Measure and control IT security

Cyber crime is costing UK companies up to £270,000 every 60 minutes - but many are unaware of the sheer scale of the outbreak, independent risk consultants have warned.

The investigators claim many established businesses are unaware of the scale of computer crime due to the virtual nature of the attacks, and their authors.

Through greater connectivity and technological advances, e-crime is growing at a rapid rate and will continue to do so for the foreseeable future. However, the factors behind this also make it easier to identify the electronic ‘fingerprints’ of the criminals. With the proliferation of computers, PDAs and mobile phones, electronic evidence is proving ever more important in solving crimes.

In order to minimise the risk the company faces, the investigators replied with the following best practice recommendations:

“Contain and Preserve:”
• Act decisively to prevent the loss or damage of digital evidence, which is a volatile medium
• Initiate all responses with the most serious consequences in mind; it can always be scaled down as more facts/information come to light. It’s too late once you are at court
• Never use internal IT staff to collect your evidence because mistakes can be embarrassing or leave the organisation open to the possibility of being counter-sued

“Ascertain the extent of the incident:”
• Determine to what extent the company has been exposed by the incident
• Determine if future incidents can be avoided
• Determine if changes to infrastructure, systems, policy or contracts need to be made

“Resolve the matter:”
• You will now be in the position to know how to address the situation. This could include doing nothing, dealing with IT in-house, formalising the incident with legal debate or escalating the matter to a higher authority e.g. Police
• Assess what damage control may be required

See full article.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search your network for password protected and evidential files. FindProtected makes it easier to discover electronic evidence that may be used in litigation.

According to a recent article by Darrell Dunn, “more emails are used as evidence in legal suits now, making new tools to better monitor and manage email usage crucial”.

Despite so many highly publicized legal cases involving email, only 35% of companies have email retention policies, and 37% of employees say they don’t know which messages should be retained and which purged, according to surveys conducted by the American Management Association and the ePolicy Institute, a training and consulting firm.

Most companies don’t realize that failure to get a handle on email–and soon instant messages and blogs and other forms of business communications–can cost them a lot of money and their reputation.

“The first thing my clients want to see now is email and email attachments,” says Eric Blank, managing attorney of law firm Blank Law & Technology, which specializes in electronic evidence detection. “Sometimes that’s the only thing they search.” Legal battles involving email can be costly. A good paralegal or attorney can review about four documents per minute looking for evidence, Blank says. If a company has to review millions of pages of email, legal fees of US$300 an hour can quickly add up to hundreds of thousands of dollars.

“A few years ago, many businesses said they should delete [old E-mail], but today the conventional wisdom is to keep it,” says Aaref Hilaly, chief executive of Clearwell Systems. “Once an email is out there, it’s out there, and you can’t guarantee an email has been obliterated. It could always be lurking on some user’s machine or be in the hands of a competitor. Deleting email is like playing poker without knowing what all your cards are. Do we fight or settle?”

The companies may employ specific software to search for particular pieces of data or individual messages. In this case, the ability to dive down into the data, index it, and retrieve it radically simplifies the processing of getting particular content.

Speed is good when hit with a lawsuit or subpoena. But advance planning is better. Businesses are expected to start spending substantially more money on email archiving applications, with sales predicted to jump from US$796 million this year to US$7.8 billion in 2010, according to consulting firm the Radicati Group.

Even companies not facing legal threats need to consider better ways of managing and monitoring email, and they also should review their policies on message retention and archiving. It’s better to deal with these issues in advance than have to confront them on the witness stand.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search your network for password protected and evidential files. FindProtected makes it easier to discover electronic evidence that may be used in litigation.

Australian police in Queensland are to be given power to force suspects to hand over passwords and encryption codes.

The legislation, to come into force in July, covers mobile phones, PCs, handhelds and other electronic devices. Non-compliance carries up to 12 months’ jail.

While police have software tools to crack encryption, Queensland Police Minister Judy Spence said the powers, which required a warrant, would save time and resources.

“This law prevents criminals from withholding electronic evidence by forcing them to give police access to data from their computers, mobile phones and other electronic storage devices… As computer technology becomes more sophisticated, so must the safeguards that protect our society.”

Civil liberties groups, however, were concerned the legislation would allow police access to suspects’ digital signatures.

Ironically federal legislation due to come into force shortly is moving in the opposite direction, offering users more protection for so-called stored data such as voicemails and messages stored on mobile phones.

See full article.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search your network for password protected and evidential files. FindProtected makes it easier to discover electronic evidence that may be used in litigation.

With e-mail dramatically increasing the sheer volume of electronic information stored and disseminated on a daily basis, your organization can ill-afford the consequences of not being prepared to deal with the evolving legal landscape of electronic discovery.

