A new app from Microsoft, Outlook for iOS and a Preview version for Android, shows that Microsoft is committed to designing for other platforms. Some reviews have been positive, like this one from The Verge, while others have said that this app is still a little rough around the edges, like this article from Infoworld. I tend to agree with The Verge, but there is a larger security concern for companies using the ActiveSync protocol (this includes Exchange, IBM Notes Traveler). Read more…
Legal Tech Blog
The Law Technology News just published the top six data breach predictions for 2015 as outlined in Experian Data Breach Resolution’s 2015 Second Annual Data Breach Industry Forecast. That article can be read in full here. I am focusing on the prediction regarding employee mistakes, as this seems to be one of the hardest areas for companies to rectify. As the article points out, both in its title and when discussing employee mistakes, businesses will continue to ignore the employee side in favor of protecting against cyberattacks. There are various reason for this, from the cost of security in general, to the sticky issue of balancing user efficiency and security, to cyberattacks being very much in the news currently. Read more…
The FBI has concluded that the North Korean government was behind the Sony data breach that exposed embarrassing emails that have harmed the reputations of the company and its executives, forced the cancellation of the release of the “The Interview” amid terrorist threats, and put thousands of employees’ private information at risk. This latest breach should cause IT professionals and business owners to review their privacy and security protocols and address weaknesses, and it should serve as a reminder that, while there will always be significant risk, there are some steps we can all take to be more secure online. Read more…
Magistrate Judge Joe Brown’s ruling in Bridgestone marks another win for predictive coding as a way to efficiently review large data sets, but in my opinion, the most interesting part is the Court’s emphasis on “openness and transparency.” The Court has ordered “full” cooperation, including disclosure of “seed” documents―the responsive and non-responsive documents used to teach analytics software how to code the remaining documents. You can read the full Bridgestone order here.
The Administrative Office of the U.S. Courts reports that citizens in several federal court districts have been targeted by a new scam, in which the victim is asked to disclose Social Security number, driver’s license number, date of birth, cell phone number or other sensitive information. The fraudulent request claims to be affiliated with the online registration program, eJuror, which is used in 80 U.S. court districts. A link to the U.S. Courts’ warning and tools to locate local district contact information for anyone who suspects they’ve been targeted by the scam can be found here: http://www.uscourts.gov/FederalCourts/JuryService/JurorScams.aspx.
A Resolution under consideration by the American Bar Association “urges all private and public sector organizations to develop, implement and maintain an enterprise security program in accordance with internationally accepted standards. .” You can read the full press release here and the Resolutions here.
Lexis Nexis recently conducted a survey, which the Law Technology News wrote about here, regarding the importance of file sharing in law firm collaboration. The survey showed that, while many firms continue to express concerns about security, over two thirds of those who participated in the survey use unencrypted email to share files. The survey points out that these firms rely solely on the confidentiality statement within an email for protection. Read more…
Portland, Ore. firm Exterro hosts webcast with Magistrate Judge James Francis (SDNY), District Judge Paul Grimm (Dist. Md.) and Chief Magistrate Judge John Ott (ND Ala.) for a discussion about the proposed amendments to the Federal Rules of Civil Procedure regarding e-discovery.
The Decade of Discovery is a documentary film “about a government attorney on a quest to find a better way to search White House e-mail, and a teacher who takes a stand for civil justice on the electronic frontier.” It features e-discovery pioneer judges like Judge Shira A. Scheindlin, the founder of The Sedona Conference®, Richard G. Braman, and others who have helped shape the search for justice and freedom in the digital age.
The film will debut at the Hoboken International Film Festival on May 31st and at the Manhattan Film Festival on June 21st.
Watch the trailer here.
The Heartbleed bug, which surfaced at the beginning of last week, is one of the worst security breaches that the internet has had to deal with. It has been around for approximately two years, undetected by anyone except for, potentially, the NSA. The vulnerability allows attackers to grab usernames, passwords, and actual content, as well as impersonate services, and there is currently no way to detect whether it has been exploited or not. This vulnerability not only affects websites, but also hardware such as wifi routers and firewalls. So, what practical steps should be taken to protect any client materials stored at third party locations?
The first item on the list would be to assure your client that you are contacting the vendors involved. The next step would be to find out if any of the vendors you use were affected by the bug, and to learn as much as possible about what steps the vendor has taken and is taking to protect your client’s data. There are tests that can be done regarding whether websites have been patched, one of them can be found here. A list of hardware vendors to check can be found here. Even if the vendor assures you that the hardware has been patched, you will want to check your own hardware against the list. Once you have confirmation that all vendor services have been patched, the last item is to change your passwords for these services. Although it may be obvious to do so, keep the client informed throughout this process, find answers to any questions the client has, and maintain communication with the vendor so that you, and the client, can rest assured that reasonable steps have been taken to protect their data.