Sean Lawless

Photo of Sean Lawless

Sean is Robinson+Cole’s Infrastructure & Security Manager, a member of the firm's Data Privacy + Cybersecurity Team, and a non-attorney contributor to the Data Privacy + Cybersecurity Insider blog. He has spent more than a decade helping professional services organizations in various industries, develop and implement practical information security programs based on industry standard frameworks. Sean holds a Bachelor of Science degree from the University of Connecticut and is a member of several cybersecurity professional organizations.

Latest Articles

I came across an article last week that indicated there was a successful attack on Microsoft’s Office 365 and Google’s G Suite environments that was able to bypass multi-factor authentication (MFA). However, after reading the article it was immediately clear the attack leveraged an old protocol, IMAP (Internet Message Access Protocol), which does not support MFA. So, yes, technically the hackers bypassed MFA, but I personally wouldn’t say they beat MFA. This got me thinking…
Security researchers at Radboud University in the Netherlands have discovered a flaw in several manufacturers’ solid state hard drive firmware that can be exploited to read data from self-encrypting drives (SED). The researchers published their findings in a paper on November 5th. The authors identified several methods they were able to use to bypass hardware based full disk encryption on drives from Crucial and Samsung. On November 6th, Microsoft issued a Security Advisory detailing a…
Just days after the FBI issued a private warning to the banking industry (read more here), the botnet network known as Necurs began a spamming campaign that targeted the banking industry. The activity was discovered by the security research firm Cofense. According to Cofense, the Necurs network started a concentrated spear phishing campaign against approximately 2,700 banks on August 15.  The campaign lasted for approximately eight hours and was designed to spread Remote…
Application Programming Interface (API), provides a way for programmers and developers to allow systems to exchange data with one another. For instance, all of your company’s important employee data may be contained in Active Directory (AD), but it also needs to be contained in the firm’s CRM system. Instead of having to perform tedious manual data entry of all employee moves, adds or changes, developers could leverage the APIs in the contact relationship management (CRM)…
By now most smartphone users are aware of location tracking used by both Apple and Android operating systems.  Basic location tracking is a system which uses GPS data to know the phone user’s location.  However, according to a recent article published by Quartz, Google’s data collection goes far beyond basic location tracking.  Not only does the data collected go beyond simple location information, but the ‘Opt In’ service Google uses to collect that data,…
The Federal Communications Commission’s (FCC) potential reversal of the Obama Administration’s ‘Net Neutrality’ rules have been a constant headline lately. Most media coverage goes to the core principals of net neutrality, including blocking, throttling and pay for priority of internet content; however, privacy is also a factor. Primarily, the FCC issued broadband privacy rules in 2016 after its 2015 net neutrality rules. The broadband privacy rules amongst other things, required websites and internet service providers…
Considering the recent Equifax data breach which put an estimated 145.5 million American’s identity at risk, main stream media outlets are starting to ask an important question; if we can’t stop data breaches, how do we project our identity? According to data from the Identity Theft Resource Center, U.S. companies and government agencies have disclosed 1,022 breaches in 2017 so far. The idea that the social security number is the foundation of our identity is…
By Executive Order, the Trump Administration recently reversed an Obama Administration order aimed at protecting consumer’s personal information from use by their Internet Service Provider (ISP). ISPrior to the Trump’s EO, ISPs were required to get customer’s consent before using or selling their browsing habits, online shopping habits, financial information, etc. The reversal of Obama’s protection order has caused a resurgence of interest in VPN services. In theory, using a VPN service creates an encrypted…
The National Governors Association released a road map report on December 9 entitled, Getting the Right Information to the Right Health Care Providers at the Right Time: A Road Map for States to Improve Health Information Flow Between Providers. The report aims at reducing the legal barriers that prevent the effective and efficient flow of health related information within the HIPAA framework. States often have significantly differently laws and regulations regarding patient data privacy that can…
Many firms have strict international travel policies in relation to the use of technology. These policies tend to be more skewed towards countries with greater state control over communications networks and specifically the internet. However, the reality is that you are vulnerable whenever your device is roaming internationally. When roaming, local providers use a global interconnection network to get you back to your home provider. Most traffic on this network uses the SS7 protocol which…