Cybersecurity & Data Breach: You Don’t Drown From Falling Into the Water

“You don’t drown from falling into the water, you drown from not getting out.” Think about that — and think about how that applies to cyber security and data breach issues facing companies in today’s cyber world. Here, in my first ever video blog post, I explain this issue with more detail.

Kevin O’Keefe Interviews Shawn Tuma About Blogging at State Bar of Texas 2015 Annual Meeting

I had the wonderful opportunity to visit with and get to know Kevin O’Keefe (@kevinokeefe) at the State Bar of Texas 2015 Annual Meeting in San Antonio. Kevin is the Founder and CEO of LexBlog, the preeminent source for legal blogging (where I plan to head, one day).

Kevin and I both did presentations during the Ignite Session; Ignite presentations are 20 slides in 5 minutes, with the slides advancing automatically, whether you are ready or not! It was quite a challenge. Following my presentation, Kevin did a brief interview of me using just his iPhone — and it was really cool (and is inspiring me to start doing video blogs – so stay tuned!).


FBI Business Email Compromise Advisory for Dallas / Fort Worth Businesses

From: FBI – Dallas Division

Date: June 24, 2015


The Dallas Division of the FBI has drafted a Private Sector Advisory regarding the identification of six individuals possibly working as a group, targeting U.S. businesses using the Business E-mail Compromise (BEC) scheme. As of June 2015, approximately 25 Dallas companies have been targeted by the BEC scheme, or variations of the scheme, with an attempted loss of over $100 million. Please see the attached advisory and feel free to further disseminate it , to prevent you or others from becoming victims of this scheme. In addition, as set forth on the attachment, please report any attempted or successful BEC schemes.

Here is the link for the FBI’s Advisory.



Businesses Beware: You need to understand and adopt EMV / Chip-and-PIN Technology

“Visa, MasterCard, Discover, American Express and their banking partners have set a government-enforced deadline of Oct. 15 for a “liability shift” that, for the first time, would make merchants liable for fraudulent charges that result from using point-of-service readers that can’t read chip-and-pin EMV cards. The issuers have been implementing the technology, but it’s still up to companies including Home Depot, Target, Neiman Marcus and others to implement it or be held responsible for fraud resulting from continued use of magnetic strips.”

This quote comes from, Chip-and-PIN Procrastination Is Endangering Your Credit Card, an excellent article that goes into great detail to explain this technology, why you need it, and why the security benefits outweigh the inconvenience factor.


FTC Gives Good Reason to Not (Try to) Hide Data Breaches

Why do I need to report a data breach?

FTCThis is a common question that business owners ask me all of the time. In response, I rattle off a laundry list of reasons why reporting is not optional — but mandatory. This includes ethical stewardship and obligations, business and public relationship reasons, and finally legal obligations that make it mandatory.

Some still think I am just Chicken Little claiming the sky is falling, but so it goes as some people just can’t be helped.

Thanks to the FTC, I now have another reason to give them. It fits into the legal obligations requirement and, while implicitly, most of us in this profession knew this all along, it never helps like an agency like the FTC just comes right out and says it: The FTC said that it looks ‘favorably’ on firms that report data breach.

“In our eyes, a company that has reported a breach to the appropriate law enforcers and cooperated with them has taken an important step to reduce the harm from the breach,” said Mark Eichorn, the agency’s assistant director for privacy and identity protection.

There you go, simple enough? Yes, you must report the data breach. Period. End of story.

Read more via FTC looks ‘favorably’ on firms that report data breach | TheHill.

Cybersecurity Risk: Law and Trends – Ethical Boardroom Article

The law is trending toward more risk of liability for Officers and Directors. Learn more about this from my recent article in Ethical Boardroom — full text available without paywall here: Cybersecurity Risk: Law and Trends.


Speaking on Cybersecurity Law, Risk & Compliance at Collin County Bench Bar Conference in Austin! #CCBBF

As you can see, I have had a whirlwind week of presentations with the IAIP Keynote on Tuesday, ACFE Fraud Conference on Friday, and then Saturday I finish it up in Austin at the Collin County Bench Bar Foundation’s Collin County Bench Bar Conference!

You Should Be Here!

The Bench Bar Conference is a really fun event that I spoke at last year (see Collin County Bench Bar Presentation on Cyber Risks to Lawyers #CCBBF) and I could not miss the opportunity to be a part of it again this year. To add to that, it is a real honor for me to share the stage and be presenting with so many well-respected legal jurists, scholars, and

Amazing Speakers!

To add to that, it is a real honor for me to share the stage and be presenting with so many well-respected legal jurists, scholars, and practitioners:

  • Hon. Eva Guzman, Justice, Supreme Court of Texas
  • Hon. Angela Tucker, Judge, 199th District Court, Collin County, Texas (@AttorneyTucker)
  • Hon. Jill Willis, Judge, 429th District Court, Collin County, Texas
  • Rep. Jason Villalba, Texas House of Representatives
  • Thomas Ashworth – Collin County District Attorney’s Office
  • Leah Boyd – ALARM
  • Kelly Crawford – Scheef & Stone, L.L.P.
  • David Clouston – Sessions Fishman Nathan & Israel
  • Melinda Eitzen – Duffee + Eitzen
  • Martin Thornthwaite, Strasburger & Price
  • Emily Miskel – Koons Fuller
  • Jeff Domen – Goranson Bain
  • Lee Bean
  • Charity Borserine
  • Penny Phillips

My Presentation

As I am sure you can imagine by now, my presentation will focus on cybersecurity law, mitigation, and compliance for both lawyers and businesses.

Stay Tuned for More

Check back soon for a blog or two about the event as well as the slides from my presentation.