3 Steps the C-Suite Can Take to Strengthen Cyber Security

NTCC 1The C-Suite is ultimately responsible for failures of a company’s cyber security. A recent example of this is how Target’s CEO, CTO, and several Board Members were pushed out in the wake of its data breach.


This puts leaders in a difficult position. It is almost a statistical certainty that every company will suffer a data breach sooner rather than later. Does that mean that most C-Levels and Directors are on the verge of losing their positions because of a data breach? Does it mean that their careers and future are now out of their control?

No, it does not have to mean either of those things. There are steps leaders can take to help minimize the risk of these things happening, both to themselves and their companies.

Leaders will be Judged, but by What Standard?

Because statistics show that virtually all companies will eventually suffer some form of data breach, the standard by which their leadership is judged is not whether their company did or did not suffer a data breach. That is now a given.

Rather, the standard is whether, prior to a breach, the company had taken reasonable steps to protect its systems and data and whether it made appropriate plans to respond and mitigate the effects of such a breach.

Because the risk is foreseeable, the question is one of preparation. That is, did the leaders act reasonable in preparing their companies now that they are aware of the risks their companies face. If they did, they have much better odds. If they did not, they will be judged harshly.

How can leaders help prepare their companies for these challenges?

The 3 Steps

To prepare their companies, the C-Suite must show leadership on this issue by setting a tone for the company and establishing a culture of compliance when it comes to cyber security. This must come from the top down. There are three steps that leadership can take that will help create that culture:

  1. Leadership must truly care about cyber security and the digital business risks their company faces;
  2. Leadership must show its concern and commitment by dedicating appropriate resources for cyber security and minimizing digital business risks; and
  3. Leadership must listen to those responsible for, and who work most closely with, cyber security issues. By listening, leadership reaffirms its concern and commitment to a culture of compliance for cyber security. Leadership also increases its knowledge and understanding of the nature of the cyber security threats and the digital business risks the company faces.

Where Can Leaders Start?

The starting point for members of the C-Suite and Boardroom is to gain a better appreciation and understanding of the risks their companies face. There is a great opportunity for them to do this by attending an upcoming seminar sponsored by the North Texas Crime Commission.

The seminar, Strengthening the Weak Link: Cyber Security Essentials for the C-Suite, will be held at the George W. Bush Institute at Southern Methodist University on October 16, 2014.

The keynote speaker will be Tom Ridge, former Secretary of Homeland Security. There are several other notable speakers who will be sharing their knowledge of these risks, including members of the cyber units of the FBI, Secret Service, United States Department of Justice, and many others.

Register for the event on Eventbrite by clicking HERE! 

NTCC Cyber Security SeminarNTCC 3


Presentation: Helping Businesses Prepare for Computer Fraud and Data Breaches

Last night I had the wonderful opportunity to present to IMA – The Association of Accountants and Financial Professionals in Business on the topic of Helping Businesses Prepare for Computer Fraud and Data Breaches. Here are the presentation slides.

I was really impressed with the quality of this event on many levels — these folks really put on first class meetings so, for those of you who are accountants or financial professionals, I would encourage you to check them out. The facilities were great, the people were great, the food was great and it’s amazing how insightful and inquisitive a group can be when wine is served! Seriously, if you spend much time presenting to groups, you can tell when an audience is interested and paying attention or when they’d rather be some place else — this group was focused and their questions showed it. It was a real pleasure for me. The icing on the cake, however, was at the end when I was told that the organization would make an honorarium to my favorite charity — Cure JM of course! Much thanks!

Listen to Shawn Tuma discuss social media law issues for business on PlayMakers Talk Show via podcast

2013-03-09 21.17.45

UPDATE: here is the podcast

Shawn Tuma is a featured guest on this week’s PlayMaker’s Talk Show on 570 KLIF in Dallas, Texas. Shawn will discuss several social media law issues that are important for businesses and business owners to consider when using social media. The show airs at 4:00 p.m. today – Sunday, March 17, 2013. You can listen LIVE by going to the KLIF website or stream the show on iheartradio.


A podcast of the episode is available by clicking HERE to play/download or going to the PlayMaker’s Talk Show website.

