Litigation Support Tip of the Night

November 10, 2019

Last month, TrialWorks, which hosts the electronic records for thousands of law firms in America, fell victim to a ransomware attack. As a result, lawyers have already had to request extensions on filing deadlines.

The data breach may have been caused by a disruption to Outlook service.
The incident highlights the hazards of relying on cloud based records.

TrialWorks allows firms to retain ownership of data. Its Uptime Practice not only allows for the hosting of data, but also software. Microsoft Office; Exchange; and SQL server are included. Law firms need not have servers on their premises. In order to function well, 512 KBs per second per user are required.

TrialWorks’ case management software is among the most widely used in the legal industry, but its recent troubles highlight broader vulnerabilities in the legal world.  

October 18, 2019

Windows 10 and earlier versions of Windows include Windows File Protection, which helps to prevent the corruption of system files.  When protected files change directories, Windows File Protection (working in the background) will check the file against a file signature catalog.   A cache of backup files is kept at C:\Windows\System32\dllcache.   Bad system files will be replaced. 

If you run the command: 

sfc /scannow

 . . . in the System32 folder, the utility System File Checker will perform a comprehensive search for any corrupted system files and replace any it finds with the backups stored in the cache folder. 

October 17, 2019

The Australian government's Information Security Registered Assessors Program (IRAP) provides cyber security guidelines.  Assessors identify security deficiencies and then evaluate compliance with corrective measures. 

The program has four key principles:

1. Govern - IRAP recommends organizations hire a chief information security officer, and that cyber security be considered part of the risk management framework. 

2. Protect -  information should be encrypted at rest and while in transit between systems, and applications should have their attack surface limited. 

3. Detect - Both breaches and 'anomalous activities' should be recorded and analyzed quickly. 

4. Respond - Incidents should be reported both internally and to security regulatory agencies. 

October 10, 2019

The UK's G-Cloud programme is a digital marketplace where British government agencies can acquire cloud computing services.   The UK has a 'cloud first' policy which requires that agencies purchase cloud based IT services, unless the alternatives are cheaper.   The current framework agreement, G-Cloud 11, bans providers from disclosing confidential information without written consent, and information can only be disclosed to the cloud service provider's staff to the extent that it is necessary under the agreement.   The supplier has to notify the government agency about security breaches immediately.    Unless the law provides otherwise, data has to be deleted 7 years after the framework contract ends. The framework includes a separate schedule addressing the processing of data.

Providers listed on the G-Cloud are not required to have a specific cyber security certification, but the National Cyber Security Centre's Cyber Essentials Certification is recommended.   This advises organizations to use a firewall; two factor authentication; Windows Defender to protect against malware; whitelisting (having an admin restrict installed applications to a pre-approved list); and use applications that allow for sandboxing - or the running of the software in an isolated environment with limited access to network data. 

October 9, 2019

Relativity's security white paper for RelativityOne, available here, discloses that Relativity uses Recorded Future for intelligence on cyber security threats, and Anomali to distribute this intelligence. 

 It actively monitors information on the dark web to attempt to detect future threats.   Its 30 person team, Calder7, claims to have not had any serious incidents.   Malware is examined in sandbox workspaces.  Palo Alto Networks is used to monitor network activity, and Relativity keeps tabs on large transfers of data. 

Relativity may investigate if a customer's usage of a workspace departs from what its profile would suggest its activity in the workspace should be.  Relativity also conducts third party penetration testing.   SQL injection is avoided by coding text controls - where data is input.   

Relativity is ISO 27001 and SOC 2 certified, and it uses a Microsoft Azure infrastructure that adheres to other standards such as those of FedRAMP and HIPAA.  Customers have access to security log information from Relativity.   

Relativity utilizes the MITRE ATT&CK knowledge base to keep track of the techniques used by hackers.  

October 1, 2019

If you’ve installed a VPN app on your phone and you want to confirm that it’s activated, google “What’s my IP address?” before turning on the app and then afterwards.  If the IP address doesn’t change then the VPN is not working.  

October 1, 2019

It’s fairly well known that a virtual private network should be used while you’re on public wifi. While wifi may be password protected, your internet traffic is not actually encrypted.

