Do you have contractors who analyze your data for you? Do they use cloud storage? Do you know? How secure it that? Is that prohibited by your service contract?
“Data on 198 Million Votes Exposed Online,” The Wall Street Journal, June 20, 2017 A4. Deep Root Analytics, a Republican party consultant, used an online storage system that was reportedly open to the world for several days. Most/some of the information exposed was publicly available information on voters. A lot of voters.
Well, at least the Russians (or the DNC) didn’t hack it. Or did they?
What controls do you have that protect information your consultants are using and the opinions you are paying them to provide you? Do you care? It’s not like it’s money or anything.
Filed under Access, Board, Controls, Corporation, Duty, Governance, IT, Management, Oversight, Protect, Protect assets, Protect information assets, Security, Third parties, Vendors
Uber fired the executive at the heart of the dispute with Google over self-driving cars. The exec failed to meet a deadline to comply with a court order to turn over documents in a trade secret case over self-driving cars. “Uber Fires Executive At Center Of Suit,” The Wall Street Journal, May 31, 2017 A1.
Lesson? If you hire an employee from a competitor and he’s accused of stealing his former employer’s trade secrets, try your best to look good.
What’s your process for keeping new employees, especially from competitors, from damaging your business and your reputation by bringing in your competitor’s trade secrets? Did you follow it, or is it just there for show?
Filed under Communications, Compliance, Controls, Corporation, Duty, Employees, Governance, Information, Internal controls, Management, Managers, Oversight, Ownership, Policy, Protect, Third parties, Value
When talking about cybersecurity, the analogy is made to castle walls. Like most analogies, it’s true and it isn’t.
“Hackers Found Holes In Bank Network,”The Wall Street Journal, May 1, 2017 A1. Security at the SWIFT network buildings is really tight, as one would expect for a large company whose business is the electronic transfer of “money” across national boundaries. But apparently, some of the national banks using this service are not as diligent in managing their own security.
Providing, and denying, access to information are key parts of information governance. But how do you do that for third parties? And how do they do it for themselves?
Filed under Access, Controls, Governance, Interconnections, Internal controls, IT, Management, Operations, Protect, Protect assets, Security, Third parties, Use, Use
If you are in the information business (and who isn’t?), what if you can’t get to that information? Worse, what if your customers can’t get to information you store for them, or their customers can’t get to their web pages?
“Amazon Outage Hits Cloud Customers,” The Wall Street Journal, March 1, 2017 B4. Failure at a storage center just outside of Washington, D.C. lasted about 4 hours and affected Amazon Web Services. Uptime/downtime, and reliability.
What’s your plan if your main storage goes out? How does your business continue to operate?
Filed under Access, Business Case, Business Continuity, Controls, Governance, Interconnections, IT, Management, Operations, Protect, Protect assets, Risk, Third parties
Yes, the Oscars ceremony had its information mix-up, when Warren Beatty was given the wrong envelope. But who was (and “was” is probably the operative word) in charge of calculating and communicating the cost basis for stock?
“Morgan Stanley Gave Clients Wrong Data,” The Wall Street Journal, February 28, 2017 B9. Firm miscalculated the cost basis, and therefore the gain, on sales of stocks by the firm’s wealth-management clients for 5 years. Anticipated cost: $70 million.
How do you ensure that the right information is getting to the right place (person) at the right time? What controls do you have in place? Are those controls people, process, or technology? While it took PWC a few minutes to correct the error at the Oscars, it took Morgan Stanley five years. Who had the better process?
Filed under Accuracy, Collect, Communicate, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Internal controls, Management, Managers, Oversight, Policy, Protect, Protect assets, Use
An employee leaves Company A and starts a new one, Company B, which is in turn acquired by Company C, a competitor of Company A. Company C develops a laser sensor for self-driving cars. Company A sues, alleging the employee downloaded 14,000 files before departing, including information about laser sensors and supplier lists and manufacturing details.
“Alphabet Sues Uber Over Trade Secrets,” The Wall Street Journal, February 24, 2017 B3.
How do you protect the company’s technology jewels? How do you limit and track access? How do you ensure that a new employee isn’t bringing something he or she shouldn’t have? How did the directors and managers allow this to happen, at both Company A and Company C? Is this information no longer a trade secret because Company A didn’t protect it well enough?
Filed under Access, Compliance, Compliance, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Information, Internal controls, IT, Management, Managers, Oversight, Ownership, Protect, Protect assets, Security, Third parties
How many levels of information governance, or the lack thereof, are implicated in the recent dust-up over Michael Flynn?
“Spies Keep Intelligence From Trump,” The Wall Street Journal, February 16, 2017 A1. Did US intelligence officials really hide information from the President?
Mike Flynn may or may not have discussed sanctions with the Russians in December. Trump may or may not have been advised of this in December. Mike Pence may or may not have been advised. Pence said that he had spoken with Flynn and that sanctions hadn’t been discussed. Apparently, there is a classified transcript of Flynn’s phone call, possibly captured in violation of US law. Contents of that reported transcript were possibly released to the media. Certain information allegedly withheld from the President.
What information is important to your company? What controls do you have in place to prevent that information from being leaked? How do you find the leaker? What steps do you take when you find him or her? How do you repair the damage from the leak?
Filed under Controls, Duty, Employees, Governance, Government, Internal controls, Management, Oversight, Protect, Protect assets, Use