of companies, even small companies that tend to have, in the past, just used outside vendors for e-discovery, are now deciding that they prefer to control, not just the cost, but also their data. They don’t want their data outside of the organization for reasons we’ve already talked about. So they’re purchasing in-house tools that they can use themselves, and then they can invite outside counsel in to make use of, that way they control their costs, they control the efficiency, and they control the data.

LN: Well, this has been great. Thanks a bunch for being on the show.

JW: Thank you again.

LN: Take care.

JW: Bye-bye.

Part 1 of our 3-Part Series on Artificial Intelligence

AI Smarter Solutions: eDiscovery

Part 2 of our 3-Part Series on Artificial Intelligence

Optimize eDiscovery With AI

View Other Related Articles

Keys to a Secure Supply Chain
Forensic Data Collection
Re-inventing Legal Technology: Artificial Intelligence (AI)
Artificial Technology

View ZyLAB website

https://www.zylab.com/en/company

Learn More About GDPR and the European Union

https://gdpr-info.eu/

Learn More About CCPA the California Consumer Privacy Act

https://oag.ca.gov/privacy/ccpa

Preventative Measures: Medical Devices

What is a FIPS 140-2 and how does it play a role in medical devices? Are medical devices manufactured with security in mind? Experts Lee Neubecker and Keith Handler discuss medical device security.

What measures are in place to help protect medical devices from cyber compromise? President & CEO of Enigma Forensics, Lee Neubecker gained insight into the latest and greatest preventative measures being developed for medical devices. Lee sat down with the top engineer for Sterling Medical Devices, Keith Handler and explored technical measures applied to the manufacturing process of medical devices. Check out this video to learn all about the tech measures. You will be so much smarter if you do!

Part 3 of our 3-Part Series on Medical Devices

Part 3 of our 3-Part Series on Medical Devices

The video transcript of Preventative Measures: Medical Devices follows.

Lee Neubecker: Hi, I’m back on the show again with Keith Handler from Sterling Medical Devices. Keith, thanks for coming back.

Keith Handler: Hi Lee, thanks for having me.

LN: So in our 3rd segment on medical device security, we’re going to talk a little bit more about some of the hardware elements, how the software gets loaded onto medical devices and what things are in place to help protect medical devices from cyber compromises. So first, Keith, can we start off with telling everyone what FIPS 140-2 is and how that plays a role?

KH: Yeah, absolutely. FIPS is the Federal Information Processing Standard, 140-2 is the specific certification for encryption libraries. That certification means that those encryption libraries are proven to be usable and certified to be usable for federal systems and medical systems.

LN: Most hospitals require FIPS 140-2 for immediate devices if you’re transferring PHI, Patient Health Information. If you’re transferring that information to external storage, they want to make sure you’re using secure storage that meets federal information processing standards.

KH: Correct.

LN: So when you’re evaluating a device for security, what are some of the things that you do to help ensure that the firmware that’s stored on the chips is secure and safe?

KH: Well, an embedded device it’s a challenge, of course, you have limited space, limited capabilities typically, especially on lower power devices. If you’ve got the space and the ability, we can use hardware encryption chips, hard-circuits, those are usually the most reliable and the most performant. If not, there’s plenty of embedded libraries out there that are FIPS 140-2 certified. The main thing being that we never roll our own as far as encryption libs go, we use federally certified ones to ensure that we’re up to the current standards and encryption strength.

LN: Those standards change over time.

KH: Correct, yes.

LN: At one point and time, SHA-1 encryption used to be considered perfectly fine, but now with quantum computing, there’s been a rush to ditch SHA-1 and require SHA-2 as encryption library to help secure things.

KH: Yes, this brings up an important point actually. How do we keep things secure moving forward when new vulnerabilities are found, new attacks are found, libraries are cracked.

LN: Yeah so, what do hospitals and other healthcare providers need to be doing to ensure their devices stay secure once deployed?

KH: Well, hospital healthcare providers need to be making sure that they are up-to-date with the manufacture of all of their devices, that they are keeping apprised of any kind of recalls or anything like that. Manufacturers, the people that we typically deal with, product developers, their responsibility is to maintain a bill-of-materials, a cyber bill-of-materials; their libraries, their encryption circuits, make sure that they’re tracking the versions and things like that so that when a company has a vulnerability exposed, they can become aware and make updates and push them, software especially, as fast as possible.

LN: All right, so if an organization or a healthcare entity were to become compromised, have you been involved with supporting the client that underwent a cyber compromise?

KH: I have not, we’re usually in the earlier stages of developing the products prior to that occurring, and our products hopefully never get compromised.

