Cybersecurity Legal Issues: What you really need to know (slides)

Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What you really need to know at a Cybersecurity Summit sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies’ Institute for Homeland Security, Cybercrime and International Criminal Justice. The presentation was on September 13, 2016 at the George Bush Institue. The following are the slides from Tuma’s presentation — a video of the presentation will be posted soon!

Continue reading “Cybersecurity Legal Issues: What you really need to know (slides)”

Brazzers porn hack: more than just account holders exposed–what does this mean for your company?

hackedWe have been observing an evolution in hackers’ tactics from going after data that could be directly monetized, such as payment card data, to going after data that can be monetized indirectly through extortion, such as the Ashley Madison data. The hack of Brazzers porn site is similar to the Ashley Madison hack in that the real opportunity for monetization lies not in the intrinsic value of the data itself, but in the opportunity to use the data to embarrass and extort others into paying money to keep it secret.

The data dump from the hackers includes email addresses, user names and passwords spelled out in plain text, which can certainly Continue reading “Brazzers porn hack: more than just account holders exposed–what does this mean for your company?”

D CEO Magazine: Why Cybercriminals Are Targeting Law Firms

Many thanks to attorney and legal scholar extraordinaire John G. Browning (@therealjohnbrow) for quoting Shawn Tuma in his article in this month’s D CEO magazine: Why Cybercriminals Are Targeting Law Firms. Continue reading “D CEO Magazine: Why Cybercriminals Are Targeting Law Firms”

Computer Use Policies – Are Your Company’s Illegal According to the NLRB?

4c00b10767cf8a5c15a4cde1b4c4f0a4_f120The National Labor Relations Board (NLRB) has continued its assault on businesses and their ability to legitimately protect their computer systems and information against unauthorized non-business use by employees.

A few weeks ago, I wrote 3 Important Points on Computer Policies in which I stressed (1) why your company must have them but (2) that such policy must comply with the NLRB’s Purple Communications case. The NLRB has struck again.

On May 3, 2016, an NLRB Administrative Law Judge struck down as overbroad a Computer Use Policy in Ceasars Entertainment Corporation d/b/a Rio All-Suites Hotel and Casino (NLRB Docket Sheet). The policy, titled Use of Company Systems, Equipment, and Resources, was part of the company handbook and stated that computer resources may not be used to do several things that were listed out and is standard in many similar policies. The NLRB decision (Decision) found that prohibitions against the following was illegal:

  • Share confidential information with the general public, including discussing the company, its financial results or prospects, or the performance or value of company stock by using an internet message board to post any message, in whole or in part, or by engaging in an internet or online chatroom
  • Convey or display anything fraudulent, pornographic, abusive, profane, offensive, libelous or slanderous
  • Send chain letters or other forms of non-business information
  • Solicit for personal gain or advancement of personal views
  • Violate rules or policies of the Company

The NLRB found that prohibiting the conduct mentioned above made the policy overbroad and could effectively limit employees’ use of their employer’s email system to engage in Section 7 communications during nonworking time. Because of that, it found the employer has engaged in an unfair labor practice prohibited by the National Labor Relations Act.

Welcome to Wonderland.

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He is a Cybersecurity & Data Protection Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Cyber Law Update on #DtSR Podcast with Los, Santarcangelo and Tuma

Listen to the Podcast   /   Join the #DtSR Discussion on Twitter

Shawn Tuma was a guest the Down the Security Rabbithole podcast where he and hosts Rafal Los (@Wh1t3Rabbit) and Michael Santarcangelo (@Catalyst) discussed recent events in the world of cyber law. Continue reading “Cyber Law Update on #DtSR Podcast with Los, Santarcangelo and Tuma”

Three Takeaways from the Target Data Breach Ruling

Note: this article was previously posted on Norse’s DarkMatters.

In December 2014, the Court in the Target data breach lawsuits issued a ruling that will impact the future course of data breach litigation (the Order). Continue reading “Three Takeaways from the Target Data Breach Ruling”

The Nature of Cybersecurity and Strategies for Unprecedented Cyber Attacks

What is foreseeable is that cyber attacks often are not. A few years ago the Sony Pictures Entertainment (SPE) hack turned on its head the business world that was already trying to come to grips with the Target, Home Depot, Neiman Marcus, and many other data breaches.

There was one thing about the SPE breach that really had the cybersecurity community in quite a buzz. An internal email from SPE’s cybersecurity investigators was made public and some were taking it as saying “It’s ok, it could have happened to anybody and there was nothing Sony could have done to stop it. It’s not Sony’s fault.” Continue reading “The Nature of Cybersecurity and Strategies for Unprecedented Cyber Attacks”

DFW Cybersecurity Attorney Shawn Tuma Named to D Magazine’s 2016 Best Lawyers List

DMag1Shawn Tuma, Cybersecurity & Data Protection Partner at Scheef & Stone, L.L.P., has earned selection to D Magazine’s 2016 listing of the Best Lawyers in Dallas based on his expertise in cybersecurity, privacy, and data protection where he was one of only eleven lawyers selected for the Digital Information Law category.

Here is Shawn’s individual listing. Shawn was also named as one of the top Intellectual Property Litigation Attorneys in Texas for 2015 by Texas Super Lawyers. The Super Lawyers 2016 list has not yet been released for publication. Continue reading “DFW Cybersecurity Attorney Shawn Tuma Named to D Magazine’s 2016 Best Lawyers List”

Why Cybersecurity Incidents Are Legal Events

In this video, cybersecurity and data protection attorney Shawn Tuma explains why cybersecurity incidents are as much legal events as they are information technology and business / public relations events.

Continue reading “Why Cybersecurity Incidents Are Legal Events”

Making Sense of #AppleVsFBI Issues: #DtSR Podcast

The USA v. Apple battle is one of the hottest issues currently being debated in cybersecurity, privacy, law enforcement, and perhaps even, water coolers in offices around the country. What the debate is lacking in substantive, factually-based, well-reasoned analysis, it certainly makes up for in passion and strong opinions. If you are not convinced, spend a few minutes reading the  #AppleVsFBI Twitter Feed. Continue reading “Making Sense of #AppleVsFBI Issues: #DtSR Podcast”