You can view Shawn’s blog posts on social media law HERE. If you have any questions or would like to talk social media law, computer fraud, data security or privacy, please feel free to contact Shawn at 469.635.1335, stuma@brittontuma.com or @shawnetuma

… there’s no such thing as too much lawyering.

This is one of those articles that I just can’t help but blog — why? Well, I’ll let you figure that part out and you can start right here:

When a single case can make or break your business, there’s no such thing as too much innovation — or too much lawyering.

via Ready to Innovate? Get a Lawyer. – Larry Downes – Harvard Business Review.

Business Situational Awareness & Social Media

Weapon loadout of the AH-64 Apache

Image via Wikipedia

How can your employees’ social media usage be compromising your businesses’ assets?

I have said it before: business and warfare are one in the same. The objectives are the same and the tactics are the same. Both require an understanding of situational awareness.

What is situational awareness?

Situational Awareness is the ability to identify, process, and comprehend the critical elements of information about what is happening to the team with regards to the mission. More simply, it’s knowing what is going on around you

That’s the military definition and it works just fine for the business world: knowing what is going on around you. Knowing the definition is one thing, but understanding how to apply it is quite different. Do your employees — or even you — appreciate the many ways that using social media can compromise your businesses’ assets because of a lack of awareness of what is going on around you?

An example of how a lack of social media situational awareness in the military led to the destruction of 4 $20 million AH-64 Apache helicopters — on a base in Iraq!

In 2007, a fleet of new Apache attack helicopters arrived on base in Iraq and one of the soldiers took a picture of them that was then shared through social media. (See U.S. Army Warns That Social Media Can Kill. Literally.) The picture contained a geo-tag that embeded the latitude and longitude coordinates of the helicopter right in the photo. The enemy was monitoring the Internet and discovered the photo, pulled the coordinates from the photo, and used them to conduct a mortar attach that destroyed 4 of the Apache helicopters valued at $20 million each. Yep — that was essentially an $80 million photo! Ooops.

Now let’s think about how these principles can apply to your business.

  • Have your employees listed their customer contacts — those “trade secrets” that you pay to much to protect — on their LinkedIn contacts?
  • How about your prospects — those that you are hoping to snag away from your competitors — has anyone in your organization recently “added” or “followed” them?
  • That new strategic location you’re planning to open — do you think anyone noticed that 4-Square check-in or found the geo-tag coordinates from the pic from the inside?
  • That new strategic alliance your company is secretly developing … was it really a good idea for your receptionist to tweet “nice to meet you” to them after they left your office?

Please feel free to continue the list. You get the picture. Do you still believe that your competitors are not monitoring your and your employees’ social media?

I love social media and I think it is an amazing thing that holds an amazing amount of promise for virtually every kind of business. I want to see businesses use it more — I want to see you use it more. You know this. You also know, by now,  that I’m a social media lawyer who practices social media law — I try to help you and your business plan for as many things as we can and put them into policies to help protect your business from known and unknown risks. So what, right? Would I have ever imagined that one picture would result in 4 destroyed Apache helicopters? Maybe, maybe not. Who knows.

We can’t anticipate everything and we can’t put every potential risk into a policy. It’s just not possible. But, what we can do is teach our people to think — to understand their situational awareness — and to appreciate the fact that for everything they (we) are putting on the Internet, potentially someone who we wouldn’t want to read it is reading it and, if they have a chance, will use it to harm our interests or further their own. The best protection for you and your employees: (1) know what is going on around you; and (2) think before you post.

Mind Control, Human Hacking & the Computer Fraud and Abuse Act?

Here is a thought to ponder: Would it violate the Computer Fraud and Abuse Act to hack a person?

Based on the broad definition of computer that is used in the Computer Fraud and Abuse Act I believe that the answer could be “yes.” Here is why:

  • The CFAA applies to anything with a microchip or data processor that is connected to the internet. See Can Stealing a Car Violate the Computer Fraud and Abuse Act?
  • If a person were to have a microchip or data processor implanted into their bodies, and if such device were connected to the Internet, then that person would be a covered “computer” and the CFAA would apply if they were hacked.

