12 Timeless Password Tips for Improved Security

Shawn E. Tuma:

Excellent advice from my friend Allan Pratt:

Originally posted on Tips4Tech Blog:

password

According to Splashdata, the #1 and #2 most commonly used passwords are “123456” and “password,” so the creation of strong passwords is one way that users can be proactive in fighting security breaches. Since passwords are the core of an overall security plan, here are my favorite password-related tips. When using a managed service provider, it’s just as critical to follow these guidelines because any time data travels to a third party, it can become more vulnerable.

PASSWORD TIP 1

Make sure your passwords are complex. Use lower case and upper case letters, numbers, spaces, and symbols. Make sure the password length is longer than eight characters – Microsoft recommends at least 14 characters. Don’t use common or uncommon words from the dictionary or real names. Don’t spell your name backwards, use words with common spelling errors, or repeated sequences of the same numbers or letters. Create a phrase…

View original 919 more words

Cybersecurity & Data Breach: You Don’t Drown From Falling Into the Water

“You don’t drown from falling into the water, you drown from not getting out.” Think about that — and think about how that applies to cyber security and data breach issues facing companies in today’s cyber world. Here, in my first ever video blog post, I explain this issue with more detail.

Kevin O’Keefe Interviews Shawn Tuma About Blogging at State Bar of Texas 2015 Annual Meeting

I had the wonderful opportunity to visit with and get to know Kevin O’Keefe (@kevinokeefe) at the State Bar of Texas 2015 Annual Meeting in San Antonio. Kevin is the Founder and CEO of LexBlog, the preeminent source for legal blogging (where I plan to head, one day).

Kevin and I both did presentations during the Ignite Session; Ignite presentations are 20 slides in 5 minutes, with the slides advancing automatically, whether you are ready or not! It was quite a challenge. Following my presentation, Kevin did a brief interview of me using just his iPhone — and it was really cool (and is inspiring me to start doing video blogs – so stay tuned!).

Cyber Trial Lawyer Lesson: Stick With the Chronological Story

There is a well-known rule among experienced trial lawyers: when presenting your case, you always tell your story of the case in a chronological order unless there is an exceptional reason not to.

The problem is, for most of us, the deeper we get into a case and the further into the weeds we get, the more apt we are to convince ourselves that our case is one of those exceptional ones that is so complex that it should be organized by topical subject matter and not chronological order. It happens all the time but it is wrong to give in to this temptation.

The most common reason this happens is because the longer a lawyer works with a case, the more we begin to focus on the details instead of the big picture, and the more we begin to convince ourselves that all of those little nuances are what the case will turn on, and the more we lose sight of the big picture. Simply put, we have a tendency to lose sight of the forest because of the trees.

It is usually at this point that we begin telling ourselves that we are now dealing with that one rare case that requires us to abandon the age-old rule of telling stories in chronological order and, instead, organize our story by the topical subject matter.

Trial lawyers who are handling cyber cases have even more of a temptation. Cyber cases are usually pretty complicated and require a more detailed story. Cyber cases more often fit the criteria of true complex litigation more often than not. And, the more complex a case is, the more we must get into the weeds of the case and, the deeper into the weeds we get, the more tempting it gets to convince ourselves that this is that one exceptional case that justifies abandoning the old rule.

But, the truth is, when we look at the case from how the trier of fact will see it — the jury, judge, arbitration panel — we see that there never really is a good reason to abandon the old rule. We as trial lawyers have usually lived with the case for many years and can see the importance of every little nuance and how each one can make or break a case. That is our job. We must understand it all and be able to answer any question that is asked of us. We must master the microscope.

However, we must also be able to put ourselves into the shoes of our audience who will know nothing of the case, and be able to see in our mind’s eye what will be the best way to help them understand the case in the shortest amount of time. This requires telling them a story in a way that will make sense to them. This requires stepping back and seeing the big picture — seeing the case as a whole — and then finding a way to present that whole case to them in one cogent, easy to understand story, with only enough of the details as are necessary to have the story make sense. This is also our job. We must master the telescope.

This is just as true for lawyers trying cyber cases as it is for lawyers trying any other cases.

What human history teaches is that when it comes to learning, we all learn best through stories, and the easiest stories to understand are those that go in chronological order. It is just how we learn. It is as true for complicated stories as it is for simple stories. So, next time you find yourself thinking that you have one of those exceptional cases and you need to abandon the old rule, don’t give in to the temptation. You don’t. Stick to the chronological story.

Businesses Beware: You need to understand and adopt EMV / Chip-and-PIN Technology

“Visa, MasterCard, Discover, American Express and their banking partners have set a government-enforced deadline of Oct. 15 for a “liability shift” that, for the first time, would make merchants liable for fraudulent charges that result from using point-of-service readers that can’t read chip-and-pin EMV cards. The issuers have been implementing the technology, but it’s still up to companies including Home Depot, Target, Neiman Marcus and others to implement it or be held responsible for fraud resulting from continued use of magnetic strips.”

This quote comes from, Chip-and-PIN Procrastination Is Endangering Your Credit Card, an excellent article that goes into great detail to explain this technology, why you need it, and why the security benefits outweigh the inconvenience factor.

What is ‘cybersecurity law’? Orin Kerr’s 4 Categories

Regular readers know I have a tremendous amount of respect for Orin Kerr as a — if not the — true scholar on cyber law issues. Kerr recently wrote an article in which he explained his view of cybersecurity law and broke it down into four distinct categories:

  1.  The law governing steps that potential or actual victims of Internet intrusions can take in response to potential or actual intrusions
  2. The law governing liability for computer intrusions, both for the perpetrator and the victim
  3. The regulatory law of computer security
  4. Special issues raised by government network offense and defense

The full article has a nice explanation for each category so go give it a read: What is ‘cybersecurity law’? – The Washington Post.

Blue Goose Cantina Data Breach

Presentation tomorrow – Collin County Bar Ass’n Corporate Counsel Section – here’s the question:

“What do I talk about?”

No, it’s not that I don’t have anything to say — for goodness sakes, you all know that I always have something to say!

Blue Goose Cantina Data BreachThe problem I am having is that I had planned to talk about cyber risk compliance and the key elements of what a good cyber risk compliance program needs to include and why. Interesting topic, right? :)

But tonight I saw where a local restaurant that just may be my favorite Tex-Mex place of all — Blue Goose Cantina — had a data breach last week. What was interesting is that they announced it via Facebook at what seems like a very preliminary stage. So, I am thinking I just may make this the focal point of my presentation and use it as an ad hoc case study.

Leave me a comment and let me know what you would rather hear?