Now that the situation at the pump seems to have recovered and returned to normal, it is time to figure out what actually happened in the Colonial pipeline attack and what lessons, if any, we can learn from yet another high profile cyberattack involving ransomware.
First, a few introductory words and some background on ransomware: ransomware is a common form of cyberattack in our time, and it involves attackers deploying code onto the victim’s network that results in encrypting files and folders throughout the network. According to the FBI, the best way to contain the attack is to block the code from moving across the network. For recovery from the attack, companies often rely on sound backup practices that allow them to restore encrypted files and folders without losing too much data. Of course, victims of ransomware attacks can also pay ransom, but that practice is still discouraged by the FBI and in some cases actually forbidden since the groups behind the attack are deemed sanctioned foreign entities.
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Privacy and Data Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngPrivacy and Data Security2021-06-10 10:00:502021-07-02 11:34:55Network Segmentation – Perhaps the Only Piece of Good News From the Colonial Pipeline Hack
In December 2020, as many of us were watching all things political and pandemic, current events eclipsed a serious breaking story. The SolarWinds hack exposed a level of data across the nation that was — to use the oft-turned phrase for 2020 — “unprecedented.” Not to be outdone, 2021 has now given America a data breach through the Microsoft Exchange email software that (conservatively) affected 60,000 organizations, spanning every level of size and sophistication. Read more
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Privacy and Data Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngPrivacy and Data Security2021-03-29 12:38:252021-03-29 12:38:25Managing Risk in Technology Supply Chains After SolarWinds
Happy spring! We are beginning to add resources to our online library, including recordings of two recent discussions from last week: (1) the joint YLD/PDS specialist discussion from March 16, “Becoming a Privacy Law Specialist: Exploring NC’s Newest Legal Specialization,” and (2) the Fireside Chat from March 17, “Managing Third-Party Privacy and Security Risks.”
We invite you to review the materials if you weren’t able to join or to revisit the materials at your leisure.
Here is a reminder of how to navigate the library.
How Do I Access the Library?
Click on “Communities.”
Scroll and find your community.
Click on the “Library” tab.
How Do I Find Content in the Library?
On the left side under folders, you will see varying folders.
When you click on a folder, the contents of the folder will pop up on the right side under “Folder Contents.”
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Privacy and Data Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngPrivacy and Data Security2021-03-22 15:28:272021-03-22 15:37:14Privacy and Data Security Section Updates and Library How-To
SolarWinds made a name for itself as the developer of tools for network monitoring that help small and large companies efficiently run their environment. While not a security-focused company from a product standpoint, the understanding was that the code behind SolarWinds’ tools was protected as intellectual property and that updates were safe to run until it turned out that both of these assumptions were wrong.
How Was the Compromise Detected?
In late 2020, FireEye, a company focused on cybersecurity and internationally involved in helping companies post cyber incident, detected some unusual activity on the FireEye network. FireEye detected it was hacked after the attackers tried to register a device to FireEye’s multi-factor authentication system using stolen credentials. The system then notified the employee, whose credentials were stolen, and alerted the FireEye security team of this new device. This notice triggered an internal investigation to learn who was trying to register this device. FireEye performed in-depth code analysis and determined that the intrusion originated with a SolarWinds product called Orion. Some analysts believe that attacking FireEye was a mistake by the attackers since it sped up detection of the SolarWinds hack. Read more
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Privacy and Data Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngPrivacy and Data Security2021-03-17 12:04:162021-03-23 09:31:16SolarWinds – What Do We Know and What Can We Learn From It?
The North Carolina State Bar’s Rules of Professional Conduct mandates attorneys in this state to uphold a duty of competence in their practice. Under Rule 1.1, competence in representation “requires the legal knowledge, skill, thoroughness, and preparation reasonably necessary.” Competent and zealous representation for an attorney’s clients is of highest priority. Monitoring changes in case law and the broader legal landscape is imperative to maintain this knowledge and skill.
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Privacy and Data Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngPrivacy and Data Security2020-12-09 11:16:352020-12-09 11:28:55Reconciling Emerging Technologies with North Carolina’s Duty of Competence
You may be an in-house attorney at an organization subject to specific compliance requirements or you may work at a law firm and handle sensitive client information, including information subject to laws such as the N.C. Identity Theft Protection Act. In either case, you need to show your business partners that data managed by your organization is protected. You, as an attorney in the room, can help your organization or law firm reduce the risk of a high-profile breach or ransomware attack. Read on to learn about technical approaches to address these concerns.
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Privacy and Data Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngPrivacy and Data Security2020-10-01 10:55:042020-10-01 16:28:14Worried about Hackers? Take Proactive Measures by Hiring Someone to Test Your Network
What You Need to Know About the New Community Platform
This year, the NCBA has switched to a new online community platform. This new community platform for Sections, Divisions and Councils offers many more features than the previous system. Below is a summary of the basics and what you need to know to utilize this platform and its features.
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Privacy and Data Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngPrivacy and Data Security2020-09-28 00:17:052023-02-24 12:33:37Ketan Soni Presents “The New Community Platform”
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Privacy and Data Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngPrivacy and Data Security2020-09-24 11:25:432020-09-24 11:25:43Fall and Winter Fireside Chats: Vote for Topics Today
While the world was quarantining, the privacy and data security world was busy. Now the California Consumer Privacy Act is in full swing with final regulations, the U.S./EU Privacy Shield is no longer valid, and the attorney-client privilege in data breaches has been challenged. With most purchases and interactions happening online, online businesses and virtual meeting spaces are in the crosshairs. Even your old trusty vendor agreement is at risk. All of these changes have significant implications for your clients and your practice, and it is easy to feel behind the curve. Your NCBA Privacy and Data Security Committee has your back! We’ve created a full day seminar (6 MCLE credits*) to get you up to speed. You’ll get ethics and technology credit as well. And with safety in mind, the seminar will be 100% virtual. If you are one of the first 30 people to sign up, you’ll receive a $65 discount. You can sign up here.
Hope to “see” you there!
*6.00 MCLE Hours Includes 1.00 Ethics/Professional Responsibility and 1.00 Technology Training Qualifies for NC State Bar Privacy & Information Security Law Specialization
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Privacy and Data Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngPrivacy and Data Security2020-09-03 10:29:542020-09-03 14:48:48A Lot Has Changed in Privacy and Data Security This Year. Do You Feel Up to Date?
Greetings Privacy and Data Security Section members, and welcome to the 2020-2021 bar year! It is my honor and privilege to serve as Chair this year, and I am looking forward to working with an amazing and highly invested group of council members, committee co-chairs, and NCBA staff. I’m also very excited about this year’s top-notch programming, activities, blog content, and other valuable benefits our Section provides our members.
While this year may look a little different in light of the unique challenges that we are all navigating during the COVID-19 pandemic, the Section leadership is committed to providing the same excellent CLE programming, social and professional benefits, and practical tips and discussions with colleagues in this evolving area of law.
Below is an update on the Section’s activities this year and some opportunities for members to get involved in the Section’s work.
https://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Securityhttps://ncbarblogprod.wpengine.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngSecurity2020-08-20 16:55:122020-08-20 16:55:12A Message from the Chair of the NCBA Privacy and Data Security Section
By Eva Lorenz
By 
By 
By 
By 
By 