by Brian Focht | Mar 8, 2019
Big news! Followers of this blog know how important I believe new tools and technology are in the practice of law. Over the course of writing The Cyber Advocate, I also turned my moderate knowledge of cyber security matters into a focus of special interest, due to the threat hackers posed to law firms. Today, I officially launch my new blog – Resilience Cybersecurity & Data Privacy! Recently, I opened my own law firm, the Law Offices of Brian C. Focht. My practice is dedicated to civil litigation matters and cyber security law. As part of my practice, I provide cyber security and data privacy legal counsel. Primarily, I focus on helping small businesses improve their cyber security defenses. Actually, that part of my practice simply evolved naturally out of my providing ethical and technology consulting to law firms. Anyway, as I began to develop my practice, it became clear that I could provide a lot more assistance to individuals and businesses in the areas of cyber security and data privacy by doing what I’ve been doing for years with legal technology – write about it. Instead of just helping clients in North Carolina, I can, as with how I’ve used The Cyber Advocate, reach a much larger audience and provide help in many more ways. For those of you who have asked me when I plan to resume writing more regularly on this blog, I have good news for you, too! New posts will be appearing here, hopefully at a rate of about one per week, starting in the coming weeks. Hopefully you will all continue to read... read more
by Brian Focht | Jun 12, 2017
So a few weeks back I was interviewed about several current issues in cyber liability insurance. As part of the lead-up to the interview, I was sent a couple of links concerning issues that the interviewer wanted my take on. Most of them I’d seen before. However, there was one that was new to me: After reading the article, I was stunned that a law firm – as in a business that performs at least most of its work in the practice of law – would even consider filing such a lawsuit. Turns out they even got an attorney in a different firm to represent them. They were at least smart enough about not being – or having – a fool for a client. While you might disagree with me on the merits of this particular lawsuit – as an attorney whose practice includes insurance coverage matters, I can concede that insurance is treated differently from state to state – there’s definitely something that everyone can take away from this incident. There is one thing you absolutely, positively must do before purchasing cyber liability insurance: Talk to a lawyer! Not just any lawyer. A lawyer who understands insurance coverage. And who has at least a basic familiarity with cyber security. They don’t need to have a side career in IT, just an understanding about how cyber attacks work. This knowledge is particularly important concerning how the interpretation of your cyber insurance policy may apply to a real-world cyber attack. Here’s an example of what happens when you wait until after a cyber attack to understand what your insurance covers: The Case: Moses Alfonso Ryan, Ltd. v. Sentinel... read more
by Brian Focht | Jun 5, 2017
On Saturday night, the city of London experienced yet another tragic attack, apparently carried out in the name of terror. The city’s second in two months, and England’s third – the terrible bombing in Manchester just two weeks ago, has already led to numerous statements of solidarity and support from (most) leaders around the world. Unfortunately, during that time, Theresa May, British Prime Minister, also said this: That’s right, among the many things we can expect in the near future is another battle over government surveillance powers. In that battle, it’s a virtual guarantee that the British or U.S. government will resume its call for technology companies be able to decrypt any data or communications within their ecosystem, purportedly in the name of fighting terrorism, on demand. Whether it starts now, or as a result of a tragedy yet to come, the new war on encryption is about to begin. The War on Encryption Following any terrorist attack, it’s inevitable that some government official throws out the phrase “gone dark.” Since law enforcement officers have a hard time cracking encryption, the theory goes, terrorists use encrypted messages because they know their terrorist planning and terrorist conversations and terrorist grocery lists can’t be read by Dudley Do Right. They’ve “gone dark,” and as such, new laws are needed to improve the ability of law enforcement and intelligence agencies to monitor and track potential terrorists. Just as inevitable as the “going dark” comment – a proposed new law or regulation expanding the ability of the government to surveil its citizens, including but not limited to a weakening of encryption protocols. Talk... read more
by Brian Focht | Jun 2, 2017
