Do you have contractors who analyze your data for you? Do they use cloud storage? Do you know? How secure it that? Is that prohibited by your service contract?
“Data on 198 Million Votes Exposed Online,” The Wall Street Journal, June 20, 2017 A4. Deep Root Analytics, a Republican party consultant, used an online storage system that was reportedly open to the world for several days. Most/some of the information exposed was publicly available information on voters. A lot of voters.
Well, at least the Russians (or the DNC) didn’t hack it. Or did they?
What controls do you have that protect information your consultants are using and the opinions you are paying them to provide you? Do you care? It’s not like it’s money or anything.
Filed under Access, Board, Controls, Corporation, Duty, Governance, IT, Management, Oversight, Protect, Protect assets, Protect information assets, Security, Third parties, Vendors
Where do you start if you want to pierce a corporation’s cybersecurity protections? The CEO.
“Goldman, Citi Bosses Duped by Email Prankster,” The Wall Street Journal, June 13, 2017 B11. Although nothing confidential was leaked, the CEOs bought into phishing emails.
Hard to blame the Chief Information Security Officer. One assumes there’s a policy in place, but can you write a policy to protect against this? Who else in the corporation isn’t following the existing policy? How do you fix? Two-factor authentication for every email to/from a senior exec? Encryption?
Filed under Access, Compliance, Compliance, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Management, Policy, Security
How do you forecast what information the company will need twenty years from now, long after your retirement?
“First Job of Dismantling Nuclear Plants: Find a Russian Speaker,” The Wall Street Journal, June 12, 2017 A1. Dismantling engineers encounter problems when trying to decontaminate and tear down an old nuclear facility. The engineering drawings are not necessarily accurate as-built diagrams, and a lot of the language is Russian.
An organization needs a lot of information. One area is “What information will we need when it’s time to dismantle this great thing we just built?” Is this information governance, records management, or knowledge management? Does it matter? Who owns this problem? This same problem came up in my prior life when looking at the information requirements to shut down and dismantle a North Sea oil platform – a lot of that information needs to be captured at the front end and during the life of the facility, and maintained until the facility is removed.
How do you deal with claims of sexual harassment? Have two law firms conduct investigations and fire 20 people. But will that be the end or the middle?
“Uber Fires Over 20 In Wake Of Probe,” The Wall Street Journal, June 7, 2017 B1. Over two hundred claims investigated and no action taken in 100 of them.
Were there supervisors who participated or condoned or who failed to notice or respond? Were there reporting practices and policies in place? If harassment was “accepted” in the Uber culture, who’s to blame? HR? The Board? Management? How long had this been going on? How much will the shareholders have to pay?
A summary of one of the law firm reports is due out soon.
Filed under Board, Compliance, Compliance, Compliance, Controls, Corporation, Culture, Culture, Duty, Employees, Governance, Internal controls, Management, Oversight, Oversight
Uber fired the executive at the heart of the dispute with Google over self-driving cars. The exec failed to meet a deadline to comply with a court order to turn over documents in a trade secret case over self-driving cars. “Uber Fires Executive At Center Of Suit,” The Wall Street Journal, May 31, 2017 A1.
Lesson? If you hire an employee from a competitor and he’s accused of stealing his former employer’s trade secrets, try your best to look good.
What’s your process for keeping new employees, especially from competitors, from damaging your business and your reputation by bringing in your competitor’s trade secrets? Did you follow it, or is it just there for show?
Filed under Communications, Compliance, Controls, Corporation, Duty, Employees, Governance, Information, Internal controls, Management, Managers, Oversight, Ownership, Policy, Protect, Third parties, Value
Executives do go to jail. “Ex-VW Official to Stay in Jail,” The Wall Street Journal, May 26, 2017 B3. The official was head of the environmental and engineering office. VW had already pleaded guilty to criminal charges in connection with the diesel emissions scandal. So the company AND some executives are criminally charged! Guess Sally Yates meant it. At least for foreign companies. But no directors have been sued. Yet.
“FBI Holds Memos for Now,” The Wall Street Journal, May 26, 2017 A4. Congress wants the memos that ex-Director Comey wrote, but the existence of the special counsel (also the ex-Director) and Congressional “inquiries” have muddied the waters. Whose information is it, anyway? And can’t we all look at them together? Right after Mr. Comey testifies? Interesting that the FBI can withhold non-privileged memos, whatever their weight may be.
Chairman doesn’t go to jail. “Leader of Brazil’s JBS Steps Down,” The Wall Street Journal, May 27, 2017 B1. The bribing scandal in Brazil’s meat-packing industry removes the chairman and his brother from the Board (although the brother remains as CEO). The chairman signed a plea bargain in exchange for criminal immunity. Curious about the culture at the company after the plea deal.
Filed under Board, Compliance, Compliance, Compliance, Controls, Corporation, Culture, Culture, Directors, Duty, Employees, Governance, Information, Internal controls, Investor relations, Management, Oversight, Oversight, Ownership
“FCC Won’t Move Against Colbert for Crude Remarks,” The Wall Street Journal, May 24, 2017 A3. Remarks about Trump don’t draw a fine. The question remains, what will? What’s the impact of the regulator not even trying to enforce regulatory standards?
“Pakistan Investigates Social-Media Critics of Its Military,” The Wall Street Journal, May 24, 2017 A8. Twenty-seven critics investigated for “unacceptable” comments criticizing and ridiculing the military and judiciary. The FCC wasn’t consulted.
2. “U.S. Sues Chrysler Over Emissions Tests,” The Wall Street Journal, May 24, 2017 B1. Apparently VW wasn’t the only one seeking to game the emissions-testing process.
3. “Human Still Rule Machines in Insurance,” The Wall Street Journal, May 24, 2017 B1. Despite the new sources of data, and the ability of computer programs to determine how much an individual insurance policy should cost, humans are still a necessary decision-maker.
4. “Target Settles Probe Into Its 2013 Hack,” The Wall Street Journal, May 24, 2017 B3. Following the 2013 data breach, Target pays an additional $18.5 million to settle state charges.
5. “High-Ranking Chinese Regulator Faces Probe,” The Wall Street Journal, May 24, 2017 B14. Assistant chairman of the China Banking Regulatory Commission fired for breaking the rules. Details not available.
Filed under Accuracy, Analytics, Compliance, Compliance, Controls, Corporation, Culture, Duty, Employees, Governance, Government, Information, Internal controls, Management, Managers, Oversight, Supervision, Value