Come to our session at #PSR18 – Vendor Risk Management: Maintaining Relationships While Limiting Liability

Are you at IAPP – International Association of Privacy Professionals P.S.R.  #PSR18 in Austin? If so, please come to our Thursday 10:30 – 11:30 session on Vendor Risk Management: Maintaining Relationships While Limiting Liability in Lone Star Ballroom A, Level 3. It should be great as I get to be with great panelists Tami Dokken and Melissa Krasnow and we will have Mark Smith as our moderator.

Bloomberg BNA Texas ProfileWhile you’re there pick up your copy of Bloomberg BNA’s  Domestic Privacy Profile: Texas!

If you can’t make it, here is a link to the .pdf (hey, I know people!).

Session Info: https://iapp.org/conference/privacy-security-risk/sessions-psr18/?id=a191a0000028eqTAAQ

5 Key Things In-House Counsel Can Do to Help Their Businesses’ Cybersecurity

internet screen security protection
Photo by Pixabay on Pexels.com

Cybersecurity is a team sport and many people within a business must work together to help effectively manage their businesses’ cyber risk. In-house counsel plays a critical role in this process. A recent Law360 article (subscription required) identified the following key things they can do:

  1. Develop, implement, and table-top test an incident response plan
  2. Advise executives on their ethical obligations (and make sure to mention insider trading on knowledge of cyber incidents)
  3. Have an awareness of applicable laws and regulatory standards
  4. Understand and help manage third-party risk from vendors and business partners

I am adding one more because it is critical: Ensure the business has appropriate cyber insurance to address its unique risks.

Why do you need a cyber attorney? Shawn Tuma explains in Ethical Boardroom

spring2018In my latest article in Ethical Boardroom article, I explain some of the not-so-obvious reasons why you need an experienced cyber attorney on your team: Why you need a cyber attorney (Spring 2018)

Here are other Ethical Boardroom (@EthicalBoard) articles that I have written or contributed to that are also available for free:

What does it mean to “hack back” and is it a good idea?

There is more and more talk about companies hacking back against those who attack them in cyber space and whether allowing them to take such measures is a good idea. Right now, hacking back, or active defense, as it is often called, is illegal under the federal unauthorized access law, the Computer Fraud and Abuse Act. There are current federal efforts to change this, along with some woefully misguided rumblings by some state legislators (who do not seem to understand that the CFAA supersedes anything they pass to the contrary).

So, the question is whether hacking back a good idea or will it cause more harm than good? Shawn Tuma was a guest on the KLIF morning show to discuss this issue. Go here to listen to what he had to say about it.

What are your thoughts?

Cyber Risk Management and Attorney-Client Privilege in Cybersecurity Discussed on Business Security Weekly

Business Security Weekly, Episode 81, featured Michael Santarcangelo (@catalyst) inviting Shawn Tuma to join as co-host and guest to discuss two topics that should be near and dear to everyone’s hearts:

  1. The legal case for why companies need cyber risk management programs and what experienced cybersecurity attorneys’ roles are in such programs; and
  2. The frequently cited but often misunderstood role of attorney-client privilege in cybersecurity.

Here are the show notes and here is the video:

______________________

Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.