As a teaser to my presentation at SecureWorld – Dallas last week, I did a brief interview with SecureWorld and talked about three of the points I would make in my lunch keynote, The Legal Case for Cybersecurity. If you’re going to SecureWorld – Denver next week, join me for the lunch keynote on Thursday (11/2)…
Tag: policies
New York Cybersecurity Regulations Delayed, Being Revised
Photo Credit: Photo Credit: Marco Verch Licensed under Creative Commons Attribution 2.0 (no changes were made to the image) https://creativecommons.org/licenses/by/2.0/deed.en The New York Department of Financial Services has pushed back the effective date of its Cybersecurity Regulations from January 1, 2017 to March 1, 2017. This is to give the NYDFS time to significantly revise the proposed Cybersecurity…
Please share this!
Ashley Madison & FTC Settle Data Breach Case – Does Your Company Have These Cybersecurity Shortcomings?
Ashley Madison and the FTC announced a settlement of the investigation into the breach data breach of 36 million AshleyMadison.com users that was being pursued by the FTC and several states’ attorneys general. The cost to Ashley Madison is substantial: a total judgment of $17.5 million (though only $1.6 million is currently due because of…
Please share this!
Cybersecurity Legal Issues: What you really need to know (slides)
Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What you really need to know at a Cybersecurity Summit sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies’ Institute for Homeland Security, Cybercrime and International Criminal Justice. The presentation was on September 13, 2016 at the George Bush Institue. The following are the slides…
Please share this!
Computer Use Policies – Are Your Company’s Illegal According to the NLRB?
The National Labor Relations Board (NLRB) has continued its assault on businesses and their ability to legitimately protect their computer systems and information against unauthorized non-business use by employees. A few weeks ago, I wrote 3 Important Points on Computer Policies in which I stressed (1) why your company must have them but (2) that…
Please share this!
3 Important Points on Computer Use Policies
IMPORTANT POINT #1: YOUR BUSINESS MUST HAVE A COMPUTER USE POLICY IN PLACE Computer Use Policies (or Acceptable Use Policies, as they are often referred to) are must haves for today’s businesses. Such policies are a foundational component in how a business creates a culture of security with its workforce by establishing expectations on what are…
Please share this!
3 Important Questions the State Attorneys General Will Ask Your Company Following A Data Breach
In an earlier blog post I wrote about how [w]hen your company has a data breach, these are the top 3 questions that you will be required to answer: How did the breach happen? What steps did your company take before the breach to protect the data and keep it from happening? What steps is…
Please share this!
Here is a “Computer Fraud” Case that is NOT Covered by the Computer Fraud and Abuse Act!
Believe it or not, there really can be a case of “computer fraud” that is NOT covered by the Computer Fraud and Abuse Act (CFAA). Surprised? Let me explain. The CFAA is an “access” crime that requires there to be an unlawful “access” to a computer by either accessing a computer “without authorization” or “exceed[ing] authorized access.”…
Please share this!
3 Important Questions Your Company Must Answer After A Data Breach
Riddle: What has sensitive data, is the target of cyber criminals, and will (almost certainly) have a data breach? Answer: YOUR COMPANY! When your company has a data breach, these are the top 3 questions that you will be required to answer: How did the breach happen? What steps did your company take before the breach…
Please share this!
Is Your Business Following the 3 Steps the FTC is Requiring for Using Data Service Providers?
The Federal Trade Commission now requires businesses to take the following 3 steps when contracting with data service providers: Investigate. Obligate. Verify. Is your business following these steps? Investigate. Businesses are required to investigate by exercising due diligence before hiring data service providers. Obligate. Businesses are required to obligate their data service providers to adhere…
You must be logged in to post a comment.