So, you may be wondering, what made me think of this crazy idea? Well, I read the article Are You Ready for Mind-Control Warfare? and, the more I thought about it, the more I realized that it is a possibility. Technology has already advanced to the point where tiny microchips are being put under people’s skin for various reasons and there is no doubt that will continue. But, as the above article shows, these technological advances will not stop there. Now we’re looking at things like “the potential for ‘neural interface systems’ (NIS) that could control weapons with the human mind.” Pretty heavy stuff for sure but stop and think about this for a moment.

If technology reaches a point where “computer” driven devices allow the human mind to control weapons, surely someone will then try to gain control over that device and, therefore, the mind that controls those weapons. That is, they will try to “hack” that person. And, when they do, I would argue that they will have violated the Computer Fraud and Abuse Act as it is presently written and interpreted.

Learn About Social Media Through Pictures on Pinterest!

If you would like to learn a lot more about social media by simply looking at pictures instead of reading boring blog posts, I can tell you how to do it … but first you have to get to the end of this boring blog post (hint: or just skip right to the bottom if you want!). Let me explain what I am talking about …

A few weeks ago I joined the ranks of those who have become obsessed with Pinterest. We can thank my wife for that as she was the “early adopter” in our family, as well as our daughter Clara (but that is a whole ‘nuther post).

According to Pinterest’s About page,

“Pinterest is a Virtual Pinboard. . . . Pinterest lets you organize and share all the beautiful things you find on the web.”

If that doesn’t tell you enough just go have a look for yourself by clicking HERE! You will need an invite to Pinterest and you can request one HERE — or send me an email and I’ll be happy to invite you. Simply put, Pinterest is a bunch of pictures. That’s it. Pictures of everything you can imagine. It is the world displayed visually through pictures.

Shortly after I began using Pinterest I began exchanging ideas about it with Jay Pinkert, a well respected legal marketer (among other things), who manages Shatterbox Marketing & Communications, and we talked about whether there were ways that professionals such as lawyers could use Pinterest for marketing purposes. At that time all I could envision doing with Pinterest was (a) using it for fun and (b) using it to help develop relationships with other people which is, after all, the foundation of social media. I really did not see any substantive value, however, for a lawyer such as myself who focuses on issues like social media law, technology law, and computer fraud beyond the fact that I need to have an in depth understanding of these social media services to best enable me to advise my clients about the legal issues involved with using them.

Then an epiphany hit me!

Earlier this morning I had the wonderful opportunity of attending the Social Media Breakfast Dallas where I met many others who are also passionate about social media. I found myself in a conversation with two new friends, Tonya Delano and Jackie Bese and you will never believe what I learned: they were into Pinterest also, as well as virtually everyone else I talked with! In fact, Tonya has even recently blogged about Pinterest: Like I need another social media addiction! 

Talking with them about it got me to thinking that, with that many “social media types” interested in Pinterest there had to be some interesting social media graphics on there because the “social media types” are generally very graphic-oriented people. Forgive the stereotype but you know I’m right about this one, and that’s a plus!

So, I decided to spend some time on Pinterest this evening and was amazed with all of the “infographics” (pictures to most of us) that I found. Seriously, take a look at the picture to the right that is on Pinterest but originally came from a blog post titled Social Media Marketing — 10 Inspiring Infographics written by Jeff Bullas. This is just one example of the tons of other infographics you can find there.

The more I thought about it, the more I reflected back to the discussion Jay and I had and I realized that information such as this may be of interest to people I connect with on social media and is also related to the social media law aspect of my practice. So, I spent about half an hour looking at these amazing and informative pictures and “pinned” as many as I could on social media and put it in a “board” called “social media” that you really need to go check out right HERE.

There is some very helpful information about social media that you can learn just from looking at these really awesome pictures and it is a heck of a lot more fun than reading boring blog posts like this one. So, here you go, if you want to learn a lot about social media just from looking at pictures, Pinterest is the place to go and my social media board is the perfect place to start.

Have fun pinning and let me know what you think about whether there is any real value in using Pinterest for something like this, or, if you just think I’m being goofy (p.s., kiddos, this is not a license to criticize dad).