What do you do when your website goes down for two hours, preventing customers from accessing their accounts?
“Fidelity Seeks to Make Amends for Website Glitch,” The Wall Street Journal, December 2, 2017 B11. Company offers commission waivers and to discuss pricing adjustments.
Does your business continuity plan have a chapter on how to serve your customers?
Cybersecurity involves protecting the enterprise from internal or external attack and responding after the enterprise has been attacked. How do you ensure your business continues to operate if its cybersecurity is breached? It’s not just sending notices to affected customers and paying for credit watches.
“Banks Create Cyber Doomsday System,” The Wall Street Journal, December 4, 2017 B1. By requiring banks and credit unions to back up their data so that operations can be restored after a breach. This also protects confidence in the overall banking system.
Do you have a business continuity plan? Does it address how you will access your critical information so that you can continue to operate?
What’s surprising is that this is newsworthy.
Filed under Access, Board, Business Case, Business Continuity, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Interconnections, Internal controls, IT, Operations, Oversight, Protect assets, Protect information assets, Security, Value
What do you do when a rogue employee decides to express his or her politics by messing with your product? Could that affect your brand?
No, this isn’t about the NFL.
“Twitter Tightens Security,” The Wall Street Journal, November 4, 2017 B3. Security lapse allows a departing and now former Twitter employee to shut down President Trump’s Twitter feed for eleven minutes.
Cybersecurity focuses not only on external hackers but also internal bad-deed doers. Sometimes, even well-designed security plans fail. But those third-party plans are protecting your information in their control.
Do you have special controls for special celebrity cases? Do you take extra steps for departing employees?
Not sure Twitter is a brand.
Filed under Access, Business Continuity, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Management, Oversight, Protect, Protect assets, Security, Supervision
The adventure continues, after Kobe Steel announced earlier this month that workers at several different facilities had fudged paperwork on product quality, dating back to at least 2007. Apparently, getting that type of paperwork accurate is important. To someone.
“U.S. Looking Into Kobe Steel Scandal,” The Wall Street Journal, October 18, 2017 B3. Department of Justice kicks off a request for information after company disclosures about practices in Japan. Affects product sold into manufacturers of train, planes, and cars.
More to follow. Expect Congress to weigh in shortly. Again, the problem occurred in more than one facility, over a period of years. Is that a failure of compliance, or culture, or both?
An example of the intersection of governance, compliance, and information.
Filed under Accuracy, Compliance, Controls, Corporation, Culture, Data quality, Definition, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Reliance, Use, Value
Not Kobe beef.
“Suspect Metal Rattles Car Makers,” The Wall Street Journal, October 12, 2017 B1. A supplier (Kobe Steel) falsifies some of its product-quality paperwork. Result: manufacturers of planes, trains, and cars (and others) need to check that the faulty material doesn’t compromise safety.
How valuable is the information you get from your vendors? How accurate is it? Do you verify?
Filed under Accuracy, Compliance, Controls, Corporation, Data quality, Duty, Duty of Care, Governance, Information, Internal controls, Oversight, Third parties, Use, Value, Vendors
“Banks Weigh Shift From Equifax,” The Wall Street Journal, September 13, 2017 B14. Hack of 143 million accounts causes banks to turn to Equifax’s competitors.
Talk about closing the barn door after 143 million horses have bolted! What are the banks doing to prevent the fraudulent use of the information obtained through the hack in their decisions to issue or deny credit? Merely moving to a different credit bureau doesn’t begin to address the flaw in the banking system’s reliance on your Social Security Number and date of birth to uniquely identify you.
Not that I’m calling for a National ID card. Maybe we should all have a microchip, like our pets. Don’t we need a new solution, suitable for the digital age?
See related note at “Hack of All Hacks,” September 12, 2017.
Filed under Access, Accuracy, Controls, Corporation, Duty, Duty of Care, Governance, Information, Internal controls, Operations, Oversight, Privacy, Protect assets, Third parties, Use, Value
“Faux Ransomware Does Damage,” The Wall Street Journal, June 30, 2017 B3. Motive for recent attacks was not blackmail, but just disruption. The files that were attacked may not be recoverable. “Malware Leaves Big Law Firm Hobbled,” The Wall Street Journal, June 30, 2017 B3. DLA Piper shuts down after its computer systems hit. “Hospital Is Forced To Scrap Computers,” The Wall Street Journal, June 30, 2017 B3. West Virginia hospital tosses its entire computer network after cyberattack.
Have the Visigoths gathered at the gate? If we can’t protect our computers and the information they contain and send, does our civilization survive? Is IT now more important that all the other functions?
Filed under Access, Business Case, Business Continuity, Controls, Information, Interconnections, IT, Operations, Risk, Security, Value