Business organizations should consider the following steps in order to avoid the potential perils of electronic discovery:

1. Establish a written, comprehensive record retention and destruction policy.

2. Develop a preservation/litigation hold policy. A comprehensive litigation hold policy must effectively advise employees of their obligation to preserve records relevant to anticipated litigation.

3. Create a litigation hold team. Team members may include people from the legal department, (including outside counsel to oversee compliance), a paralegal or project manager responsible for day-to-day supervision of the collection and production of electronic discovery materials, a records management person, senior management, and a member of the IT department (who may assist counsel in gaining familiarity with your retention policies and data preservation architecture).

4. Identify all sources of potentially relevant information.

5. Continually follow up and improve items 1, 2 and 3.

See original article.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search your network for password protected and evidential files. FindProtected makes it easier to discover electronic evidence that may be used in litigation.

There’s an interesting article by David Wishart published at theage.com.au: “On March 1, 2005, the giant US bank Morgan Stanley learned that it had effectively lost a $US1.45 billion fraud case. It lost… because it had simply failed to produce evidence. It had forgotten (or deliberately failed) to discontinue its practice of overwriting emails and it had not produced all emails incorporating 29 specified words between certain dates seven or so years ago. There were more than 2300 back-up tapes”.

“For any business using email, this is scary stuff. Not only are there horrendous cost implications because conventionally you have to pay the cost of finding and providing the information to the other side in a court case, but also if you have destroyed an email you sent or received, the company and its officers and employees may breach provisions soon to be inserted in the Crimes Act”.

It is commonplace that computers and the internet together have revolutionised business life. If all computers’ storage space in an organization were to be filled with basic Word documents and you were to print them out, the pile of documents would be “higher than Mount Kosciuszko”.

Correspondence is routinely kept on the recipient’s computer (and the business’ server and back-up storage, as well as the sender’s equivalents). Moreover, someone with something to gain or lose can easily recall a document and delete or alter it, or resend an email after alteration so that it appears to be the original… If a crime has been committed, all of this makes discovery difficult.

Computer forensics techniques step in here. Instead of foraging through our pile of paper, the expert gets the computer to do the work. Specific programs may be used to search for and within documents and other files. Besides, to deal with alterations or destruction of the data, or even forgery, the expert may need to take an electronic copy of a hard disk.

“Meanwhile, the next time you consider whether to delete an email weigh up whether it is better to add habitually to the massive archive of material in your business and thus risk the Morgan Stanley result and also risk strike suits against you, as opposed to deletion, which might lose a dispute and even might be a crime. Perhaps you might reflect on the insanity of a system that tells you what is right or appropriate only after the event.”

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search your network for password protected and evidential files. With FindProtected, it is way much easier to discover electronic evidence that may be used in litigation.

An article by Russ Cooper has recently appeared on mcpmag.com: “Companies keep more and more business data in electronic form as the cost of storage drops and regulations like Sarbanes-Oxley require companies to preserve data for legal and accounting purposes”.

E-discovery services are not limited to law firms: Many companies contract such services to proactively find regulatory problems in their archives. E-discovery services examine company archives to find relevant files, preserve them for use in court and give access to lawyers who need to analyze the data as evidence. As companies seek to reduce discovery costs, discovery features may be added to storage solutions.

One of the major concerns about e-discovery is that, “with the dramatic drop in storage media costs, IT departments may become lax about determining what data they should be storing and what should be trashed. In so doing, the more data they have stored, the more vulnerable that company will be to such problems and costs”.

“In the U.K., it’s no longer a question of whether or not data must be retained, but how long it must be retained for. Consideration regarding the unintended consequences of insisting on retention seems not to have been given”.

To further illustrate the potential problems, Brian Sartin of Cybertrust’s Forensic Investigations organization said in a recent discussion that in a considerable number of the credit card number loss cases the team has worked on, the company in question was unaware that the credit card numbers were in the data at all. Companies might be aware of some files that would or should contain such details, but were unaware that other files were storing it also. As such, it may well believe the company has done a good job of protecting such sensitive information, yet still have it compromised. Extending this thought to e-discovery, if the files that are being archived contain information the company is unaware of, then that data may be discoverable in the future when it might otherwise not have to be.

“How data is stored makes a significant difference to what can be retrieved. For example, if archiving is automatic and deletion of archives happens after it has been transferred, then it may be possible to recover deleted items from the physical media the archive is created upon”.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search your network for password protected and evidential files. With FindProtected, it is way much easier to discover electronic evidence that may be used in litigation.

