What do you do when a rogue employee decides to express his or her politics by messing with your product? Could that affect your brand?
No, this isn’t about the NFL.
“Twitter Tightens Security,” The Wall Street Journal, November 4, 2017 B3. Security lapse allows a departing and now former Twitter employee to shut down President Trump’s Twitter feed for eleven minutes.
Cybersecurity focuses not only on external hackers but also internal bad-deed doers. Sometimes, even well-designed security plans fail. But those third-party plans are protecting your information in their control.
Do you have special controls for special celebrity cases? Do you take extra steps for departing employees?
Not sure Twitter is a brand.
Filed under Access, Business Continuity, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Management, Oversight, Protect, Protect assets, Security, Supervision
“Faux Ransomware Does Damage,” The Wall Street Journal, June 30, 2017 B3. Motive for recent attacks was not blackmail, but just disruption. The files that were attacked may not be recoverable. “Malware Leaves Big Law Firm Hobbled,” The Wall Street Journal, June 30, 2017 B3. DLA Piper shuts down after its computer systems hit. “Hospital Is Forced To Scrap Computers,” The Wall Street Journal, June 30, 2017 B3. West Virginia hospital tosses its entire computer network after cyberattack.
Have the Visigoths gathered at the gate? If we can’t protect our computers and the information they contain and send, does our civilization survive? Is IT now more important that all the other functions?
Filed under Access, Business Case, Business Continuity, Controls, Information, Interconnections, IT, Operations, Risk, Security, Value
Gee, how important are computers to your company? Or, more importantly, the information they contain?
“Big Outage Dogs British Airways,” The Wall Street Journal, May 30, 2017 B3. A power surge apparently takes out BA’s entire IT system. No flights, no baggage, and no customer communications. This is partly a business continuity problem, and is a predictable hazard (I was working at Amoco in Chicago in the 90’s when a flood took out the email servers that were then in the basement- Ed.). But it also highlights how important access to information is to having your business run right. If you put all your eggs in one basket, watch that basket.
What happens when you have so much information that you can’t read it all? “U.K.’s MI5 Begins Internal Probe,” The Wall Street Journal, May 30, 2017 A9. Apparently, the suicide bomber in Manchester was on, and then off, the security service’s radar screen. He was one of 20,000 suspects, but not among the 3,000 most active ones.
Filed under Access, Accuracy, Business Continuity, Communications, Controls, Duty, Governance, Government, Information, Interconnections, IT, Operations, Oversight, Supervision, Third parties, Value
“In Cyberwar, Spies May Be Targets,” The Wall Street Journal, May 25, 2017 B4. In a breach of protocol, the hackers behind the WannaCry ransomware attack may be releasing the names of some of the hackers working for the NSA. Certainly cuts down on their foreign travel.
If they can’t keep their own secrets secret, what’s a body to do? Will this shut them down?
How well does your company keep its secrets? How important is it to your employees?
If you are in the information business (and who isn’t?), what if you can’t get to that information? Worse, what if your customers can’t get to information you store for them, or their customers can’t get to their web pages?
“Amazon Outage Hits Cloud Customers,” The Wall Street Journal, March 1, 2017 B4. Failure at a storage center just outside of Washington, D.C. lasted about 4 hours and affected Amazon Web Services. Uptime/downtime, and reliability.
What’s your plan if your main storage goes out? How does your business continue to operate?
Filed under Access, Business Case, Business Continuity, Controls, Governance, Interconnections, IT, Management, Operations, Protect, Protect assets, Risk, Third parties
What happens if you do a reorganization and delete a department head without clearly establishing who’s going to pick up the various responsibilities of that department?
Apparently, Credit Suisse wasn’t clear, so now there’s a “discussion” of who was responsible for $1 billion in losses from a department that no longer had a manager.
“Inside Credit Suisse, Finger-Pointing and Confusion Over $1 Billion Loss,” The Wall Street Journal, April 29, 2016 C1. In October 2015, the global head of fixed income stepped down (or was stepped down). Between then and January 2016 or so, no one was watching that store.
Lesson: close the loop and connect the dots.
Filed under Board, Business Case, Business Continuity, Communications, Controls, Directors, Duty, Duty of Care, Governance, Internal controls, Management, Operations, Oversight, Oversight, Protect, Protect assets, Protect information assets, Risk
You run mutual funds. Your customers want to be able to figure out the value of their investments. But they can’t, because of a computer glitch at a vendor.
“Pricing Snag Stymies Trading in Popular Funds,” The Wall Street Journal, August 27, 2015, A1. Mutual funds can’t supply customers pricing information because of a computer problem at Bank of New York Mellon Corp. Not a great week for that.
What information do you rely on to do your business, and how much of that comes from a third party? What happens if that third party doesn’t perform as expected? Is that information governance, or something else? Does it help that a lot of others relied on that same third party?