Shawn E. Tuma

Posts Tagged ‘social media’

Kim Kardashian’s Lesson on the Relationship Between Physical and Cybersecurity

In Cyber Generally, Digital Information Law, Media on October 5, 2016 at 7:01 pm

While the story of Kim Kardashian being robbed at gun-point while in Paris, France has created quite a stir in pop culture, it has lessons to learn about cybersecurity as well.

First and foremost, it demonstrates the integral interplay between cybersecurity and physical security and how people need to always maintain situational awareness of how their cyber activities may be giving away critical information about them. This kind of information, gathered bit by bit to paint a full picture, is very valuable to those carefully studying their targets, such as social engineers. Read the rest of this entry »

Tips for Parents to Help Keep Kids Safe Online

In Cyber Generally on May 20, 2016 at 7:00 am


Missing Kids.png

Alicia Kozakiewicz standing in front of the wall of missing children at the National Center for Missing and Exploited Children headquarters. Read Alicia’s heartbreaking story below.

I was recently asked to talk about online safety tips that parents should understand to help keep their children safe in the online world. Here are some of my talking points: Read the rest of this entry »

Computer Use Policies – Are Your Company’s Illegal According to the NLRB?

In Corporate Governance, Cybersecurity Law, Digital Information Law, Regulatory on May 19, 2016 at 8:00 am

4c00b10767cf8a5c15a4cde1b4c4f0a4_f120The National Labor Relations Board (NLRB) has continued its assault on businesses and their ability to legitimately protect their computer systems and information against unauthorized non-business use by employees.

A few weeks ago, I wrote 3 Important Points on Computer Policies in which I stressed (1) why your company must have them but (2) that such policy must comply with the NLRB’s Purple Communications case. The NLRB has struck again.

On May 3, 2016, an NLRB Administrative Law Judge struck down as overbroad a Computer Use Policy in Ceasars Entertainment Corporation d/b/a Rio All-Suites Hotel and Casino (NLRB Docket Sheet). The policy, titled Use of Company Systems, Equipment, and Resources, was part of the company handbook and stated that computer resources may not be used to do several things that were listed out and is standard in many similar policies. The NLRB decision (Decision) found that prohibitions against the following was illegal:

  • Share confidential information with the general public, including discussing the company, its financial results or prospects, or the performance or value of company stock by using an internet message board to post any message, in whole or in part, or by engaging in an internet or online chatroom
  • Convey or display anything fraudulent, pornographic, abusive, profane, offensive, libelous or slanderous
  • Send chain letters or other forms of non-business information
  • Solicit for personal gain or advancement of personal views
  • Violate rules or policies of the Company

The NLRB found that prohibiting the conduct mentioned above made the policy overbroad and could effectively limit employees’ use of their employer’s email system to engage in Section 7 communications during nonworking time. Because of that, it found the employer has engaged in an unfair labor practice prohibited by the National Labor Relations Act.

Welcome to Wonderland.


Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He is a Cybersecurity & Data Protection Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Social Media Malware: What Is It and How do You Avoid It?

In Computer Fraud, Digital Information Law, Social Media Law on December 29, 2015 at 8:00 am

Guest Post by Cassie Phillips

You can’t have spent more than a week on the internet without hearing about malware and its adverse effects on your computer or even your smartphone (smartphone malware is on the rise as well). Perhaps you’ve even had to spend half a day cleaning it off your computer yourself. It is a menace, and it is dangerous considering the data it could potentially steal from your computer.

Malware has been around as long as the internet, but now that we have social media surrounding us wherever we go, some enterprising cybercriminals took it upon themselves to develop malware that directly targets social media and those related accounts. This leads to stolen data from social media accounts, much of which is personal in nature and can be used against you if not used to steal your identity. It also leads to takeover of your social media accounts, which is usually embarrassing and hard to recover from.


Here’s what you need to know about the threat:

What Makes It So Special?

Technically, not very much. Malware is often do diverse that it is hard to categorize it other than the effects is causes or its main targets. Social media malware isn’t magic or a special program only developed by the best hackers in the world, it is just a piece of software that intends to make your life miserable through your social media pages. Sometimes the term is used to describe malware spread through social media and at other times it is used to primarily categorize the target. Either way, the malware itself is not too different from the malware that attacked accounts or through websites before it.

Yet this does make it a very special kind of threat. If a piece of malware attacks your browser you can often simply delete it from your computer before it spies on too much or causes too much damage to your computer. Social media malware is different. It takes on a public edge. Whether it is malware you click on thinking it is a friend’s link or something you find somewhere else online that later posts on your wall it is a much more personal assault. Malware spam is usually not very polite about what it shares with family and friends, and can often disturb them.

Increasing Prevalence

The first thing you need to know is that it is becoming more common. More sophisticated cybercrime usually goes for breadth instead of depth when it comes to average consumer targets. Malware does take time for development, and the first wave had to tailor their product for social media. Now that all of the framework for malware has been developed, cybercriminals can now also spend more time tweaking instead of starting anew. This means more frequent attacks of different kinds.

Hackers probably could simply try to get into people’s accounts one at a time, but that isn’t cost effective and the automation and plague-like nature that malware has in its very nature means that a single cybercriminal can target a theoretically unlimited amount of victims. They can not only make a living and cause someone a bad day, but get rich and cause chaos doing so.

All of this coincides with increased rewards for those who successfully take over someone‘s social media account. With the monetization of social media people are linking credit card or even bank information to their accounts. This means that identity theft is easy for someone with the access to your account that social media malware can provide. Combining that with increased connectivity between people allowing for a quicker spread of the malware means that your Facebook account has a glowing red target on it.

Defenses and Preventative Measures

When trying to prevent social media malware from getting into your life you are by no means alone or hopeless. You should consider following the tips below to make yourself safer:

  • Use a Virtual Private Network (VPN) whenever you are going to use social media in public (this includes checking Twitter on your smartphone). Hackers love to intercept data over public networks and use it against you, and this can include getting to your accounts and computer and installing malware. This can lead to either the direct takeover of your accounts or easier targeting of them.

    A VPN is a service that connects your computer to an offsite server using an encrypted connection, keeping hackers out and your data in. It also hides your location from anyone tracking you. You will want to make sure that you are getting the very best available, so read up on ones that will work best with your devices while using social media.

  • Make sure that you are updating your online security suite (and if you don’t have one, please get one now) frequently. Malware comes out quickly, and you need to be up to date in your defense as much of the time as possible.
  • No offense is meant, bur some of your social media friends have no idea what they are doing. Do not accept their app invitations or engage in their chain posts. Many of them are traps. If they have a copy and paste message with a link, don’t pay any attention to it.
  • Try to maintain at least some degree of privacy on social media. The opinions of strangers rarely matter, and you certainly have better things to do with your time. What cannot be seen cannot be so easily targeted, and if you partition off the pointless parts of social media those parts can’t get to you so quickly.


Social media malware isn’t going anywhere, and you need to be able to defend yourself. Fortunately, with the above knowledge and the right tools to aid you, you will not have any problems with this common menace.

Do you have any other ideas on what to do about social media malware? Have you encountered any problems yourself? Any stories to share? We would love to hear about them. Please leave a comment below and let us know what you think.


Cassie Phillips is a frequent author and blogger. You can find more of her work at SecureThoughts.

A special thanks to Shawn Tuma for sharing this article. His website is one of those websites that simply impressed me when I first stumbled across it. The content gives loads of new information that inform my technology decisions. Readers will want to check out this recent video blog on cybersecurity and data breaches.


Kevin O’Keefe Interviews Shawn Tuma About Blogging at State Bar of Texas 2015 Annual Meeting

In Social Media Law on June 25, 2015 at 7:06 am

I had the wonderful opportunity to visit with and get to know Kevin O’Keefe (@kevinokeefe) at the State Bar of Texas 2015 Annual Meeting in San Antonio. Kevin is the Founder and CEO of LexBlog, the preeminent source for legal blogging (where I plan to head, one day).

Kevin and I both did presentations during the Ignite Session; Ignite presentations are 20 slides in 5 minutes, with the slides advancing automatically, whether you are ready or not! It was quite a challenge. Following my presentation, Kevin did a brief interview of me using just his iPhone — and it was really cool (and is inspiring me to start doing video blogs – so stay tuned!).

%d bloggers like this: