Photo of Sean Lawless

Sean is Robinson+Cole’s Infrastructure & Security Manager, a member of the firm's Data Privacy + Cybersecurity Team, and a non-attorney contributor to the Data Privacy + Cybersecurity Insider blog. He has spent more than a decade helping professional services organizations in various industries, develop and implement practical information security programs based on industry standard frameworks. Sean holds a Bachelor of Science degree from the University of Connecticut and is a member of several cybersecurity professional organizations.

I came across an article last week that indicated there was a successful attack on Microsoft’s Office 365 and Google’s G Suite environments that was able to bypass multi-factor authentication (MFA). However, after reading the article it was immediately clear the attack leveraged an old protocol, IMAP (Internet Message Access Protocol), which does not support

Security researchers at Radboud University in the Netherlands have discovered a flaw in several manufacturers’ solid state hard drive firmware that can be exploited to read data from self-encrypting drives (SED). The researchers published their findings in a paper on November 5th. The authors identified several methods they were able to use to bypass hardware

Just days after the FBI issued a private warning to the banking industry (read more here), the botnet network known as Necurs began a spamming campaign that targeted the banking industry. The activity was discovered by the security research firm Cofense. According to Cofense, the Necurs network started a concentrated spear phishing campaign

Application Programming Interface (API), provides a way for programmers and developers to allow systems to exchange data with one another. For instance, all of your company’s important employee data may be contained in Active Directory (AD), but it also needs to be contained in the firm’s CRM system. Instead of having to perform tedious manual

By now most smartphone users are aware of location tracking used by both Apple and Android operating systems.  Basic location tracking is a system which uses GPS data to know the phone user’s location.  However, according to a recent article published by Quartz, Google’s data collection goes far beyond basic location tracking.  Not only does the data collected go beyond simple location information, but the ‘Opt In’ service Google uses to collect that data, Location History, isn’t as truly Opt In as users might expect.  According to Quartz, Google’s Location History underlies many of Android’s main apps, including Google Assistant and Google Maps.  Furthermore, Opting In to Location History for one app may actually give many apps access to Location History’s data and the ability to send that data to Google.
Continue Reading Google Tracking of Android Users Goes Beyond the Expected

The Federal Communications Commission’s (FCC) potential reversal of the Obama Administration’s ‘Net Neutrality’ rules have been a constant headline lately. Most media coverage goes to the core principals of net neutrality, including blocking, throttling and pay for priority of internet content; however, privacy is also a factor.

Primarily, the FCC issued broadband privacy rules in 2016 after its 2015 net neutrality rules. The broadband privacy rules amongst other things, required websites and internet service providers (ISPs) to use an opt-in system to share or sell customer’s personal information like web history data, app usage data, etc. The FCC’s ability to enforce such rules hinged on a major component of the net neutrality rules which designated ISPs as common carriers and allowed the FCC to apply Title II of the Communications Act to ISPs. 
Continue Reading The Reversal of Net Neutrality on Privacy 101

Considering the recent Equifax data breach which put an estimated 145.5 million American’s identity at risk, main stream media outlets are starting to ask an important question; if we can’t stop data breaches, how do we project our identity? According to data from the Identity Theft Resource Center, U.S. companies and government agencies have disclosed 1,022 breaches in 2017 so far. The idea that the social security number is the foundation of our identity is under more scrutiny than ever. Bloomberg reported recently that the Trump administration is considering ways in which it can replace the social security number as a means of federal identification. So, can blockchain technology solve our identity management (IDM) problem?
Continue Reading Is Blockchain the Answer to Identity Management?

By Executive Order, the Trump Administration recently reversed an Obama Administration order aimed at protecting consumer’s personal information from use by their Internet Service Provider (ISP). ISPrior to the Trump’s EO, ISPs were required to get customer’s consent before using or selling their browsing habits, online shopping habits, financial information, etc. The reversal of Obama’s protection order has caused a resurgence of interest in VPN services. In theory, using a VPN service creates an encrypted tunnel between your device and the service provider, thus keeping your browsing habits and personal information private from your ISP. However, a paper published in early 2015 by researchers at Sapienza University of Rome and Queen Mary University of London, found that 11 of the 14 providers they tested leaked customer information.
Continue Reading Virtual Private Network (VPN) Providers: How Private Are They?