On May 19, 2022, the U.S. Department of Justice directed prosecutors to not charge security researchers who report cybersecurity vulnerabilities in “good faith” with violations of the federal Computer Fraud and Abuse Act (CFAA). The DOJ’s press release titled Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act…
Is This the Next Evolution of Cyber Risk Governance? The SEC Is About To Force CISOs Into America’s Boardrooms
The SEC is proposing to force boards to do what they haven’t done themselves, govern cyber risk. This article makes some excellent points and I believe it is logical to expect that this could be the next evolution for where cyber risk governance is going. “The trigger for the boards that I’m on came from…
Security Incidents and Your Board Pt.3 – The Above Board Show
“Data is the hot potato!” – Shawn Tuma It was great to be a guest on The Above Board Show hosted by my friends Gary Latham, Raf Los, and Grant Sewell where we discussed what “The Board” needs to know about security incidents and getting prepared for the worst day ever for the company. The…
Cyber Incident Response Preparation and Your Board Pt.2 – The Above Board Show
“Amateurs talk about strategy and tactics. Professionals study logistics.” – General Omar Bradley It was great to be a guest on The Above Board Show hosted by my friends Raf Los and Grant Sewell where we discussed what “The Board” needs to know about security incidents and getting prepared for the worst day ever for…
Not all HIPAA privacy “breaches” are caused by “hackers” — dentist gets $50k penalty for responding to patient’s Google review
When thinking of HIPAA data breaches, most of us tend to think of situations where the hackers engage in malicious activities against hospitals and steal troves of patients’ protected health information (PHI). There are, however, other much simpler kinds of HIPAA privacy breaches that are easily avoidable and can be quite costly to the healthcare…
Security Incidents and Your Board Pt.1 – The Above Board Show
It was great to be a guest on The Above Board Show hosted by my friends Raf Los and Gary Latham where we discussed what “The Board” needs to know about security incidents and getting prepared for the worst day ever for the company. The video linked below was part 1 of a 3 part…
Why does cyber warfare involving Russia and Ukraine increase the risk of cyberattacks against your business?
There are many reasons why the ongoing cyber warfare involving Russia and Ukraine increases the risk of cyberattacks against your business, but, one of the simplest explanations comes from a recent joint FBI and Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Advisory (Destructive Malware Targeting Organizations in Ukraine) that was published on February 26, 2022:…
Increased Ransomware Threat in Wake of Russia Invasion of Ukraine — Shawn Tuma Discusses
With the Russian invasion of Ukraine well underway, cyber warfare and increased ransomware activity are imminent. Shawn Tuma was a guest on KNX News to discuss the implications for Americans from the government level down to the mom and pop businesses. Listen to the interview HERE. A senior FBI official has asked businesses and local…
Ransomware Attack Forces Company Into Bankruptcy
A ransomware attack forced United Structures of America Inc. into bankruptcy according to court filings. In May 2019, the Texas-based steel structure manufacturer was the victim of a ransomware attack that encrypted its data (including financial information, accounts receivable, etc.) and the software to run its manufacturing equipment. The company paid the ransom but decryption…
Shawn Tuma Provided Texas Bar Journal 2021 Cybersecurity & Data Privacy Year in Review Update
Shawn Tuma provided the Texas Bar Journal’s 2021: The Year In Review – Cybersecurity & Data Privacy Update which addressed the following issues: updated Texas data breach notification requirements federal and state hacking laws whistleblower claims for reporting cybersecurity deficiencies within an organization authority of consent for search warrants and password protected devices Read more…
You must be logged in to post a comment.