Category Archives: Cybersecurity Law

The Art of Cybersecurity: How Sun Tzu Masterminded the FireEye / US Agencies / SolarWinds Cyberattacks

Sun Tzu taught that, when it comes to the art of cybersecurity, you must be wary of your business partners and other third parties. Why?Unless you are living under a rock, you should have heard that FireEye–perhaps the preeminent cybersecurity firm on the face of the planet–was the victim of a successful cyberattack. So were …

Continue reading “The Art of Cybersecurity: How Sun Tzu Masterminded the FireEye / US Agencies / SolarWinds Cyberattacks”

Simple Mistakes – Not Always “The Hackers” – Can Cause Substantial Data Breaches

It is not always the feared and dreaded “hackers” that cause the exposure and breach of confidentiality of sensitive personal information. Sometimes it’s just simple mistakes, but the consequences can be much the same. Consider this situation: NTreatment inadvertently exposed thousands of medical records online by neglecting to add password protection to one of its …

Continue reading “Simple Mistakes – Not Always “The Hackers” – Can Cause Substantial Data Breaches”

The Home Depot / State Attorneys General Settlement – My 1st and 2nd Thoughts

The Attorneys General of 46 states reached a $17.5 million-dollar settlement with The Home Depot, which was announced on November 24, 2020. Texas Attorney General Ken Paxton announced that this settlement was led by the Connecticut, Illinois, and Texas AGs and Texas will collect $1,777,440.00. I will have more to say about this settlement in …

Continue reading “The Home Depot / State Attorneys General Settlement – My 1st and 2nd Thoughts”

Free Virtual Event: Reimagine Your Company Operating Again After a Ransomware Attack (DBU Tech Symposium)

You are invited to attend a free virtual DBU Tech Symposium on November 18 – 19, 2020. Did I mention this is both free and virtual? You have no excuse for not attending! RSVP here: https://www.dbu.edu/pages/tech-symposium/  I will be presenting on Wednesday, November 18, from 2:30 – 3:00 pm CT and the title of my …

Continue reading “Free Virtual Event: Reimagine Your Company Operating Again After a Ransomware Attack (DBU Tech Symposium)”

Podcast: #DtSR Episode 410 – TPA CISO Accountability Problems

I was a guest recently on the Down the Security Rabbithole Podcast with Raf Los, James Jardine, and Brandon Dunlap for episode 410 titled TPA CISO Accountability Problems. As they described it: Because we can’t get enough of Brandon Dunlap and Shawn Tuma over here on the podcast, here we go again. Last episode Brandon …

Continue reading “Podcast: #DtSR Episode 410 – TPA CISO Accountability Problems”

Podcast: #DtSR Episode 408 – Shawn Tuma Cyber Superhero :)

I was a guest recently on the Down the Security Rabbithole Podcast with my good friends Raf Los and James Jardine who cleverly (and, kindly) titled this episode “Shawn Tuma Cyber Superhero” — thanks, guys! Anyway … as they described it: This week, on episode 408 Shawn Tuma joins us again to talk about the …

Continue reading “Podcast: #DtSR Episode 408 – Shawn Tuma Cyber Superhero :)”

What Can Happen if You Do Not Notify Following a Data Breach?

Here is one of the questions we get asked most often: “Ok, so we’ve had a real data breach and you say we have clear notification obligations, what can happen if we just ignore it and pretend it never happened — that is, we just don’t notify?” Unfortunately, this question is oftentimes coupled with this …

Continue reading “What Can Happen if You Do Not Notify Following a Data Breach?”

***URGENT*** MEMO TO: “The IT Guy” / MSP After Ransomware Attack

Here’s a pro tip for “The IT Guy” or MSP whose customer has just been hit with ransomware, when it was their responsibility to protect against it: No matter how strongly you may feel about this issue, when your client is contemplating possibly paying the ransom to get their network recovered (and, save themselves from …

Continue reading “***URGENT*** MEMO TO: “The IT Guy” / MSP After Ransomware Attack”

Texas Bar Journal 2019 Cybersecurity & Data Privacy Update

The Texas Bar Journal’s 2019 year-end Cybersecurity & Data Privacy Update was once again provided by Shawn Tuma and addressed the following issues: Texas’ New Data Breach Notification Requirements effective January 1, 2020 Whether website scraping allegations are sufficient to invoke Texas and federal “hacking” laws Whether viewing pictures on another’s cellphone violates Texas “hacking” law Cyber …

Continue reading “Texas Bar Journal 2019 Cybersecurity & Data Privacy Update”

Cyber Insurance Becoming a Necessity, No Longer a Luxury for Prepared Companies (publication)

Many thanks to CPO Magazine for publishing my recent article Cyber Insurance Becoming a Necessity, No Longer a Luxury for Prepared Companies. In reality, there is no “secure” — even when the best security measures are taken. When hackers want to get in and disrupt a business, they will. Companies must be resilient, and the …

Continue reading “Cyber Insurance Becoming a Necessity, No Longer a Luxury for Prepared Companies (publication)”