LITIGATION SUPPORT TIP OF THE NIGHT

Keep in mind that while your antivirus software may detect many types of malware, there are also a great number of malware programs which are 'fully undetectable' or FUD.

Malware may be encrypted so it's not possible for antivirus to scan through it.

Malware developers will check the detectability of their programs using widely used antivirus programs.

Malware can also evade antivirus software by using 'fileless techniques'. This means that the malware will run entirely in RAM - there will be no actual files downloaded to a PC. Rebooting your operating system can clear RAM, but some malware can manipulate the registry or PowerShell to keep functioning. It is also possible for ransomware attacks to work without using any files.

Beware of zero day attacks, that will successfully circumvent antivirus software before the malware is discovered. While virus definition updates are distributed daily, thousands of new malware attacks are also devised each day.

RelativityOne encrypts data at rest on servers so attackers cannot read the data without encryption keys.

FedRAMP, HIPAA, and other regulations may require data at rest encryption. Relativity uses the Microsoft Azure platform which according to this white paper meets, “more than 70 international and industry-specific compliance standards, such as ISO 27001, SOC 2, Type II, HIPAA, and FedRAMP, as well as country- specific standards like Australia IRAP, UK G-Cloud, and Singapore MTCS.”

Note that the HIPAA Security Rule does not actually require encryption but it does make it an 'addressable implementation' which means that it may be found that it is reasonable and appropriate to encrypt data. If not, alternative measures can be taken.

FedRAMP's Control Specific Contract Clauses, which provides language to be used in the provisions of contracts addressing cloud security, states that, "Cloud Service Providers pursuing a FedRAMP authorization will have to support the capability to encrypt data-at-rest; however, contract clauses should indicate any specific agency requirements for data encryption."

Last night's Tip discussed the use of certificate authorities to authenticate web site owners, and encrypt communications. Certificate authorities do not remain valid indefinitely. Expired certificates will generate an error message. Certificate authorities that have been revoked for some other reason will be put on a Certificate Revocation List (CRL). This is an example of an error message you'll see in a browser if a CA has been put on a CRL.

Some CAs on a CRL will only be on hold, and are not necessarily permanently revoked.

Digital certificates will be placed on a CRL when public keys have been compromised, a certificate is believed to be a fake, the issuer of the CA is compromised, or a web site owner no longer owns a server or domain name.