What happens to your business if you or your customers can’t get to the Internet?
“Visa Hit by Outrage In Parts of Europe,” The Wall Street Journal, June 2, 2018 B12. Users of Visa cards in Europe couldn’t use their cards on Friday as the result of a hardware failure.
Are you prepared for a hardware failure that prevents your customers from reaching you? Is this an aspect of information governance? Business continuity planning? Both?
“Probes, Cyberattack Distract Atlanta as It Pitches Amazon,” The Wall Street Journal, May 29, 2018 A3. Investigations of former mayor and the aftermath of a ransomware attack hamper efforts to entice Amazon to the city.
Corporations should conduct structured risk assessments. Do cities?
One assumes Atlanta has done a risk assessment and identified the risk of official misconduct. Did it also capture the risk of a cyberattack? Did the risk assessment suggest that if these risks occurred, Atlanta would lose the chance of phenomenal growth?
Filed under Business Continuity, Communicate, Compliance, Compliance, Controls, Duty, Duty of Care, Governance, Government, Internal controls, IT, Management, Operations, Oversight, Protect assets, Risk assessment, Security, Third parties
“Police Move to Make Their Radio Traffic Private,” The Wall Street Journal, May 18, 2018 A3. Police encrypt or delay release of radio traffic, limiting but not preventing public access. Keeps the crowds down.
So, they can’t limit your speech, but they can delay your access to theirs? Makes sense, if they’re planning a SWAT raid. How transparent do we want the police to be? How transparent should your company be?
Filed under Access, Business Continuity, Controls, Duty, Government, Information, Internal controls, Operations, Security, Third parties, Value
What do you do when your website goes down for two hours, preventing customers from accessing their accounts?
“Fidelity Seeks to Make Amends for Website Glitch,” The Wall Street Journal, December 2, 2017 B11. Company offers commission waivers and to discuss pricing adjustments.
Does your business continuity plan have a chapter on how to serve your customers?
Cybersecurity involves protecting the enterprise from internal or external attack and responding after the enterprise has been attacked. How do you ensure your business continues to operate if its cybersecurity is breached? It’s not just sending notices to affected customers and paying for credit watches.
“Banks Create Cyber Doomsday System,” The Wall Street Journal, December 4, 2017 B1. By requiring banks and credit unions to back up their data so that operations can be restored after a breach. This also protects confidence in the overall banking system.
Do you have a business continuity plan? Does it address how you will access your critical information so that you can continue to operate?
What’s surprising is that this is newsworthy.
Filed under Access, Board, Business Case, Business Continuity, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Interconnections, Internal controls, IT, Operations, Oversight, Protect assets, Protect information assets, Security, Value
What do you do when a rogue employee decides to express his or her politics by messing with your product? Could that affect your brand?
No, this isn’t about the NFL.
“Twitter Tightens Security,” The Wall Street Journal, November 4, 2017 B3. Security lapse allows a departing and now former Twitter employee to shut down President Trump’s Twitter feed for eleven minutes.
Cybersecurity focuses not only on external hackers but also internal bad-deed doers. Sometimes, even well-designed security plans fail. But those third-party plans are protecting your information in their control.
Do you have special controls for special celebrity cases? Do you take extra steps for departing employees?
Not sure Twitter is a brand.
Filed under Access, Business Continuity, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Management, Oversight, Protect, Protect assets, Security, Supervision
“Faux Ransomware Does Damage,” The Wall Street Journal, June 30, 2017 B3. Motive for recent attacks was not blackmail, but just disruption. The files that were attacked may not be recoverable. “Malware Leaves Big Law Firm Hobbled,” The Wall Street Journal, June 30, 2017 B3. DLA Piper shuts down after its computer systems hit. “Hospital Is Forced To Scrap Computers,” The Wall Street Journal, June 30, 2017 B3. West Virginia hospital tosses its entire computer network after cyberattack.
Have the Visigoths gathered at the gate? If we can’t protect our computers and the information they contain and send, does our civilization survive? Is IT now more important that all the other functions?
Filed under Access, Business Case, Business Continuity, Controls, Information, Interconnections, IT, Operations, Risk, Security, Value