Uber CISO’s Testimony Clarifies Payment to Hackers was Not Legitimate Use of Bug Bounty Program

As bits of information about the Uber data breach have trickled out, including the purported payment through a bug bounty program, I have been concerned about the implications on legitimate corporate bug bounty programs. My concerns grew when I read the New York Times article, Inside Uber’s $100,000 Payment to a Hacker, and the Fallout.  …

Continue reading "Uber CISO’s Testimony Clarifies Payment to Hackers was Not Legitimate Use of Bug Bounty Program"

House panel to DHS, FBI: help small biz with cybersecurity – start with good cyber hygiene

The following testimony excerpts are very similar to what the #CyberAvengers have been preaching, and for good reason, it is the truth. Checkout the #CyberAvengers Tools for where to begin. Richard Driggers, DHS deputy assistant secretary for the cybersecurity and communications, said that basic computer hygiene, such as regular software updates, could keep small businesses …

Continue reading "House panel to DHS, FBI: help small biz with cybersecurity – start with good cyber hygiene"

FMCNA to Pay $3.5 Million for Non-Compliance with HIPAA’s Risk Analysis and Risk Management Rules

Fresenius Medical Care North America (FMCNA) has agreed to pay $3.5 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), and to adopt a comprehensive corrective action plan, in order to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. FMCNA …

Continue reading "FMCNA to Pay $3.5 Million for Non-Compliance with HIPAA’s Risk Analysis and Risk Management Rules"

State data breach notification law mishmash would get worse with proposed NC and SD legislation — is instant notification by clairvoyant next?

The push for a single uniform national data breach notification law gained strength in the wake of the Equifax breach. Now proposed legislation in North Carolina would amend its law in a way that would add momentum to this push. And, now South Dakota is tired of being one of only two states without a …

Continue reading "State data breach notification law mishmash would get worse with proposed NC and SD legislation — is instant notification by clairvoyant next?"

Happy Data Privacy Day!

WHAT ARE YOU DOING TO OBSERVE IT? Today is Data Privacy Day! If you have been wondering “what is Data Privacy Day?” then this is your lucky day because not only is today Data Privacy Day, but here is the answer and an explanation for why it really matters to you and your company’s future …

Continue reading "Happy Data Privacy Day!"

Helpful FTC Guidance on Cybersecurity for Small and Midsize Companies

It is important for all companies -- especially small and midsize companies -- to have a basic understanding of what the FTC considers to be reasonable cybersecurity. The FTC is known for being one of the more aggressive regulators that are investigating and enforcing (what it views as) inadequate cybersecurity by companies doing business in the United States. …

Continue reading "Helpful FTC Guidance on Cybersecurity for Small and Midsize Companies"

Allscripts EHR Ransomware Attack is Huge–How Will it Impact Healthcare Practices?

See recommendations below On January 19, 2018, cybercriminals were successful in a ransomware attack on Allscripts, an electronic healthcare record (EHR) provider for healthcare providers across the United States. The attack encrypted some of Allscripts systems and prevented those healthcare providers who use those systems for their EHRs from being able to access their patient records. Not …

Continue reading "Allscripts EHR Ransomware Attack is Huge–How Will it Impact Healthcare Practices?"

Y2K18? Are #Spectre and #Meltdown the Y2K Apocalypse, Eighteen Years Late?

Hear Shawn Tuma interviewed on News Radio 570 KLIF - Experts: Update Settings and Download Updates to Protect from “Meltdown” and “Spectre” CLICK HERE if you are impatient and only want to know what you should do ASAP to protect against Spectre and Meltdown With Y2K we had a warning. So much of a warning that …

Continue reading "Y2K18? Are #Spectre and #Meltdown the Y2K Apocalypse, Eighteen Years Late?"

The Most Positive Cybersecurity Trend I Have Seen in Nearly 20 Years!

In the last quarter of 2017, I have observed a cybersecurity trend that has given me more hope than any that I have seen previously. Let me explain. As an attorney, I have been practicing what can generally be described as cyber law or cybersecurity law since 1999, which means that my practice has evolved a lot …

Continue reading "The Most Positive Cybersecurity Trend I Have Seen in Nearly 20 Years!"

Complimentary Webinar: Countdown to #GDPR – Compliance for Non-EU Companies

Countdown to GDPR Compliance is a complimentary webinar that I will be moderating on Thursday, December 7, 2017, at 12:00 PM Central.  This is the second webinar in a three-part series sponsored by Mackrell International and will focus on Compliance for Non-EU Companies. You don't want to miss it! Moderator: Shawn Tuma Presenter: Marta Stephanian, …

Continue reading "Complimentary Webinar: Countdown to #GDPR – Compliance for Non-EU Companies"