LN: So I’d imagine though that if there’s a concern about the security of certain medical devices, that there’s a need to actually dump the firmware. Firmware is software stored on an embedded chip. But the firmware will persist after power-down, reboot to whatnot, but there is an ability to go and extract the firmware of the chip with the correct tools, such as a Bus Pirate, or other devices. And then what would you do to examine, if you had access to the firmware on a chip, how would you go about ensuring that that’s authentic?

KH: Well the first thing is if we’re going to push out firmware, things like that, you need to make sure that the device can know that it’s authentic. And we do things again, like digital signing, signature verification encrypting of that firmware package. That way we have a verification process in place to ensure that what we’ve got coming down is good.

LN: So that’s known as a hash.

KH: That’s part of it yes.

LN: So the hash value is the unique encrypted thumbprint generated by a hash algorithm and those hash values can be used to compare against the manufactures release version and what’s on the chip to determine, are they running the most recent up-to-date firmware, or are they running a older version or are the running something that’s rogue that is not known by the manufacturer.

KH: And that’s the real key, to make sure that what we’re running is what we expect it to be and not something that has been tampered with.

LN: How often are hospitals and IT staff actually auditing and checking their firmware?

KH: You know I’m not clear on that, but I would say almost certainly not enough.

LN: Yeah, so that’s one of the things that I know you’ve said earlier, that it’s important that all these entities using the devices, once they’re certified and deployed, there’s still a responsibility on the healthcare delivery organizations to make sure that they’re patching and updating those devices so that they keep the standards.

KH: Ideally. Nowadays, a lot more devices are connected, communicating out with central servers, and that gives them the advantage of being able to receive security updates, so it takes that middleman out, essentially, but that also opens up additional potential security holes that have to be considered and protected against.

LN: Yeah, and anything that comes to mind that you’re concerned about in regard to new threat factors?

KH: Well, you know, again, if I’m distributing firmware by handing it to you on a USB stick, you can be pretty certain that what I’m giving you is likely to be good. If I’m telling you download it from this site, you don’t know. For all you know, it could get tampered with in transit. So it raises a lot of additional risks.

LN: Do you think that there’s something to be said for going back to the old updates on CD, read-only media?

KH: Well, you know, information is what it is, and things mover faster nowadays, so I don’t know that it makes sense to move backward, it just means that we have to have more modern methods of protection.

LN: But thanks a bunch for being on this show. This is great stuff.

KH: You’re very welcome, and thanks for having me.

LN: It’s my pleasure.

View Part 1 of our 3-Part Series on Medical Devices

Medical Device Security Challenges

Part 2 of our 3-Part Series on Medical Devices

FDA Cybersecurity Regulations: Medical Devices

Other Related Articles

Computer Forensics in Medical Malpractice
Data Breach Response Experts
Forensic Imaging

Overview of the FDA’s Medical Device Regulations

https://www.fda.gov/medical-devices/device-advice-comprehensive-regulatory-assistance/overview-device-regulation

Sterling Medical Devices website

https://sterlingmedicaldevices.com/

What does the Cook County Clerk of the Circuit Court do?

Meet Jacob Meister candidate for Cook County Clerk of the Circuit Court that oversees the second-largest court system in the United States. Jacob vows to improve and better manage over 400 judges in 14 different court locations all around Cook County.

The Cook County Clerk of the Circuit Court is one of those offices that is not well known but is extremely important in the operation of one of the nation’s largest court systems. The Cook County Circuit Court is the second-largest court system in the United States. The Clerk of the Circuit Court is responsible for overseeing all the court records for many courts including small claims, chancery, civil, law, probate, child support enforcement, traffic, and criminal courts. There are over 400 judges in 14 different court locations all around Cook County.

In this video, Lee Neubecker interviews Jacob Meister, a candidate for the Cook County Clerk of the Circuit Court. Jacob Meister has been a practicing attorney in Chicago for 29 years. In his law practice, he has been a near-daily user of the Cook County Court system and he has experienced firsthand the tragically antiquated and inefficient operation of the Clerk of the Circuit Court’s office. Jacob Meister shares how he intends to reform the antiquated system, create a better judicial management workflow with transparency, efficiency and while running the office in an ethical manner.

Part 1 of our 4-Part Series on Meet Jacob Meister Candidate for the Cook County Clerk of the Circuit Court

The Video Transcript for What Does the Cook County Clerk of the Circuit Court Do?

Lee Neubecker: Today I have on my show, Jacob Meister. Jacob’s running for Cook County Clerk of the Court. And he’s come on today to tell us all a little bit about what the Clerk of the Court does and what their role is. Thank you for being on the show.

Jacob Meister: Well, thank you for having me on, Lee. The Clerk of the Circuit Court is one of those offices that are not really well known but is extremely important in the operation of our courts. The Cook County Clerk oversees the second-largest court system in the United States. We have over 400 judges in 14 different court locations all around Cook County. And the Clerk of the Court is the chief operating officer effectively of the courts, overseeing everything from all the court records to staffing the courtrooms, the Court Clerk’s who take your oath when you go testify and then all of the intake and the counters. And they also oversee things like child support, about a half a billion dollars a year in fines, fees, and forfeitures. They handle all the accounting so that when a fine is paid, it goes to the right municipality or to the state or to whoever is entitled to that money for the fines. So it’s very important. The Clerk’s office is currently occupied, as you may know by Dorothy Brown. She’s retiring after 20 years. And we really need to rethink how the Clerk’s office works. I personally am the only one in the race who has actually practiced for 29 years in the Circuit Court of Cook County and made a career of it. And it’s an office that’s broken. It’s broken ethically and operationally. We still, unfortunately, as judges and lawyers hand write out orders in triplicate using carbon paper. And for a court system that has a million and a half cases pending, that means millions and millions and millions of pieces of paper just in court orders. We can do better. We have to do better. The private industry long ago automated, implemented technology. We need to do the same thing in courts. And let me just give you a couple of examples of the real-life consequences of what happens because of our broken technology. We have about 600 prisoners right now in the Cook County or in the state of Illinois prison system who have appealed their convictions and their convictions for more than a year, cannot move forward because the Clerk’s office has lost the paperwork. And this has been pretty widely reported on. But the other things are that you know, people end up getting evicted, they have child custody issues, they sit in the Cook County jail because our current system can’t get paperwork where it needs to be. It doesn’t have good auditing standards, accounting standards. We need to do better because it affects substantial justice.

LN: So will you put computers into the courtroom with printers so that the documents are being captured instantly, electronically?

JM: Well, it’s actually beyond that. So you’ve got two kinds of systems. You’ve got one system which is, a filing system. And right now, we are in the process of moving over so that when people file paperwork, it gets filed electronically. But the second system, which is yet to come is a case management system. So once those documents have been filed, we need a way to index everything. The current Clerk’s office runs on a DOS-based system that was implemented in the 1990s and it’s just an index system. But court systems all around the country have very robust case management systems that outline exactly what’s going on in the case. And instead of having written orders, you do digital orders so that, so that those digital orders, are called minute orders, are captured right in the courtroom, real-time, by the Court Clerks, noting such things as the next court date or what happened in the court, in the court hearing. There’s still going to be a percentage of things that need to be done on paper and then uploaded as PDFs but we can probably capture about 80% of our orders fully digitized so that there is no paper but goes in digitally. And that is a great first step and it helps eliminate errors. It makes sure that there’s a clear record that’s available, it needs to be available. Web-based from outside the court system too so the lawyers and judges-

LN: So you mean you had to come down on a cold Chicago day

JM: Correct.

LN: to stand in line. To pay your money, to make your photocopy and then schlep back.

JM: Correct. I mean, right now, they’ve got electronic filing so we file, we’re required to file digitally but if you want to get a copy of what’s been filed digitally in a case, you actually have to travel to a court location, print it out hard copy, pay for the hard copy and then, of course, I go back and scan it back into the system. It’s not available web-based. It’s not web-based for download, just like the rest of the world works and that’s a problem.

LN: There are systems out there though, commercial systems out there that are designed to snap in and take care of that, correct?

JM: Correct, there are case management systems that are in use. Cook County has a tremendously complex court system with lots of divisions and different sections all over the county so we need to be very highly customized. Cook County has committed to about 36 million dollars towards a new case management system. Problem is, they want to use an off the shelf software. They tried rolling them out in the criminal division back in November. It is fraught with problems. There hasn’t been proper training for the users. Actually, the judges and lawyers and others, including the Sheriff’s Department, the State’s attorney, all of the stakeholders in the system haven’t been consulted with bringing that onboard and so as a result, we’ve got a system that is at risk of just being shelved and not used any longer because it’s just fraught with problems and errors and lack of user training. We need to do a better job. We need to train people. We need to consult with all the end-users to make sure that our case management system meets the workflow of the courts, not the other way around and our current Clerk has tried to implement it in a way to say, “Here’s a system we’re going to use. Figure out how to organize your court system around our computer system.” That’s the tail wagging on the dog.

LN: So as a reformer, you really plan to make changes to speed up and get rid of the backlog of cases that currently jam up the court.

JM: Yeah, well, right now, we’ve got a huge backlog as I mentioned in the Appellate Court. You’ve got a huge backlog because the Circuit Court’s not transmitting proper records up to the Appellate Court so you got a huge backlog in the Appellate Court and you end up having a much slower process at the Circuit Court level because it’s all based on our old paper system movement of files from courts to warehouses, back to the courts, back and forth. Things are lost.

LN: That creates lots of jobs, right?

JM: Well, that is really, you know, we’ve got a very unfortunate patronage problem in the Clerk’s office. Clerk’s office has about 1500 employees and there’s a tremendous amount of political patronage that’s controlled by the party machine. The old way of doing business. We can’t afford to do that anymore. We got to deliver good value to the taxpayers, particularly as we move to electronic systems. It’s no longer a system that can operate with paper where somebody’s job is to stamp paper and then move the pile over to somebody else to stamp something else. It’s now a much more technical job so we need to make sure we’re doing a better, making sure we’re doing a better job of training Clerk staff so that they can digitally record minute orders as I talked about. Make sure that our court records are being kept but that is going to require a lot of training. I have had discussions with the city colleges of Chicago and some of our community colleges to having a new program, a certificate in paralegals, a paralegal certificate for Cook County Courtroom management.

LN: Take the staff and put them through there to actually take the people that are there and make them more efficient by investing in their training.

JM: Correct, correct. So they’d have paralegal certificates in Cook County Courtroom management and that would make sure our systems are very uniform and automated so that everybody who interfaces with the court can rest assured that our court system’s going to operate transparently and efficiently. And so we need to do that, our employees deserve it and I think the public deserves the transparency that that would bring.

LN: Well, thanks for being on the show, Jacob. This has been really great.

JM: Well, thank you for having me. Happy to come back on again.

Other Related Articles on Cook County

Cook County Clerk on Election Security
Cook County Security

More About Cook County Clerk of the Circuit Court

http://www.cookcountyclerkofcourt.org/NewWebsite/Home.aspx

What Constitutes Biometric Data?

Facebook’s record-breaking $5 billion settlement, proves the FTC takes consumer privacy very seriously. Will Facebook’s settlement spark other class-action lawsuits based on claims of privacy abuse relating to the Biometric Information Privacy Act (BIPA)? Forensic Expert Lee Neubecker and attorney David Rownd from Vedder Price discuss the ramifications of this settlement and dissect what really constitutes biometric data?

Part 2 of our 3 Part Series on BIPA

The Video Transcript Follows.

Lee Neubecker (LN): I am back again with David Rownd, and David’s going to talk a little bit more about BIPA. We’re talking about in the news recently, Facebook just reached a very large settlement related to claims of abuse relating to BIPA. What does this mean with such a large settlement? Is this inviting all the plaintiff attorneys to file more and more class-action lawsuits?

David Rownd (DR): Well, this has been a very active area of the law, and yes, the answer is yes. There’s a lot of class actions going on in this area, and it’s largely as a result of the low threshold to become a plaintiff in that you don’t have to establish specific damages, and the mere fact that the law has been violated can make you an aggrieved party who has the standing to file a lawsuit.

LN: Just so we can be clear, can you give some examples of what constitutes BIPA biometric data and what isn’t?

DR: Well, fingerprints are biometric data, a retina scanner, the veins in your hands can be evaluated as biometric data, and other things as well.

LN: What about the way you walk or the way you talk?

DR: Their voice recognition has been considered to be biometric data. Handwriting is not biometric data.

LN: So, devices like Siri and Alexa, is there a potential they’re going to fall into that?

DR: I think that that is certainly a possibility.

LN: So are we going to have to sign a contract before we use Alexa or Siri to protect, for them to be protected?

DR: I wouldn’t propose to advise Siri and Alexa as to how to conduct their business.

LN: Very good answer.

DR: I think that there is a possibility, certainly.

LN: So what do you think the future holds for BIPA-related lawsuits?

DR: Well, this is certainly an opening for plaintiffs lawyers to go after, and you see this in a variety of different areas where the law creates a low threshold to get in the courthouse door and potentially high exposure for defendants. You have plaintiffs lawyers who are attracted to that and they go after it, and that’s currently what’s happening now with BIPA in Illinois and why there are so many lawsuits filed.

LN: And I think it relates to, the fees are based on each instance of biometric data, so potentially you have multiple videos, multiple pictures, this data is stored, and if you can be aggrieved without the data even getting hacked, it’s a very large potential, which is probably why Facebook settled because what it could be much greater. And they probably weighed their risk and decided it made sense to settle.

DR: I think that’s probably right.

LN: Well, thanks again for being on the show, I really appreciate it.

DR: All right, thanks for having me.

View Part 1 of our 3-Part Series on Biometric Data

BIPA: How it May Affect You
Part 1 of our 3-Part Series on Biometric Information

Other Related Articles on Biometric Data

Cyber Insurance Coverage
FBI Warning: Smart TV’s may be spying on you.
eDiscovery
Artificial Technology

FTC’s Press Release on Facebook’s settlement on Biometric Data

https://www.ftc.gov/news-events/press-releases/2019/07/ftc-imposes-5-billion-penalty-sweeping-new-privacy-restrictions

If you live in Illinois and use Facebook read this story from WGN, about Biometric Data.

https://wgntv.com/2020/01/30/facebook-may-pay-550-million-to-illinois-users-to-settle-lawsuit/