Weakest link

Where do you start if you want to pierce a corporation’s cybersecurity protections?  The CEO.

“Goldman, Citi Bosses Duped by Email Prankster,” The Wall Street Journal, June 13, 2017 B11.  Although nothing confidential was leaked, the CEOs bought into phishing emails.

Hard to blame the Chief Information Security Officer.  One assumes there’s a policy in place, but can you write a policy to protect against this?  Who else in the corporation isn’t following the existing policy?  How do you fix? Two-factor authentication for every email to/from a senior exec?  Encryption?

Advertisements

Leave a comment

Filed under Access, Compliance, Compliance, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Management, Policy, Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s