I’m going to go ahead and say it: I’m Pumped! About something in the NEWS! How has your recent news feed looked? A bit dismal, if you’re anything like me. There’s the whole “we prefer the frog-in-a-boiling pot method of extinction” thing coming from the White House. Well, and then there’s everything else coming from the White House. It can all seem like it’s too much. We’ve got a government deliberately ignoring science, publishing a budget that cuts the estate tax – but relies on its revenue continuing because… rich dead people are generous? Oh, and then there’s the whole double counting thing. (But don’t worry, Mick Mulvaney now says it was on purpose.) Fortunately for us all, there’s great news. It’s about… passwords! Who would have ever expected that good news in the “reality and practical experience” matters arena would come from password guidelines? Yeah, me neither. And yet, we have the outlines of the new recommendations from the National Institute on Standards and Technology (“NIST”). Even more importantly, it turns out I was totally right! Totally! Yeah, I’ll get to that. But the best part… IT’S A PRAGMATIC SOLUTION THAT IS BASED ON HOW THE WORLD ACTUALLY WORKS!!! That’s right, I’m getting pumped about a government agency evaluating the collective experiences we’ve had related to their rules, using that collective experience to determine what works and what doesn’t, and then taking that information and applying it. PUMPED. Why am I so excited about this? Mostly, it’s because for years, the rules our companies have used to get their employees to password protect their computers and devices have been... read more
by Brian Focht | May 17, 2017
Last weekend, a virus called “WannaCry” swept through Asia, Africa, and Europe, encrypting the data of thousands of individuals and businesses. Although it demanded a ransom that, if paid, promised the user access to encrypted data, few paid the ransom, and many who did never regained access to their data. It was the largest ransomware attack ever, even though it was stopped before it impacted much in the United States. Since the attack, I have read numerous security posts about why this attack is just more proof that people and businesses should adopt the security measures those writers had previously published. While I agree with (most) of those posts, I think that the unprecedented nature of this attack creates a different opportunity – to discuss some fundamental lessons that every business owner needs to accept as the modern reality. Here are Six Lessons You Need to Learn from the WannaCry Cyber Attack: 1) Everyone is a target When it comes to hacking, I’m fond of the metaphor of the fisherman. When a fisherman is going after a specific type of fish, a lot of preparation and knowledge about that specific fish is needed: what type of pole and line works best, what type of body of water, and where in that specific body of water can the fish be found, how deep should the line be dropped, and what bait is needed? Most businesses are prepared for hackers who are looking for a specific fish – the “important” data in their systems. Unfortunately, just like in the fishing industry, the vast majority of successful hackers aren’t using a fishing pole,... read more
by Brian Focht | Nov 21, 2016
I try, on this blog, to avoid topics that are purely political. Sure, I spoke strongly in favor of net neutrality, I supported Apple’s position on encryption, and I continue to argue forcefully against the deregulation of the practice of law. Those are all political issues, to be certain. But this post is going to be a little bit different. It’s about the future of cyber security for all small businesses (and even large businesses) who have a legal obligation to protect their clients’ and customers’ data. The Trump Administration has not officially begun, but with its transition currently underway, several of the decisions already made point toward a dystopian future for cyber security. A future where hacking, including by foreign government and industry interests, is rampant; where the tools to protect ourselves are compromised; and where even our access to information is subject to purely corporate interests. Let’s take a look at some of the brilliant ideas for technology held by President-Elect Trump’s team: 1) Donald Trump, President-Elect Donald Trump’s campaign comments on cyber security and technology begin at “cringe-worthy” and go down from there. He refers to what I suppose is everything about computers as “the Cyber,” suggesting that we’re terrible at it and must get better. But, based on his other comments, he has no clue at all what “the Cyber” includes… or even means (not unlike ill-fated procedural CSI Cyber, which was objectively terrible). Those comments and positions are as follows: He proposed a boycott of Apple products during the debate between the DOJ and Apple concerning the encryption of a device used by one... read more
by Brian Focht | Oct 27, 2016
I’ve been lucky, and I have no problem admitting that. To date, I haven’t had a client who, either during or after completion of my representation, decided to burn me by posting a scathing negative review online. While I may have had a few clients that might have been inclined, I’ve done everything I could to manage the situation before it came to hostile words being shared to the world online. Like I said, that doesn’t necessarily make me good, it makes me lucky. Many other lawyers, unfortunately, haven’t been so lucky. I’m not talking about those lawyers who treated their clients casually, failed to return phone calls, or truly caused their clients harm through negative actions or omissions. They deserve all the ink they get. I’m talking about lawyers who, despite their best efforts, just couldn’t deliver what the client wanted or expected. Whether you deserve the online tongue-lashing you ended up getting or not, once it’s posted, you need to do something about it. And when I say “something,” I most certainly mean something OTHER than what these lawyers are accused of doing… You Should Already Know that Committing Fraud is Wrong, But Just So We’re Clear… If you haven’t heard the story, two lawyers have been engaging in “online reputation management” through some allegedly sketchy, unethical, and illegal means. According to a lawsuit filed in US District Court for the Northern District of California, the lawyers would attempt to have negative reviews that had been posted on various sites online taken down. When a site refused, the lawyers would file a defamation lawsuit – either on... read more
by Brian Focht | Oct 25, 2016
If you’ve been conscious for 15 consecutive minutes or more at any point over the past five years or so, you’ve no doubt heard news about a major hack. It’s everywhere, extending even to domination of the presidential election campaign. Your business is at risk, your clients’ data is at risk, and you need to be involved. Sure, but even the best laid plans can suffer the same fate of the great city of Constantinople – one unlocked door and your city has fallen! Fortunately, you’ve actually got the opportunity to protect your business in a way that the Byzantine Empire couldn’t – insurance. Specifically Cyber Liability Insurance. There’s a lot to cyber liability insurance, so we’ll take this in several parts. In this part, we’ll be talking about the expenses you’ll likely run into in the event of a cyber-attack, and therefore need to ensure your cyber liability policy covers: The 5 Major Expenses Your Cyber Liability Policy Better Cover! 1) Parachuting Professionals You need an emergency response team. Think of them as a really nerdy version of Seal Team Six. Think I’m being overly-dramatic? Well, you’re right. However, you should be aware that most cyber liability claims that exhaust the policy limits do so covering the costs in this category! So, you’re going to need… Forensic IT Specialists You need immediate and effective analysis of your system to determine the size and scope of any breach, and professionals with the experience and training to eliminate any active threats to your system, limit the damage being caused by existing penetrations, and shore up your short-term defenses. Legal Advisors... read more
by Brian Focht | Oct 19, 2016
Seriously, I understand that this has essentially been the Donald Trump election, and even the legitimate questions raised by the emails hacked from Hillary’s campaign have been drowned out. However, the candidates, the debates, the media coverage, they’ve all failed to ask one salient question about the candidates’ technology policies. And the failure doesn’t rest solely at the presidential level. Candidates for senate, the house of representatives, and governors haven’t focused much time at all into talking about how we’re going to address, you know, 21st Century Problems here in the 21st Century. 2016 Election: Technology Issues Analysis Since I routinely talk about these technology issues, maybe I’m more sensitive to them. Certainly, it’s not like other issues haven’t gotten their fair share of attention, either (cough, Climate Change, cough). So I’ve decided that instead of bitching about the lack of coverage, I would actually provide a service for a change. This post is the official announcement of my 2016 Election coverage of five major technology issues: 1) High-Tech Infrastructure, 2) Privacy/Surveillance, 3) Encryption, 4) Cyber Security, and 5) Net Neutrality/Open Internet. Visit My 2016 Election: Technology Issues Analysis On the 2016 Election page, you’ll find a candidate-by-candidate breakdown of their respective positions on these five key, yet woefully under-discussed, technology issues confronting our world. I’m analyzing the four major candidates for president, along with competitive races for congress and governor. 2016 Elections Analyzed: For Senate, House of Representatives, and Gubernatorial races in the 2016 Election, I am adding these progressively over the next few days. If you see the race you’re looking for in bold, then it means it has... read more
by Brian Focht | Jul 25, 2016
You make sure nobody knows how to contact you! Last week, I had a little bit of free time at the office and decided to update my contacts (yes, I actually do this). Several contacts, as happens, were missing phone numbers, email addresses, and other information. Some were literally nothing more than a name that I’d saved to remind myself to follow up about something – the fact that they’re blank indicating that the reminder to follow up didn’t work. So as I looked around online for updated information on a bunch of attorneys I know, I ran into a problem I’d experienced in the past, and found remarkably frustrating – the information I was looking for was NOWHERE TO BE FOUND on the law firm website. “Ah, now I remember,” I thought to myself, “why so many of my contacts don’t have full information.” I also remembered exactly how frustrating it was when what seemed like such basic information was unavailable. Imagine how your prospective clients feel. Basic Contact Information is Nowhere to be Found on your Law Firm Website I mean NOWHERE. Sure, several of the bigger firms had downloadable vCards (extremely helpful, thank you), and some had the slightly less helpful listing of phone numbers and email addresses on attorney bio pages. However, the MAJORITY of law firm websites I visited did not list the email addresses for individual attorneys. Many also did not list direct phone numbers. A disturbingly large number of them also didn’t provide a phone number, and only provided a contact form on one page of their site. Once someone is on... read more