In an earlier blog post I wrote about how [w]hen your company has a data breach, these are the top 3 questions that you will be required to answer: How did the breach happen? What steps did your company take before the breach to protect the data and keep it from happening? What steps is…
Tag: Officers & Directors
What is Corporate Espionage, Industrial Espionage, Cyber Espionage, and Economic Espionage? The DOJ Explains …
What is Cyber Espionage? Corporate espionage, industrial espionage, and cyber espionage all generally mean the same thing: (1) intentionally targeting or acquiring trade secrets of companies to benefit any foreign government, foreign instrumentality, or foreign agent, (FBI) which means, in simpler terms, (2) espionage conducted to gain a commercial advantage (Wikipedia). What is this not? This…
Two Step Data Breach Risk Test for Texas Businesses
Does your business have this digital information about other people? 1. last name + first name or first initial + social security number, driver’s license number, or other government issued identification, or account or card numbers + access codes, or 2. information that identifies an individual + concerns a health condition or healthcare If you answered…
The #1 Thing the C-Suite Can Learn from Target’s CEO’s Resignation
Data security is such a threat to businesses that it must be a key tenet of leadership for the C-Suite and the Boardroom. Over the last several years I have written and spoken extensively about the risks that businesses face from the threat of data breaches. (posts) One of the points I try to make is that…
Corporate Espionage: Hacking A Company Through A Chinese Restaurant Takeout Menu
Corporate espionage (industrial espionage) is a favorite topic of mine. I have written and presented on the subject quite a bit and, while I am never sure how my readers react when I write about this, I do carefully watch the look on my audience members’ faces when I first mention the issue. The story…
The Legal Side of Data Breach and Third Party Risk (presentation slides)
I presented at the Institute of Internal Auditors 9th Annual Fraud Summit on The Legal Side of Data Breach and Third Party Risk. My co-presenter was Christopher Mitchell of Crowe Horwath. The following are the presentation slides used for my part of the presentation. Key Takeaway: Your company is still responsible for a data breach…
What did Sun Tzu teach about cybersecurity?
Sun Tzu taught that, when it comes to cybersecurity, you must be wary of your business associates and other third parties. Why? Have you heard of the national retailer that what was hit with a perfectly timed cyber attack on Black Friday ’13 that resulted in credit card data from roughly 110 million customers being taken? That…
Why is PNC Bank Accusing Morgan Stanley of Corporate Espionage and Trade Secret Theft?
I often write about corporate espionage and trade secrets but I bet some of you may still be trying to imagine real-world scenarios that demonstrate exactly what those terms mean and how they apply. Let me tell you a story and see if it helps it make more sense. Let’s Talk About Your Business Let’s say…
The SEC Will Begin Looking at Companies’ IT Security and Data Breach Response Policies
THE POINT: Recent statements from the SEC indicate that the new standard of care for companies may require policies in place for (1) prevention, detection, and response to cyber attacks and data breaches, (2) IT training focused on security, and (3) vendor access to company systems and vendor due diligence. Do you still think your…
Breach Notifications Should Focus On Preserving The Customer Relationship First, Then On Legal Requirements
When responding to a data breach, the company has two primary objectives that must be balanced: (1) complying with the legal notification and remediation requirements; and (2) preserving its relationship with its customers. In my opinion, the second is always the most important because if the business fails, we too have failed. In order to…
You must be logged in to post a comment.