Shawn E. Tuma

Archive for the ‘Digital Information Law’ Category

Kim Kardashian’s Lesson on the Relationship Between Physical and Cybersecurity

In Cyber Generally, Digital Information Law, Media on October 5, 2016 at 7:01 pm

While the story of Kim Kardashian being robbed at gun-point while in Paris, France has created quite a stir in pop culture, it has lessons to learn about cybersecurity as well.

First and foremost, it demonstrates the integral interplay between cybersecurity and physical security and how people need to always maintain situational awareness of how their cyber activities may be giving away critical information about them. This kind of information, gathered bit by bit to paint a full picture, is very valuable to those carefully studying their targets, such as social engineers. Read the rest of this entry »

Cybersecurity Incident Response Checklist

In Cyber Generally, Cybersecurity Law, Data Breach, Digital Information Law on September 8, 2016 at 8:30 am

Business leaders, when people like me tell you that having a cybersecurity incident in your company is like being in a building on fire, we are not exaggerating. Take a look at the following checklist (note, this is not an incident response plan!) while keeping in mind that over half of the items on that checklist should be performed almost simultaneously within hours of learning that your company has had a data breach.

While this is not an exhaustive list, these are the items that most often need to be performed in the cases in which I guide clients through the incident response and remediation process. Of course there will be exceptions, additions, and omissions — take this for what it is, a starting point. Finally, note that the picture below is an image of the checklist and is blurry — you can download the original here.



Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.



Brazzers porn hack: more than just account holders exposed–what does this mean for your company?

In Cyber Generally, Cybersecurity Law, Data Breach, Digital Information Law, Privacy on September 7, 2016 at 8:06 am

hackedWe have been observing an evolution in hackers’ tactics from going after data that could be directly monetized, such as payment card data, to going after data that can be monetized indirectly through extortion, such as the Ashley Madison data. The hack of Brazzers porn site is similar to the Ashley Madison hack in that the real opportunity for monetization lies not in the intrinsic value of the data itself, but in the opportunity to use the data to embarrass and extort others into paying money to keep it secret.

The data dump from the hackers includes email addresses, user names and passwords spelled out in plain text, which can certainly Read the rest of this entry »

Shawn Tuma discusses how elections could be hacked on WOWO 1190 AM | 107.5 FM

In Computer Fraud, Cyber Espionage, Cyber Generally, Cybersecurity Law, Digital Information Law on August 9, 2016 at 9:30 pm

WOWO2015hd2From Fort Wayne’s Morning News on 08/09/16, WOWO 1190 AM | 107.5 FM

Source: Cyber security expert Sha
wn Tuma tells us how our elections could be hacked – WOWO 1190 AM | 107.5 FM

Cybersecurity: How Long Should An Incident Response Plan Be?

In Corporate Governance, Cyber Generally, Cybersecurity Law, Data Breach, Digital Information Law on July 1, 2016 at 9:23 am

Last evening I had the pleasure of talking cybersecurity law with a group of CIOs from some pretty sophisticated companies. It was a great discussion and I learned as much as I shared — just the way I like it. During our discussion, the subject of Incident Response Plans came up and I explained why these are now a must-have.  Read the rest of this entry »

%d bloggers like this: