“PayPal Discloses Breach At Its TIO Unit,” The Wall Street Journal, December 2, 2017 B11. Upwards of 1.6 million users affected at newly acquired company that has kiosks in retail stores.
When you acquire a company, make sure their cybersecurity is up to snuff. From Day One.
Filed under Board, Compliance, Compliance Verification, Controls, Corporation, Duty, Duty of Care, Governance, Internal controls, IT, Oversight, Oversight, Protect assets, Protect information assets, Security, Supervision
It’s a bad sign when you establish a covert unit.
“Uber Formed Covert Unit to Steal Trade Secrets, Ex-Employee Says,” The Wall Street Journal, November 29, 2017 A1. According to a former security employee, Uber “had a team dedicated to stealing [competitors’] trade secrets and helped employees dodge regulators’ scrutiny.”
This information was in a letter read to the jury in the Alphabet/Uber trade secret litigation. Ouch.
What does it say about the company’s commitment to compliance with law (including the rights of others)? Are RICO charges far behind?
If Uber loses the case, will shareholders sue the directors who allowed this to happen?
Filed under Board, Compliance, Compliance, Controls, Corporation, Culture, Culture, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Management, Oversight, Oversight, Supervision
“Chicago Sues Uber For Lag in Reporting Data Hack,” The Wall Street Journal, November 28, 2017 B4. Following the disclosure of the year-old breach of 57 million accounts, Uber is sued for consumer fraud and deceptive business practices, among other things.
There is the breach. And then your response to the breach. And then the regulators’ and the customers’ and the shareholders’ response to the breach.
Filed under Communications, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Investor relations, IT, Oversight, Protect assets, Security, Supervision, To report, Value
“Russian Firm Was Long Seen as Threat,” The Wall Street Journal, November 18, 2017 A2. Questions as to the Kaspersky antivirus software company were raised by military intelligence in 2004, well before the 2013 threat assessment issued Pentagon-wide.
Who dropped the ball? Did the Russians have an inside track?
Filed under Access, Communications, Controls, Duty, Duty of Care, Governance, Government, Information, IT, Oversight, Security, Supervision, Value
“Faked Data at Issue Again in Japan,” The Wall Street Journal, November 25, 2017 B1. Mitsubishi Materials continued to ship car, plane, and power-plant parts to 200 customers (including in the US) while factory workers were fudging quality data on rubber gaskets and copper products. As is common, they sat on the news for a while.
This follows similar stories about Kobe Steel and Nissan Motors. So much for the much-vaunted quality initiatives in Japan. These types of problems “have deep roots in Japan Inc.’s governance problems,” which rely on decentralized and largely independent operations.
If there’s a problem somewhere else in your industry, you probably have it, too; you just haven’t found it yet.
Filed under Accuracy, Board, Compliance, Controls, Corporation, Culture, Data quality, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Managers, Oversight, Protect assets, Supervision, To report, Vendors
“SEC Accuses Long Island Town of Fraud,” The Wall Street Journal, November 24, 2017 B11. SEC alleges town failed to tell bondholders about special loan deals. Town feels victimized, as the town board didn’t know of the special deals.
If you have a duty to disclose certain information, and don’t disclose it, that is called either “failure to disclose” or “fraud.” Or a failure of management. There are certain things that, as a director, you are supposed to know.
Board members are fiduciaries.
Filed under Accuracy, Board, Communications, Compliance, Compliance, Corporation, Data quality, Directors, Duty, Duty of Care, Governance, Inform market, Inform shareholders, Investor relations, Oversight, Supervision, To report, Value
What do you do when a rogue employee decides to express his or her politics by messing with your product? Could that affect your brand?
No, this isn’t about the NFL.
“Twitter Tightens Security,” The Wall Street Journal, November 4, 2017 B3. Security lapse allows a departing and now former Twitter employee to shut down President Trump’s Twitter feed for eleven minutes.
Cybersecurity focuses not only on external hackers but also internal bad-deed doers. Sometimes, even well-designed security plans fail. But those third-party plans are protecting your information in their control.
Do you have special controls for special celebrity cases? Do you take extra steps for departing employees?
Not sure Twitter is a brand.
Filed under Access, Business Continuity, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Management, Oversight, Protect, Protect assets, Security, Supervision