What do you do when your website goes down for two hours, preventing customers from accessing their accounts?
“Fidelity Seeks to Make Amends for Website Glitch,” The Wall Street Journal, December 2, 2017 B11. Company offers commission waivers and to discuss pricing adjustments.
Does your business continuity plan have a chapter on how to serve your customers?
“Three From China Indicted in Cyberattacks,” The Wall Street Journal, November 28, 2017 B4. Allegedly hacked into the email account of an economist at Moody’s and gained access to gigabytes of confidential data of Siemens beginning in 2011.
Who has access to your data? Is the email account of a third-party vendor a potential source of a major leak? Even an economist?
Filed under Access, Compliance, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Information, Interconnections, Internal controls, IT, Oversight, Protect assets, Security, Third parties, Value
Cybersecurity involves protecting the enterprise from internal or external attack and responding after the enterprise has been attacked. How do you ensure your business continues to operate if its cybersecurity is breached? It’s not just sending notices to affected customers and paying for credit watches.
“Banks Create Cyber Doomsday System,” The Wall Street Journal, December 4, 2017 B1. By requiring banks and credit unions to back up their data so that operations can be restored after a breach. This also protects confidence in the overall banking system.
Do you have a business continuity plan? Does it address how you will access your critical information so that you can continue to operate?
What’s surprising is that this is newsworthy.
Filed under Access, Board, Business Case, Business Continuity, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Interconnections, Internal controls, IT, Operations, Oversight, Protect assets, Protect information assets, Security, Value
“Russian Firm Was Long Seen as Threat,” The Wall Street Journal, November 18, 2017 A2. Questions as to the Kaspersky antivirus software company were raised by military intelligence in 2004, well before the 2013 threat assessment issued Pentagon-wide.
Who dropped the ball? Did the Russians have an inside track?
Filed under Access, Communications, Controls, Duty, Duty of Care, Governance, Government, Information, IT, Oversight, Security, Supervision, Value
“Police See Social Media Fuel Crime,” The Wall Street Journal, November 25, 2017 A3. Immediate access to information “played a major role in escalating disputes….”
One assumes that this is true whether the information spread on social media is or isn’t true. Is a lie halfway around the world before the truth gets its shoes on?
What are the social implications of so much (unfiltered and unverified) information being made available to so many so fast? Who has a duty to verify or filter it? How do you control this within the confines of your business? Do you have a duty to? Is the control only common sense?
“Indian Lenders Mine Phone Data,” The Wall Street Journal, November 24, 2017 B10. Lenders fill gap in credit histories by checking data on phones to track Facebook connections and on-line shopping.
So, would we be more comfortable with this approach than the Equifax approach? What’s more private, your phone or your Social Security Number?
“Facebook to Tell Users If They Followed or Liked Russian Pages,” The Wall Street Journal, November 24, 2017 B3. Facebook will tell users if they accessed the 290 Facebook and Instagram pages that the Russians allegedly used in the misinformation campaign.
Who owns the information about what sites you visited? Apparently, Facebook. Does Facebook have a duty to let you know that you accessed “bad” sites? Does doing so make it more or less likely that you will (a) use Facebook or (b) believe what you see on Facebook?