When it comes to digital evidence, the questions change at the speed of innovation. And that makes challenges related to electronically stored information (ESI) a key issue in nearly every court case. With court decisions hinging on digital evidence, it’s critical that business leaders, IT pros and attorneys all understand what courts are looking for.
“I can’t think of any case where there isn’t some amount of ESI,” says Judge Helen Adams, Chief Magistrate Judge for the U.S. Southern District of Iowa.
In such a fast-moving legal area, judges don’t expect anyone to have perfect answers. But judges are signaling their shrinking patience with attorneys who won’t make the effort to become competent with e-discovery. For one cautionary tale, Judge Adams recommends reading DR Distributors, LLC v 21 Century Smoking, Inc. et al. In the January 2021 ruling, Judge Iain Johnston of the U.S. District Court of Northern Illinois clearly showed that he was fed up with a case that had dragged on for eight years and included more than 400 docket entries. Judge Johnston declared in the ruling’s opening sentences, “Through a series of missteps, misdeeds, and misrepresentations, Defendants and the former defense counsel find themselves looking down the barrel of a sanctions motion Howitzer.”
Judge Adams says, “It’s a great learning tool for lawyers if they want to know what not to do.”
Even after that warning shot, Iowa’s Judge Adams remains optimistic. She thinks that most ESI headaches can be avoided if all parties simply do some homework and focus on communicating clearly and frequently.
Judge Adams’ core advice is simple: Become more curious, ask better questions and talk with more people who can explain all the legal implications of recording almost everything.
“The biggest complicating factor for me is that lawyers just aren’t well-versed in this and don’t ask enough questions of their clients,” she says.
The judge’s most common challenge? Lawyers who claim an ESI request is overly broad and puts an undue burden on their client. “But when you ask what that means, they can’t answer it because they don’t have the info from their client.”
Judge Adams says that if an attorney pushes back on an ESI request, they should produce supporting details. For instance, an attorney could provide an affidavit from an IT expert explaining where the information is stored and exactly how much it would cost to retrieve it. The judge wants specifics, such as how many documents came up in the initial search, where those documents are stored and how many hours it would take to retrieve them.
Many digital evidence requests try to cover too much time. In a wrongful termination case, there’s probably no reason to request every record related to an employee’s 20-year career at the company. Instead, start by requesting records and e-mails from 6 months before and 6 months after the termination. The results will indicate whether it’s reasonable to expand the scope.
Judge Adams also urges attorneys to bring technical experts with them to pre-trial conferences and into the courtroom itself. “If you have a good IT rep that can talk to us, that would be really helpful,” she says. Just make sure your expert can translate the technical summary into terms that the judge and jury can easily follow.
"A lot of ESI discovery issues can be resolved by lawyers on both sides talking to each other early and often and being transparent,” Judge Adams says.
To get all parties talking, the judge follows these procedures:
Judge Adams recommends the following resources for coming up to speed on ESI discovery:
Clearly, the legal team expects all parties to do their best to keep up. For help with best practices on finding and presenting digital evidence, contact our digital forensics team today.
It seems like we all would’ve learned this lesson from our own experience with mediocre teachers, coaches and bosses. But let’s review: Which statement from a leader would motivate your end users to make some changes?
“You’re the main reason we’re having this problem.”
“Our team really needs your help. You’re the perfect person to solve this problem.”
Easy choice, right? Not so much in the IT world. Despite everything we know about human motivation, we still constantly hear IT and security leaders trying to coax end users into taking security more seriously. Everywhere you turn, someone is calling an organization’s end users “the weakest link” in the cybersecurity plan. It’s especially common in marketing materials and social media posts from security awareness and training providers.
We’re not saying it’s untrue to say that end users are involved in most attacks. But we are saying it’s counterproductive to approach them as a liability rather than asset.
Research shows that about 80% of successful data breaches involve some form of social engineering. But how many of your employees will eagerly embrace a defense-in-depth security culture if you approach them as the problem instead of part of the solution?
Rather than viewing your end users as a weakness to offset, enlist them as frontline defenders. Call them an extension of the security team. Pump them up as a critical piece of the overall data protection effort. Show them that they can personally make your organization safer.
Changing your mindset—and building it into all your communication with end users—provides a solid cornerstone for building a successful awareness and training program that your user base will embrace.
Recently (though not for the first time) we saw a social media post stating–with passion!–that training end users to spot phishing e-mails is a waste of time and resources. Wrong answer. Training and simulated phishing campaigns work—if they’re well-planned, well-executed and given time to work.
Here are a few ways to create training and testing programs that get buy-in from your team:
So, let’s treat end users as frontline defenders, provide testing in a way that engages them, and view phishing training as a control with some of the best ROI in the security business. Ultimately, these will improve your organization’s overall awareness and training results and help with your “security bench strength.”