Common security algorithms like WEP and WPA2 can be easily hacked leaving you vulnerable to man in the middle attacks by a malicious third party on the wifi network that intercepts data.

A VPN app will create a secure link that automatically routs traffic through the VPN provider’s server and encrypts passwords, cookies and other data. Servers won’t be able to record your browsing history.

Internet Key Exchange version 2, IKEv2 is one of the faster VPN protocols and works on Windows, iOS and Android, but OpenVPN is more secure and performs better. Avoid PPTP, Point-to-Point Tunneling Protocol, which is less secure.

A good VPN should also allow you to hide your location and true IP address.  

September 18, 2019

FISMA, is the Federal Information Security Management Act.  This statute was passed in 2002 in order to ensure that government agencies would follow certain steps in order to keep the government's information secure. The law was amended in 2014 in order to address a rise in cyber attacks.   NIST has established official guidelines for the implementation of the program.   A framework was adopted calling for these measures:

1. Preparation to manage security risks. 

2. Categorization of stored information. 

3. The selection of baseline controls. 

4. The implementation of these controls.

5. Assess whether or not the controls were keeping information secure. 

6. Authorize the system to operate based on the level of risk involved.

7. Monitor the controls on an ongoing basis. 

September 13, 2019

ISO 27001 in an information security standard established by the International Organization for Standardization.  It provides specifications on how management may implement information security.   A system must be implemented to enforce permanent security standards.  

In order to achieve ISO 27001 certification an organization must establish the following:

1. An overall information security policy.

2 A risk assessment process.

3. The ability of personnel responsible for information security.

4. An internal audit program

5. Documentation of actions taken to correct failures to comply with the policy. 

6. Review of the system by top management. 

ISO 27001 certification address the regulations and standards of HIPAA; the Sarbanes-Oxley Act; the American Institute of CPAs Service Organization Control SOC 2 client data standards; and the Federal Information Security Management Act. 

Some clients request law firms that have this information security standard.  Firms like White & Case LLP; Paul Weiss LLP; and Cravath, Swain, & Moore LLP have ISO 27001 certification.  

A firm may begin to define the scope of their information security program with a review of their document management system.   Best practices are detailed in ISO 27002, which covers cryptography; human resources; access control; communications; incident response; and legal compliance.   Examples of specific measures include:

1. Prohibiting photos or videos of restricted areas without special permission. 

2. User accounts must be locked after a certain number of unsuccessful login attempts.

3. Computers must be set to require re-logging in with a password after no more than 10 minutes of inactivity. 

4. Write permission for USB drives and DVDs must be disabled unless there is specific authorization. 

August 27, 2019

California law requires businesses and states agencies to notify individuals when their unencrypted data was in fact acquired by an unauthorized person, or if it is reasonable to believe that such a person has accessed the data.  See, California Civil Code s. 1798.29(a) and California Civ. Code s. 1798.82(a).    A breach involving the data of more than 500 California residents must be reported to the state attorney general.  See the online form available here.  The form itself should not include PII.   The form is not covered by the provisions of the California Public Records Act which requires that law enforcement agencies disclose information if it would not jeopardize ongoing investigations. 

The owner of the data must receive immediate notification of the breach.   The actual, "Notice of Data Breach,” must be comprised of five sections:

1. What Happened

2. What Information Was Involved

3. What We Are Doing 

4. What You Can Do

5. For More Information.

The statute itself includes a model form for businesses to use.   

Businesses are required to indicate the estimated date of the breach if it is possible to reach a determination about when the breach occurred.    If the business caused the breach it must offer theft prevention and mitigation services for 12 months.     Personal information is defined as a person's name when used with any of the following:

1. Social security number

2. Driver's license number

3. Account number

4. Medical information

5. Health insurance information

6. Automated license plate recognition system information. 

Please reload

Please reload

Sean O'Shea has more than 15 years of experience in the litigation support field with major law firms in New York and San Francisco.   He is an ACEDS Certified eDiscovery Specialist and a Relativity Certified Administrator.

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer.


All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.


This policy is subject to change at any time.