November Cyber update from the Office of Rob Kleeger
Nov 24, 2021 2:42 am
,
I hope this email finds you and your loved one's safe, secure, and healthy.
It's been quite the bounce back year and appreciate the opportunities we had to work together or getting to know you and build a long term relationship. May this holiday season bring you the joy, happiness, and time to spend with your loved ones.
All the best,
Rob Kleeger
1010101001010111010101100010100101010010101
Words of Wisdom:
"You must be the change you wish to see in the world.” – Gandhi
Every day we see the violence around us. While there is very little that we can do, start with the man in the mirror. Be the change you want to see within others. While you can’t influence the world, you can be a better human, and become the testament of the change.
CURRENT DATA SECURITY NEWS:
Federal Banking Agencies Issue Cyber Incident Notification Requirements
Federal banking agencies issued a final rule requiring banking organizations to notify their primary federal regulator within 36 hours of determining that certain material computer-security incidents have occurred. Bank service providers also must notify affected banking organization customers as soon as possible of computer-security incidents that materially disrupt or degrade covered services for four or more hours.
GoDaddy hack causes data breach affecting 1.2 million customers
In a data breach notification published on November 22, 2021, GoDaddy said that the data of up to 1.2 million of its customers was exposed after hackers gained access to the company's Managed WordPress hosting environment.
The incident was discovered by GoDaddy last Wednesday, on November 17, but the attackers had access to its network and the data contained on the breached systems since at least September 6, 2021. "Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress." said Demetrius Comes, GoDaddy's Chief Information Security Officer.
Fake TSA PreCheck sites scam US travelers with fake renewals
Threat actors are sending people emails that inform them of the imminent expiration of their TSA PreCheck membership, and urge them to submit a renewal application by following the embedded URL.
There has been a surge in reports of people getting scammed after visiting TSA PreCheck, Global Entry, and NEXUS application service sites, being charged $140 only to get nothing in return.
To confirm if you are due for a renewal, visit the Homeland Security's Trusted Traveler Programs page, which contains the legitimate URLs for all available travel programs.
Ex-Biglaw Partner Arrested, Accused Of Cyberstalking Former Colleagues
A former corporate partner at K&L Gates was arrested after allegedly sending an untold number of “harassing, threatening, and intimidating emails and text messages” to a number of people at the firm over the course of more than 18 months. In 2020, he filed suit against K&L Gates, accusing the firm of discriminating against his fellow Black partners and also mounting claims that he was fired after attempting to discuss the firm’s alleged “culture of sexual misconduct. He faces four counts of cyberstalking, and up to a 20-year prison sentence.
1010101001010111010101100010100101010010101
CURRENT LEGAL CASE UPDATES:
Axis Ins. Co. v. American Specialty Ins. & Risk Servs., Inc. (N.D. Ind. July 12, 2021)
In this breach of contract case, the plaintiff moved to compel document and metadata production based on irregularities and inconsistencies in the original production that raised doubts about whether the defendant’s original search for responsive data was reasonable and sufficient. Under the FRCP, a party has the duty to conduct a reasonable inquiry to find responsive data in e-discovery. If you fail to take this duty seriously, as happened in this case, the court will ask you to go back and do it again, and you may be forced to pay opposing party costs in seeking compliance.
Boardriders, Inc. v. Great American Insurance Company (C.D. Cal., Docket Number 8:21-cv-1260).
In this case, the parent company to apparel brands Billabong and Quiksilver — sought coverage under its cyber policy following a 2019 ransomware attack in which hackers shut down the company's networks worldwide and demanded nearly $25 million for the decryption keys. The dispute that materialized between the parties highlights and confirms the frequency of ransomware attacks, which may have led to the shrinking market of insurers. Going forward, expect many to refuse to pay claims and on the renewal periods start placing sub limits on the amount of coverage provided for the cyber claims with the highest risk factors.
1010101001010111010101100010100101010010101
CYBER SECURITY TIP OF THE MONTH:
Lock your workstation when you are not using it - Especially when WFH
When you’re working in the comfort of your own home it’s easy to let your guard down. This is especially true if you live with trusted loved ones. To prevent accidental data loss or leakage you should still maintain the habit of locking your computer when you are not using it.
All it takes is a moment of carelessness for a trusted family member to accidentally cause damage or see sensitive information they are not privy to.
The fastest way to lock your computer
- Windows: Press the Windows Key and L.
- New Macs: Press Control-Shift-Power
- Old Macs: Press Control-Shift-Eject
1010101001010111010101100010100101010010101
Don't forget About Us:
Digital4nx Group, Ltd., a boutique firm which focuses on helping business leaders protect their “crown jewels” through reasonable, defensible, and cost-effective services... Before, During, and After a Data Incident!
Digital4nx Group provides a blend of legal and technology services to Lawyers, Business Owners, IT Professionals, Financial Executives, Trusted Advisors, and Human Resource and Compliance leaders who need a reliable partner to systematically identify, preserve, extract, analyze, and interpret digital evidence.
Our services are commonly used to:
- React and respond by providing litigation support services for plaintiffs or defendants, as well as providing expert testimony and consulting, both in and out of court.
- Proactively identify and provide insights on how to better secure your network and your confidential data
Cyber Security Services
Cyber incidents can be damaging to an organization, both in the short and long term. Digital4nx Group helps business leaders protect their “crown jewels” through reasonable, defensible, and cost-effective services... Before, During, and After a Data Incident! We offer a multi-disciplined approach to cyber services such as:
- Advanced “Ethical Hacking”
- Cyber Risk and Compliance Assessments
- Incident Response to Cyber Incidents or Data Breaches
- Cyber Security Awareness Training
- CISO-as-a-service
If you are concerned about cyber attacks against you or your firm (