A cyber-focused attorney on why 'Data is the hot potato'

clock • 3 min read
A cyber-focused attorney on why 'Data is the hot potato'

Shawn Tuma, partner and co-chair of the data privacy and cybersecurity practice group at Spencer Fane LLP, shares some tips on cybersecurity for companies to follow.

Cybersecurity is a legal issue, Tuma said during his keynote address at last week's Midsize Enterprise Summit IT Security 2024 in Indianapolis, hosted by MES Computing parent The Channel Company.

Tuma, an attorney specialising in cybersecurity law, leads companies in cybersecurity incident responses and investigations and guides them in risk management. He tapped into his expertise during the keynote speech, discussing topics ranging from how organisations should respond to ransomware demands to choosing cyber insurance.

Some highlights from Tuma's keynote:

Change your mindset about cybersecurity

Cybersecurity is a war, Tuma said.

"We are at war against an adversary – a human adversary or group of them," he added. It's an ongoing battle as threat actors "adapt and evolve their tools, their tactics, their procedures and they find another way to attack."

While there is no fixing cybersecurity, IT leaders should adopt the mindset of "how do we engage in this battle?"

'Data is the hot potato'

Tuma advised organisations operating in the USA to be aware of all regulations surrounding consumer data privacy – at the state and federal levels.

"Our 50 states have privacy laws ... 14 states now have comprehensive privacy laws that are absolutely security-driven in nature," he said. Those laws are focused on protecting data, so businesses must focus on the security needed to protect data.

"Data is the hot potato," Tuma added. Regulators "don't care about your company. They don't care about the security of your network. They care about the data you have, more importantly, the personal data you have … that's where you need to focus when you are building out your layer of defences," he added.

Be involved in the cyber insurance selection process

Cyber insurance is a contract, Tuma said. "Every policy from different carriers is different." It's "absolutely foolish" for IT decision-makers not to be intimately engaged in the process of selecting cyber insurance. Don't just leave it to the company's legal team, he advised, because "they don't know the difference between an event, an incident, a breach … they don't know the difference between an exfiltration of data and an access to data."

Cybersecurity is a team effort

"Who is on your team," in your cybersecurity strategy, Tuma asked? He said the team should not just be IT, but should involve legal, corporate communications, HR and public relations.

Establish a relationship with local law enforcement

Tuma advised knowing how to reach someone in your local FBI or Secret Service office in case of a security incident like ransomware or a business email compromise or any incident that involves wiring funds. "If you can notify them quickly, certainly within 72 hours," you have a better opportunity to recover funds lost in a security event. He also advised to get a report filed with IC3.gov – the FBI's Internet Crime Complaint Centre.

"Having these relationships when you need them is critical," he said.

Cyber threats are rising, and IT leaders need the latest information to stay ahead of the curve. Join us in London at the Cybersecurity Festival on 2nd May, where we bring together the most senior and influential voices from security leaders throughout the UK. Click here to secure your free place.

You may also like
AT&T data breach exposes call records of 'nearly all' wireless customers

Hacking

Stolen data isn't publicly available yet, the company claims

clock 14 July 2024 • 3 min read
Google strengthens Advanced Protection Program with passkey integration

Security Technology

To enroll in APP with a passkey, users need a compatible device and browser

clock 12 July 2024 • 3 min read
'Gay furry hackers' breach conservative US think tank behind Project 2025

Security

Heritage Foundation calls group "degenerate perverts"

clock 11 July 2024 • 2 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security

'Gay furry hackers' breach conservative US think tank behind Project 2025

'Gay furry hackers' breach conservative US think tank behind Project 2025

Heritage Foundation calls group "degenerate perverts"

Tom Allen
clock 11 July 2024 • 2 min read
Why 'change' for the UK must include cybersecurity

Why 'change' for the UK must include cybersecurity

Labour needs to to get ahead and demonstrate a commitment to security from the outset

Rick Jones
clock 11 July 2024 • 4 min read
Mammoth Microsoft Patch Tuesday fixes four zero-days, five critical bugs

Mammoth Microsoft Patch Tuesday fixes four zero-days, five critical bugs

142 holes plugged this month

John Leonard
clock 10 July 2024 • 3 min read