Category Archives: IT

Breach at PayPal

“PayPal Discloses Breach At Its TIO Unit,” The Wall Street Journal, December 2, 2017 B11.  Upwards of 1.6 million users affected at newly acquired company that has kiosks in retail stores.

When you acquire a company, make sure their cybersecurity is up to snuff.  From Day One.

Advertisements

Leave a comment

Filed under Board, Compliance, Compliance Verification, Controls, Corporation, Duty, Duty of Care, Governance, Internal controls, IT, Oversight, Oversight, Protect assets, Protect information assets, Security, Supervision

Cyberattacks

“Three From China Indicted in Cyberattacks,” The Wall Street Journal, November 28, 2017 B4.  Allegedly hacked into the email account of an economist at Moody’s and gained access to gigabytes of confidential data of Siemens beginning in 2011.

Who has access to your data?  Is the email account of a third-party vendor a potential source of a major leak?  Even an economist?

Leave a comment

Filed under Access, Compliance, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Information, Interconnections, Internal controls, IT, Oversight, Protect assets, Security, Third parties, Value

Was your ride late?

“Chicago Sues Uber For Lag in Reporting Data Hack,” The Wall Street Journal, November 28, 2017 B4.  Following the disclosure of the year-old breach of 57 million accounts, Uber is sued for consumer fraud and deceptive business practices, among other things.

There is the breach.  And then your response to the breach.  And then the regulators’ and the customers’ and the shareholders’ response to the breach.

Leave a comment

Filed under Communications, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Investor relations, IT, Oversight, Protect assets, Security, Supervision, To report, Value

Cybersecurity

Cybersecurity involves protecting the enterprise from internal or external attack and responding after the enterprise has been attacked.  How do you ensure your business continues to operate if its cybersecurity is breached?  It’s not just sending notices to affected customers and paying for credit watches.

“Banks Create Cyber Doomsday System,” The Wall Street Journal, December 4, 2017 B1.  By requiring banks and credit unions to back up their data so that operations can be restored after a breach.  This also protects confidence in the overall banking system.

Do you have a business continuity plan?  Does it address how you will access your critical information so that you can continue to operate?

What’s surprising is that this is newsworthy.

Leave a comment

Filed under Access, Board, Business Case, Business Continuity, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Interconnections, Internal controls, IT, Operations, Oversight, Protect assets, Protect information assets, Security, Value

More executive firings

“Security Shake-Up At Uber,” The Wall Street Journal, December 4, 2017 B4.  Three members of Uber’s security team resigned.  Voluntarily.  And another is on extended medical leave.

This after Uber recently disclosed a data breach a year ago that exposed 57 million user accounts.  And after reports of a team established to access competitors’ technology.

Culture, anyone?  Or attempts to protect the brand at the expense of employees?

Leave a comment

Filed under Compliance, Controls, Corporation, Culture, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Oversight, Protect assets, Security

Collecting personal information

Those of us familiar with the EU are familiar with government agencies placing and enforcing restrictions on the collection of personal information, to protect the privacy rights of its citizens.

“CFPB Curbs Data Collection,” The Wall Street Journal, December 5, 2017 B5. The Consumer Financial Protection Bureau stops collecting personal information (including data on credit cards and mortgages) until adequate cybersecurity protections are in place.

Delicate balance between protecting privacy and protecting your credit?  Or the recognition by the government of their duty to protect our information?

Leave a comment

Filed under Controls, Duty, Duty of Care, Governance, Government, Information, Internal controls, IT, Ownership, Privacy, Protect assets, Security

Kaspersky

“Russian Firm Was Long Seen as Threat,” The Wall Street Journal, November 18, 2017 A2.  Questions as to the Kaspersky antivirus software company were raised by military intelligence in 2004, well before the 2013 threat assessment issued Pentagon-wide.

Who dropped the ball?  Did the Russians have an inside track?

Leave a comment

Filed under Access, Communications, Controls, Duty, Duty of Care, Governance, Government, Information, IT, Oversight, Security, Supervision, Value