What do you do when a rogue employee decides to express his or her politics by messing with your product? Could that affect your brand?
No, this isn’t about the NFL.
“Twitter Tightens Security,” The Wall Street Journal, November 4, 2017 B3. Security lapse allows a departing and now former Twitter employee to shut down President Trump’s Twitter feed for eleven minutes.
Cybersecurity focuses not only on external hackers but also internal bad-deed doers. Sometimes, even well-designed security plans fail. But those third-party plans are protecting your information in their control.
Do you have special controls for special celebrity cases? Do you take extra steps for departing employees?
Not sure Twitter is a brand.
Filed under Access, Business Continuity, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Management, Oversight, Protect, Protect assets, Security, Supervision
As if Facebook weren’t enough, the Russians allegedly go after the phones of NATO soldiers.
“Russia Targets NATO Soldiers in Phone Hack,” The Wall Street Journal, October 5, 2017 A1. Use of drones suggests a national actor.
Do you control what your employees have on their phones? Can you? How? What if it is your company’s proprietary data? Or overseas?
Filed under Access, Compliance, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Information, Internal controls, IT, Oversight, Ownership, Protect, Protect assets, Security
“Key Filing Made in Battle Between Alphabet, Uber,” The Wall Street Journal, October 2, 2017 B3. Uber apparently knew that “a former Google engineer had confidential Google files before buying his self-driving-car startup.” 50,000 emails, among others.
Do you have processes in place to prevent this from happening when you hire a competitor’s former employee or buy their company? What about when one of your employees (or contractors) leaves?
Filed under Access, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Ownership, Protect, Protect assets, Third parties
Sony was not alone. HBO gets hacked, too, and Netflix. Is nothing sacred?
“Hackers Stole HBO Programming,” The Wall Street Journal, August 1, 2017 B2. Game of Thrones may be coming sooner than planned. Hacker also got personal information on at least one executive.
How well is your information protected? What’s that protection worth?
Filed under Access, Controls, Governance, Information, Internal controls, IT, Management, Protect, Protect assets, Protect information assets, Security, Value
Do you have contractors who analyze your data for you? Do they use cloud storage? Do you know? How secure it that? Is that prohibited by your service contract?
“Data on 198 Million Votes Exposed Online,” The Wall Street Journal, June 20, 2017 A4. Deep Root Analytics, a Republican party consultant, used an online storage system that was reportedly open to the world for several days. Most/some of the information exposed was publicly available information on voters. A lot of voters.
Well, at least the Russians (or the DNC) didn’t hack it. Or did they?
What controls do you have that protect information your consultants are using and the opinions you are paying them to provide you? Do you care? It’s not like it’s money or anything.
Filed under Access, Board, Controls, Corporation, Duty, Governance, IT, Management, Oversight, Protect, Protect assets, Protect information assets, Security, Third parties, Vendors
Uber fired the executive at the heart of the dispute with Google over self-driving cars. The exec failed to meet a deadline to comply with a court order to turn over documents in a trade secret case over self-driving cars. “Uber Fires Executive At Center Of Suit,” The Wall Street Journal, May 31, 2017 A1.
Lesson? If you hire an employee from a competitor and he’s accused of stealing his former employer’s trade secrets, try your best to look good.
What’s your process for keeping new employees, especially from competitors, from damaging your business and your reputation by bringing in your competitor’s trade secrets? Did you follow it, or is it just there for show?
Filed under Communications, Compliance, Controls, Corporation, Duty, Employees, Governance, Information, Internal controls, Management, Managers, Oversight, Ownership, Policy, Protect, Third parties, Value
When talking about cybersecurity, the analogy is made to castle walls. Like most analogies, it’s true and it isn’t.
“Hackers Found Holes In Bank Network,”The Wall Street Journal, May 1, 2017 A1. Security at the SWIFT network buildings is really tight, as one would expect for a large company whose business is the electronic transfer of “money” across national boundaries. But apparently, some of the national banks using this service are not as diligent in managing their own security.
Providing, and denying, access to information are key parts of information governance. But how do you do that for third parties? And how do they do it for themselves?
Filed under Access, Controls, Governance, Interconnections, Internal controls, IT, Management, Operations, Protect, Protect assets, Security, Third parties, Use, Use