For help in planning a training program customized for your users’ needs, contact Pratum today.
While announcing the topics at the first session of the 2021 Iowa Technology Roadshow, the host read “cybersecurity” and then looked around the room. “Everyone just got out their pen and paper,” she noted. Pratum gets that a lot these days. Every on-task business leader is looking for answers to the run of ransomware attacks pressing down on the summer of 2021 like a heat wave.
To help leaders navigate of-the-moment changes in the tech landscape, the Technology Association of Iowa hosted five days of presentations across the state in late June. Pratum Founder and CEO Dave Nelson joined each day’s discussion with other tech leaders to talk solutions for business interruptions, securing employee data access and dealing with the hackers knocking on your system’s door every day. Here are top takeaways from the roadshow’s kickoff panel.
On the first morning, Dave drew attention to two frequently neglected elements in the classic cybersecurity pillars of confidentiality, integrity and availability. Most cybersecurity conversations fixate on confidentiality. But overlooking integrity and availability could leave you in a tough spot when a breach occurs.
Data integrity ensures that information you access tomorrow is exactly the same as it was when you accessed it yesterday. Dave used the example of a nurse administering medication. “You have to guarantee that the data about how that medication was administered in the past is completely accurate so that you can make sure the dose you’re about to give is accurate.”
Recent ransomware headlines illustrate the critical role of data availability. “I can guarantee that your data remains confidential if I put your server in a hole in the ground and pour concrete over it,” Dave said. “No one’s going to get to that information—including you.” Safe, but not realistic. In the Colonial Pipeline ransomware attack, a lack of data availability meant Colonial shutdown for several days, cutting off much of the East Coast’s gasoline supply.
But your data backups will save the day, right? Maybe eventually, Dave warned the roadshow audience. But are you positive that you can quickly restore everything you need from backup? And what is “quickly” in the case of your business? What if it takes a week or two weeks to restore your critical systems? “Now you’re scrambling to run your business,” Dave says. “How will you do payroll? Will you back up a Brinks truck and pay everyone in cash? How do you pay vendors? How do you track inventory and raw materials?”
To be truly confident in your backup strategy, you’ll need a written incident response plan and enough test runs to confirm that you can restore your systems in an acceptable timeframe.
How fast is fast enough for restoring data? “You can’t answer that without looking at what’s going to happen to your business,” Dave said. “Cybersecurity is not just a technology problem. It’s a business problem. If you take one thing from today, look at security from a risk-based perspective. Don’t just throw technology at it.”
Sticking with the theme of supporting good technology with good policies, Dave told the audience that much of your risk may be a relatively simple matter of giving too much access to too many people. Reduce everyone’s access to only what they absolutely need to do their jobs, and you’ve just limited what’s exposed to a dishonest employee or a hacker who gets the credentials of an honest one. “All of a sudden, you solved a big part of your problem without spending any money,” Dave said.
This scenario applies even to the titans of classified information. Consider the case of the National Security Agency, which controls data at a level most of us can’t dream of. And yet one person—Edward Snowden—invalidated a giant swath of the agency’s expenditures on securing data.
Panelist Laura Smith, CIO of UnityPoint Health, urged the audience to understand that their organization is under siege by hackers. “Even if you think you aren’t being attacked, you are,” she said. “So assume you’re being attacked and figure out how to mitigate it.”
Laura noted that her healthcare organization sees literally millions of threats a day across its large system. The massive volume of threats stopped by firewalls and by e-mail filtering reveals the scope of the threats. Hackers use automated tools to constantly scan the Internet looking for vulnerable systems. When they find an opening, they may attack with ransomware without even knowing what kind of data they’ve locked up. Don’t think you’re safe just because you don’t consider your information valuable enough to attract a hacker’s interest.
Laura acknowledged that securing all of your data at the same level isn’t realistic or even necessary. Her organization looks at every business process on a spectrum of acceptable risk. “On one end, we say we’re taking no risk when it comes to delivering patient care, so we invest a lot there. There are other things where it’s a less critical business process, so we don’t invest as much there.” Her team analyzes every process to assign the proper mitigation within a variable risk range.
Laura also touched on how to win support for cybersecurity investments from executives who must constantly choose among competing budget requests. For starters, make sure you’re relying on a widely accepted framework such as NIST 800-53 to show that you’re seeking to follow best practices from trusted third-party organizations.
Investing in a third-party information security risk assessment provides a detailed list of your vulnerabilities and the risk associated with each one.
You can also support your case by gathering benchmarks on typical cybersecurity investments for your sector to offer proof that you aren’t keeping up. Organizations such as Gartner and IDC provide annual reports that help guide and support your security budget requests.
For help interpreting all of these industry trends and applying them to your organization’s situation, contact us today.