Category Archives: Protect

Going to the movies

Sony was not alone.  HBO gets hacked, too, and Netflix.  Is nothing sacred?

“Hackers Stole HBO Programming,” The Wall Street Journal, August 1, 2017 B2.  Game of Thrones may be coming sooner than planned.    Hacker also got personal information on at least one executive.

How well is your information protected?  What’s that protection worth?

Leave a comment

Filed under Access, Controls, Governance, Information, Internal controls, IT, Management, Protect, Protect assets, Protect information assets, Security, Value

Contractors and the Cloud

Do you have contractors who analyze your data for you?  Do they use cloud storage?  Do you know?  How secure it that?  Is that prohibited by your service contract?

“Data on 198 Million Votes Exposed Online,” The Wall Street Journal, June 20, 2017 A4. Deep Root Analytics, a Republican party consultant, used an online storage system that was reportedly open to the world for several days.  Most/some of the information exposed was publicly available information on voters.  A lot of voters.

Well, at least the Russians (or the DNC) didn’t hack it.  Or did they?

What controls do you have that protect information your consultants are using and the opinions you are paying them to provide you?  Do you care?  It’s not like it’s money or anything.

Leave a comment

Filed under Access, Board, Controls, Corporation, Duty, Governance, IT, Management, Oversight, Protect, Protect assets, Protect information assets, Security, Third parties, Vendors

The self-governing company

Uber fired the executive at the heart of the dispute with Google over self-driving cars.  The exec failed to meet a deadline to comply with a court order to turn over documents in a trade secret case over self-driving cars. “Uber Fires Executive At Center Of Suit,” The Wall Street Journal, May 31, 2017 A1.

Lesson?  If you hire an employee from a competitor and he’s accused of stealing his former employer’s trade secrets, try your best to look good.

What’s your process for keeping new employees, especially from competitors, from damaging your business and your reputation by bringing in your competitor’s trade secrets?  Did you follow it, or is it just there for show?

Leave a comment

Filed under Communications, Compliance, Controls, Corporation, Duty, Employees, Governance, Information, Internal controls, Management, Managers, Oversight, Ownership, Policy, Protect, Third parties, Value

Tending to fences

When talking about cybersecurity, the analogy is made to castle walls.  Like most analogies, it’s true and it isn’t.

Hackers Found Holes In Bank Network,”The Wall Street Journal, May 1, 2017 A1.  Security at the SWIFT network buildings is really tight, as one would expect for a large company whose business is the electronic transfer of “money” across national boundaries.  But apparently, some of the national banks using this service are not as diligent in managing their own security.

Pesky users!

Providing, and denying, access to information are key parts of information governance.  But how do you do that for third parties?  And how do they do it for themselves?

Leave a comment

Filed under Access, Controls, Governance, Interconnections, Internal controls, IT, Management, Operations, Protect, Protect assets, Security, Third parties, Use, Use

Access

If you are in the information business (and who isn’t?), what if you can’t get to that information?  Worse, what if your customers can’t get to information you store for them, or their customers can’t get to their web pages?

“Amazon Outage Hits Cloud Customers,” The Wall Street Journal, March 1, 2017 B4. Failure at a storage center just outside of Washington, D.C. lasted about 4 hours and affected Amazon Web Services.  Uptime/downtime, and reliability.

What’s your plan if your main storage goes out?  How does your business continue to operate?

Leave a comment

Filed under Access, Business Case, Business Continuity, Controls, Governance, Interconnections, IT, Management, Operations, Protect, Protect assets, Risk, Third parties

Wealth Mismanagement

Yes, the Oscars ceremony had its information mix-up, when Warren Beatty was given the wrong envelope.  But who was (and “was” is probably the operative word) in charge of calculating and communicating the cost basis for stock?

“Morgan Stanley Gave Clients Wrong Data,” The Wall Street Journal, February 28, 2017 B9.  Firm miscalculated the cost basis, and therefore the gain, on sales of stocks by the firm’s wealth-management clients for 5 years.  Anticipated cost: $70 million.

How do you ensure that the right information is getting to the right place (person) at the right time?  What controls do you have in place?  Are those controls people, process, or technology?  While it took PWC a few minutes to correct the error at the Oscars, it took Morgan Stanley five years.  Who had the better process?

Leave a comment

Filed under Accuracy, Collect, Communicate, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Internal controls, Management, Managers, Oversight, Policy, Protect, Protect assets, Use

Trade Secrets

An employee leaves Company A and starts a new one, Company B, which is in turn acquired by Company C, a competitor of Company A.  Company C develops a laser sensor for self-driving cars.  Company A sues, alleging the employee downloaded 14,000 files before departing, including information about laser sensors and supplier lists and manufacturing details.

“Alphabet Sues Uber Over Trade Secrets,” The Wall Street Journal, February 24, 2017 B3.

How do you protect the company’s technology jewels?  How do you limit and track access?  How do you ensure that a new employee isn’t bringing something he or she shouldn’t have?  How did the directors and managers allow this to happen, at both Company A and Company C?  Is this information no longer a trade secret because Company A didn’t protect it well enough?

Leave a comment

Filed under Access, Compliance, Compliance, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Information, Internal controls, IT, Management, Managers, Oversight, Ownership, Protect, Protect assets, Security, Third parties