LITIGATION SUPPORT TIP OF THE NIGHT

In the Home edition of Windows 7, if you right click on any folder, select Properties, and then on the General tab, click on Advanced, you'll see an option 'Encrypt contents to secure data' which is grayed out.

. . . in order to get around this limitation, you can download NCH's MEO file encryption software, which is free. See: http://www.nchsoftware.com/encrypt/

After installing the software, click on options, and select a folder to hold the encrypted files that you'll create with the meo extension.

. . . then just select the folder you want to encrypt, enter and confirm a password and then it will be created in the output folder with an extension, .meo. You'll need to delete the source folder.

On March 1, 2017, the cybersecurity regulations of New York State's financial regulatory body, the Department of Financial Services, became effective. Both financial services companies and their law firms will have to comply with rules designed to protect costumer data. The regulations are the first of their kind in the nation. See the requirements, under Title 23 of the Codes, Rules, and Regulations of New York State, which are posted here.

The new regs require each covered entity to implement a cybersecurity program and have a written cybersecurity policy. There must be a specific incident response plan. Businesses must designate one person as their Chief Information Security Officer, who has to prepare a report to the board of directors each year, which lists material cybersecurity risks, and "material Cybersecurity Events involving the Covered Entity during the time period addressed by the report."

The cybersecurity program has to include penetration testing that is conducted annually, and have systems that provide for an audit trail for cybersecurity events, which is recorded for at least five years. Access privileges have to be implemented to control privileges for nonpublic information, and use of specific in-house applications. A risk assessment of information systems has to be performed periodically. Cybersecurity personnel have to receive continuing training in their field, and all users must receive some kind of cybersecurity training.

The policies must address the use of data by Third Party Service Providers, which include law firms. Compliance with this provision is not required until 2018.

Multi-factor authentication to required to access internal networks from external networks. There must be policies in place to dispose of nonpublic information when it is no longer necessary for a business purpose.

The regulations require that nonpublic information be encrypted in some circumstances.

When a cybersecurity event occurs, the Superintendent of the Department of Financial Services has to be notified within 72 hours.

Entities with fewer than 10 employees, or less than $5M in gross revenue, or less than $10M in assets, are exempt from some of the regulations.

Covered entities have to file a Certificate of Compliance with the Department of Financial Services by February 15, 2018.

A free utility called WireShark can be downloaded at https://www.wireshark.org/ . It's a network protocol analyzer. Go to the Interface list and select a network connection, and then click Start. Transmission Control Protocol (TCP) traffic is in green; and User Datagram Protocol (UDP) traffic is in light blue.

TCP network protocols will request lost files when a connection is lost. UDP will not do this if there is an interruption. TCP messages are always sent in order, whereas UDP messages can arrive out of order. If TCP messages do arrive out of order, resend requests are sent, and the sequence needs to be put back in order. Black rows in WireShark signify when a TCP connection has a problem like this. In UDP individual packets are sent one by one. TCP has packets but they are sent in a stream with nothing to show where one begins and another ends. The World Wide Web; SMTP email; FTP are examples of TCP. Voice over IP (VoIP) and Domain Name System (DNS) are UDP.