There’s an article by John Sterlicchi at accountancyage.com called “E-trail leads straight to court”. According to the article, “the cost of e-discovery ­ revealing documents in the run up to a trial ­ may also have chief financial officers worried as evidence emerges that the process can rack up fees in the hundreds of thousands of dollars.There are numerous examples where electronic documents are in evidence. At present, emails involving Enron’s former CEO Jeffrey Skilling are being used by the prosecution at the fraud trial taking place in Houston”.

“Besides the costs associated with litigation, corporate CFOs are beginning to baulk at the actual cost of the e-discovery process. Anecdotally, one case is said to have rattled up e-discovery expenses in eight figures, and researchers say $140,000 is the minimum per suit.”

“With those kind of fees on tap, it is not surprising that a whole industry has appeared, consisting of dozens of companies that have developed a variety of technologies to either find and analyse documents needed in litigation or, better still, help businesses keep a handle on their electronic documents before a lawsuit is filed.”

EDDix research company has recently published a survey, which estimates that the e-discovery industry will generate $2bn in revenues for vendors this year and it has compound growth of 35%.

However, although nearly every civil court case in the developed world now involves e-discovery, “still more than half of IT organisations and in-house legal teams are not geared up to handle requests for electronic evidence,” according to Gartner research.

“Even more alarming, 65% of corporations do not include electronic documents in their document retention schemes, according to consultancy Cohasset Associates. ”

One of the proactive action that companies can take is to “archive their e-documents in such a way that those most likely to be subject to compliance or litigation reporting and disclosure are put in near-line storage and not hidden away on tape drives in a back room somewhere”.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search your network for password protected and evidential files. With FindProtected, it is way much easier to discover electronic evidence that may be used in litigation.

Now it’s easy to integrate Find Protected in your security system of your company as we designed a Find Protected COM server, and it will not take much programming. Adding Find Protected to your security tools will address some important identity theft problems. Please, find details below.

How to use COM Server

Download COM Server version: http://www.findprotected.com/fp_com.exe

After installation in C:\Program Files\Find Protected you will find:

1) findprotected.exe — it’s a COM server, you should install it with regsvr32 or just run once so the sever will be installed.
2) FP_COM_test.exe — the sample program written in Delphi, that shows how to use FP as a COM server. You will find sources in Delphi in FP_COM_Test_src.zip
3) findprotected_com.hlp - small help file for COM server procedures;

Let us know if you have some questions.

There is an article by Brian Bergstein at latimes.com, called “E-Discovery Firms Search Data for Evidence”.

Even just a few years ago, lawyers in corporate lawsuits sometimes agreed not to poke around in their opponents’ e-mails. Instead they’d confine themselves to paper memos and other documents on file as they pursued evidence.

Now, however, with so much work done via e-mail, instant messaging and other online platforms, “nothing’s in the file cabinets anymore,” said Michele Lange, staff attorney for legal technologies at Kroll Ontrack Inc.

Previously, electronic discovery was commonly performed by local computer experts “who played golf with law firm procurement officers”.

Now however, “the abundance of inexpensive data storage, high-profile lawsuits and laws such as the Sarbanes-Oxley Act that demand thorough corporate archiving — are making electronic discovery a lucrative and competitive slice of information technology.”

“Increasingly, e-discovery customers are not just law firms enmeshed in big corporate cases. More and more, companies are working proactively with e-discovery vendors, getting a handle on their data troves so they can meet regulatory requirements — or just in case they are sued”.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search your network for password protected and evidential files. With FindProtected, it is way much easier to discover electronic evidence that may be used in litigation.

Evan Schaeffer’s weblog has some interesting ideas about “The Two Distinct Meanings of the Term “Electronic Discovery”":

Lawyers are frequently confused about the term “electronic discovery.” It’s no wonder, since lawyers and electronic-discovery vendors often use the terms in distinctly different ways.

The terms “electronic discovery” can have either of the following two meanings:

* A set of rules and procedures designed to locate admissible evidence from facts created and stored in electronic format. This set of rules and procedures almost always overlaps with the rules and procedures lawyers use to find information stored in paper format; and,

* The process of uncovering, collecting, searching, and manipulating information created and stored in electronic format in attempt to locate admissible evidence.

When litigators say “electronic discovery,” they are often giving the term the first meaning. Litigators are most often concerned about the procedures used to compel the other side to turn over electronic data in the first place. When electronic-discovery vendors say it, they are often using the second meaning. Electronic-discovery vendors are most often concerned about making use of electronic data once it’s already in the requesting lawyer’s possession.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search your network for password protected and evidential files. With FindProtected, electronic evidence discovery is way much easier.