Stevens, Travis, & Fortin

Plymouth Indiana Attorneys at Law (574) 936-4041

119 W Garro Street, Plymouth Indiana  46563

Cyber Law

 

Attorney David Fortin has a solid background in computer security, IT, forensics, privacy, breach recovery, malware internals, reverse engineering, and social engineering.  David has written and maintains low level (Windows kernel) file system security code that has been installed on millions of computers all over the world.  He has discovered countless zero-day vulnerabilities, and continues to actively update and expand his technical skill set.

 

Reasoning about Uncertainty

Life is complicated.  Business is complicated.  Computers are complicated.  We can help.

 

Password Escrow

What happens to your passwords and accounts when you die.  What happens when your employee who manages your website, social medial, or essential data dies or becomes incapacitated?  You know you need to plan for this.  We can help.

 

Website and Social Media Legal and Security Audit

Think twice before hiring the first skilled nerd who knocks on your door.  When you grant an outsider access to your systems and data, you may be placing the future of your business in some careless unaccountable hands.  Find out why you should have an attorney oversee or perform these functions, an attorney bound by rigid established rules of professional conduct, attorney client confidentiality, and a fiduciary relationship.

 

Best Practices Review

It’s always the little things.  Two factor authentication, password escrow, backups, redundancies, regular training…these are things that we can help ensure are being done.  Again, rules of professional conduct, requirements of confidentiality, and fiduciary responsibilities make a law firm the best partner here.  We operate as our clients’ advocate and as an intermediary with the techs, working exclusively for our clients’ best interest.

 

Use Us as Tech Intermediaries

When our clients find themselves in the rough confluence of not understanding tech vendors and not knowing if tech vendors can be trusted, we can help.  We are conversant in the lowest level of boring tech blather right though the highest level of boring legal blather about technology.  We can help make sense of things and communicate it across organizations to help our clients make informed decisions with a good understanding of legal risks and technical risks.

 

Evaluating Cyber Risk Insurance

Cyber risks are constantly evolving, exploits of different and evolving weaknesses, rogues finding value in different digital assets or operational features, targeting changing its focus while becoming less detectable.  The marketplace of cyber risk insurance is expansive and confusing with huge differences in pricing for similar products.  Cyber risk policies do not make for good reading.  And the cost of recovering from a cyber risk, in general, is nearly impossible to calculate…cost of customer notification, public relations, regulatory response, litigation defense, actual damages.  We can help make sense of the polices, putting the complex lists of coverage and exclusions in an actionable form, applying it to our clients’ particular risks.

 

The cyber risk insurance market is young.  Threats are infinitely varied.  Each business has its own variation of risks.  We have the skills and experience to serve as useful intermediaries, understanding our clients’ risks, and understanding the nuances of cyber risk insurance products as applied to these risks to help our clients make informed decisions.

 

Cyber Blackmail Planning

Most of your executives will possess an ambitious soul along with corporeal yearnings.  These two are in a constant conversation.  Sometime the conversation leads to making their world a better place.  Their world is one of love and pleasure, long term goals and spontaneity, amusing failures and unforgettable exuberance.  It is also a world of regret and shame and imprudence.  We cherish and curse our human condition.  And we accept it.  And we must plan for its risks.

 

People make mistakes, some innocent, some purposeful, some malicious, some truly unpredictably accidental.  Your executives have likely done traceable things on the Internet that could break up their families and ruin their careers…pictures, dm’s, email, membership in compromising “dating” sites, digital trails that lead to reputation destroying content.

 

Businesses can do things to protect reputations that the executives cannot do themselves.  We can help implement a solution that you cannot do alone.

 

She Who Destroys Her Reputation, Shall Save It

By systematically creating fake trails, effectively a combination of honeypots and the firing squad's wax bullets to blunt would-be blackmailers, organizations can help protect executives from the actual appearance of many common human failings.

 

Monday:

Employer: Whatever you do, don’t push this button.

Executive: Well obviously…of course…I would never push that button.

Tuesday:

Executive: I pushed the button, the one you told me not to push.

Following instructions is hard (watch the guard scene from Monty Python for an example here).

 

This is why employers have to act.  On the executives’ behalf, and with their consent, organizations can create  unreliable, dynamic, ambiguous trails that appear to be associated with particular executives.

 

If a blackmailer confronts such a protected employee with harmful data it will have no power over them.  Their families will know that their employer is responsible for floating embarrassing things.  As a practical matter, if potential blackmailers know an effective system providing plausible deniability is in place, they will likely move on to an easier target, leaving our clients alone.

 

Cyber blackmail is a temporary problem, a mere societal/technology growing pain.  But the impact of social engineering attacks coupled with blackmail right now is huge.  A compromised employee is a long-term problem that is hard to detect and is probably never a single vector.  Many have heard the story of the availability of daily design changes from a large aerospace company being instantly available to Chinese competitors.  As the talk has it, the leak was not from malware or an automated process.  And it was not only from one compromised employee.  There were dozens of likely blackmailed employees supplying the plans daily to probable agents of a foreign government.

 

Planning to defeat cyber blackmail takes great effort.  But at least we have an effective tool for reliably defeating it.  It is a solution that seems obvious once it is understood.  And we can help you get the key functions in place.

 

 

ISBA Sustaining Member
ISBA Sustaining Member

Stevens, Travis, & Fortin

Attorneys (574) 936-4041

119 W Garro Street, Plymouth IN 46563

 

ISBA Sustaining Member
ISBA Sustaining Member
ISBA Sustaining Member