Shawn E. Tuma

Posts Tagged ‘data security’

SecureWorld Presentation: Cybersecurity Legal Issues: What You Really Need to Know

In Data Breach, Cybersecurity Law, Privacy, Corporate Governance, Cyber Issues on September 27, 2016 at 10:23 pm

Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What You Really Need to Know at SecureWorld Expo Dallas on September 27, 2016. The following are the slides from Tuma’s presentation.

Download: Cybersecurity Incident Checklist

The opening Keynote speaker for the event was Dr. Larry Ponemon of the Ponemon Institute. Dr. Ponemon delivered a fabulous talk on the insider threat within organizations. Here are some pictures from day 1 of SecureWorld Expo Dallas.

_____________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Yahoo Data Breach – Some Facts & Questions (i.e., was it really the Russians?)

In Cyber Issues, Cybersecurity Law, Media, Privacy on September 23, 2016 at 6:00 am

hacked-1The Basic Facts

Yahoo announced that it had a data breach in late 2014 and 500 million users’ account information was stolen. The account information may include names, email addresses, telephone numbers, date of birth, passwords (most encrypted with bcrypt, but apparently not all), security questions, and security question answers.

People who have Yahoo-based services should immediately change their passwords, change their security questions and answers, not use the same password on multiple accounts, and implement dual factor authentication where available.

The Message in the Message

In its notification message, Yahoo subtly invokes the “it’s not our fault, we were the victim of a state-sponsored actor attacking us” defense. I do not blame Yahoo, it works. It uses the words “state-sponsored actor” twice in the first paragraph and twice in the fourth paragraph: Read the rest of this entry »

Cybersecurity and #IoT – Hackers Steal Over 100 Cars With a Laptop

In #IoT Internet of Things, Cyber Issues on September 18, 2016 at 4:05 pm

We have been talking about hacking cars on this blog since 2011 (see posts) so the idea of thieves stealing a car by hacking their way into its computer system is no big surprise. This is the reality of cybersecurity in the era of the Internet of Things (IoT), and cars are just one more IoT device. But 100 cars? How did they pull that off? Read the rest of this entry »

Cybersecurity Legal Issues: What you really need to know (slides)

In Corporate Governance, Cyber Issues, Cybersecurity Law, Data Breach, Media, Privacy on September 14, 2016 at 8:46 pm

Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What you really need to know at a Cybersecurity Summit sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies’ Institute for Homeland Security, Cybercrime and International Criminal Justice. The presentation was on September 13, 2016 at the George Bush Institue. The following are the slides from Tuma’s presentation — a video of the presentation will be posted soon!

Read the rest of this entry »

Cybersecurity Incident Response Checklist

In Cyber Issues, Cybersecurity Law, Data Breach, Digital Information Law on September 8, 2016 at 8:30 am

Business leaders, when people like me tell you that having a cybersecurity incident in your company is like being in a building on fire, we are not exaggerating. Take a look at the following checklist (note, this is not an incident response plan!) while keeping in mind that over half of the items on that checklist should be performed almost simultaneously within hours of learning that your company has had a data breach.

While this is not an exhaustive list, these are the items that most often need to be performed in the cases in which I guide clients through the incident response and remediation process. Of course there will be exceptions, additions, and omissions — take this for what it is, a starting point. Finally, note that the picture below is an image of the checklist and is blurry — you can download the original here.

checklist-image

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

 

 

%d bloggers like this: