LITIGATION SUPPORT TIP OF THE NIGHT

In 2019, New York State passed new legislation, the Stop Hacks and Improve Electronic Data Security Act (the SHIELD Act), N.Y. Gen. Bus. Law § 899-bb. The SHIELD Act requires businesses to implement reasonable safeguards to protect the security and confidentiality of the private information of New York State residents.

A business must adopt a data security program, and take the following measures:

1. Identify company employees who are responsible for enforcing the program.

2. Identify reasonably forseeeable external and internal risks.

3. Assess the adequacy of the safeguards, in particular evaluating:

4. network risks

5. software risks

6. data processing risks

7. data transmission risks

8. data storage risks

9. Provide training in the security program to its employees.

10. Engage service providers who are contractually bound to implement the safeguards.

11. Update the program as circumstances change.

12. Respond to attacks or failures of its system.

13. Test the effectiveness of its program.

14. Dispose of information when it is no longer needed for any business purpose.

The SHIELD Act specifically directs that electronic media be erased so that data cannot be reconstructed when private data is disposed of.

The measures taken by a smaller business need only be proportional to the resources of the business; the scope of its activities; and the nature of the personal information it collects, if the business has fewer than 50 employees; less than $3M in gross annual revenue for the past 3 years; or has less than $5M in total assets.

A business will be automatically considered to be in compliance with the SHIELD Act if it complies with the regulations of the following:

1. Title V of the Gramm-Leach Bliley Act which addresses consumer data held by financial institutions.

2. HIPAA

3. Health Information Technology for Economic and Clinical Health Act

4. New York State's cybersecurity requirements for financial services companies under 23 CRR-NY § 500; OR

5. The data security regulations of any other federal or New York state department or agency.

The SHIELD Act added biometric data, and user & password account information, to SSN, driver license number, bank account number, and credit card number data covered by earlier legislation.

Your computer can become infected with rootkit software - malicious software that will enable access to restricted areas of a computer or the legitimate software installed on it. If you want to supplement the search your anti-virus software performs for rootkit, you can download the free Sophos Rootkit Removal tool, available here. Any viruses it detects, it will also attempt to remove without the purchase of a paid license.

The Sophos tool does not work in real time, so it will not interfere with your regular antivirus software.

Microsoft has issued a notice about a security flaw in its Exchange email server. The exploit is called Hafnium and is apparently sponsored by China. Microsoft warns that Hafnium targets, "infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs."

The exploit works by gaining access to the Exchange server using stolen passwords and then using a web shell to control the server remotely. The exploit is operated from virtual private servers based in the United States. The exploit can make use of PowerShell to export data from an Outlook profile.

Security updates which address the Hafnium vulnerability are available here. Microsoft has also posted a script to Github which can be used to scan log files for signs that an Exchange server has been compromised. See: https://github.com/microsoft/CSS-Exchange/tree/main/Security .

This simple findstr Windows command is recommended to check for signs that Hafnium exploit has infected a server:

findstr /snip /c:"Download failed and temporary file" "%PROGRAMFILES%\Microsoft\Exchange Server\V15\Logging\OABGeneratorLog\*.log"

Microsoft also helps businesses and law firms search for signs of the exploit by posting the hash values of the Hafnium web shells that have been found, and the names of the .aspx files used by the web shells. These active server page extended files are used by servers to communicate with a web browser.