Business leaders are beginning to understand that cyber is not just an IT issue, a legal issue, or any other silo-ed issue, but that it is an overall business risk issue and that makes managing cyber risk a team sport. This week I had the privilege of moderating a panel discussion that was titled “Sharing…
Category: Corporate Governance
5 Key Things In-House Counsel Can Do to Help Their Businesses’ Cybersecurity
Cybersecurity is a team sport and many people within a business must work together to help effectively manage their businesses’ cyber risk. In-house counsel plays a critical role in this process. A recent Law360 article (subscription required) identified the following key things they can do: Develop, implement, and table-top test an incident response plan Advise…
Please share this!
Why do you need a cyber attorney? Shawn Tuma explains in Ethical Boardroom
In my latest article in Ethical Boardroom article, I explain some of the not-so-obvious reasons why you need an experienced cyber attorney on your team: Why you need a cyber attorney (Spring 2018) Here are other Ethical Boardroom (@EthicalBoard) articles that I have written or contributed to that are also available for free: Cybersecurity: A Fiduciary Duty…
Please share this!
Do data breaches have consequences? Will Equifax CIO serve jail time for insider trading?
“Corporate insiders who learn inside information, including information about material cyber intrusions, cannot betray shareholders for their own financial benefit.” Richard R. Best, SEC – Atlanta Division For years many in the cybersecurity/data breach space have been saying that somebody is going to have to go to jail before corporate decision-makers begin to take cybersecurity…
Please share this!
The Most Positive Cybersecurity Trend I Have Seen in Nearly 20 Years!
In the last quarter of 2017, I have observed a cybersecurity trend that has given me more hope than any that I have seen previously. Let me explain. As an attorney, I have been practicing what can generally be described as cyber law or cybersecurity law since 1999, which means that my practice has evolved a lot…
Please share this!
Complimentary Webinar: Countdown to #GDPR – Compliance for Non-EU Companies
Countdown to GDPR Compliance is a complimentary webinar that I will be moderating on Thursday, December 7, 2017, at 12:00 PM Central. This is the second webinar in a three-part series sponsored by Mackrell International and will focus on Compliance for Non-EU Companies. You don’t want to miss it! Moderator: Shawn Tuma Presenter: Marta Stephanian,…
Please share this!
Uber’s Settlement With FTC Emphasizes Companies’ Need for Cyber Risk Management Programs
The FTC and Uber have settled the enforcement action the FTC brought against the company. This action stems from Uber’s data breach of more than 100,000 individuals’ PII despite its promises that their data was “securely stored within our databases.” The FTC found this promise was misleading when compared with the actions the company was…
Please share this!
Does Board Oversight of Cybersecurity Mean Directors Must Become Cybersecurity Experts?
Does the board of directors’ duty of oversight over their companies’ cybersecurity require the individual directors to become experts on cybersecurity? That is a fair question and one that I’ve seen many people have difficulty understanding. The answer is “no,” as explained by Michael Santarcangelo (@catalyst) in his CSO article Why the board needs security leaders…
Please share this!
Critical Steps Companies Must Take to Comply with New York’s Cybersecurity Rules – Ethical Boardroom
New York’s Cybersecurity Regulations went into effect on March 1, 2017 and their impact could reach farther than you think — including to small and mid-sized companies that do not do business in New York and are not in the financial services industries. And, they require direct involvement by the Board of Directors. Is your…
Please share this!
Improving Your Cybersecurity Plan, Explained by Paul Ferrillo in WSJ
The Wall Street Journal did an interview of my friend, collaborator, prolific author, and the the original Cyber Patriot, Paul Ferrillo to discuss how companies can make their cybersecurity plan better. Here is the full article: Making Your Cybersecurity Plan Better Paul and I are both firm believers in focusing on the basics so that…
