Posts Tagged ‘cybersecurity’
Ransomware: To Disclose or Not
Perhaps you have some free time today, while your IT department tries to extricate the company’s computer systems from a ransomware attack. In that case, let’s talk about whether to disclose it. This week I had the good fortune to participate in a cybersecurity conference in Stamford, Conn., that brought together the law enforcement, internal…
Read MoreMicrosoft’s New Cyber Assessment Tool Just Dropped
Just in time for everyone gathering at the RSA Conference in San Francisco this week, Microsoft has announced plans to rate the effectiveness of customers’ cybersecurity efforts—and at least one insurance company will start using that score to set prices for its cyber-insurance policies. That move is possible thanks to Office 365, the cloud-based version…
Read MoreTwo Compliance Lessons From Baseball Today
A big thank you goes to Major League Baseball today, for giving compliance officers a great example of why their jobs are important—both the big picture stuff about ethics and values, and the nitty-gritty stuff about internal controls. A gift like that doesn’t come along often. The example is the $2 million fine and surrender…
Read More10 Quick Tips on Cybersecurity, Privacy
The Society of Corporate Compliance & Ethics annual conference always provides a torrent of useful ideas and advice. I spent the first day attending several sessions on cybersecurity risks and privacy compliance. Without further delay, here is a collection of random observations I jotted down, in no particular order… Remember that one weak spot in…
Read MoreMore Cybersecurity Lessons From Morgan Stanley
Last week I had a post about the SEC’s recent cybersecurity enforcement action against Morgan Stanley, examining the internal control failures that allowed a now-former employee to swipe the personal data of 730,000 customers. Well, if you’d like to consider that enforcement action from another angle, go read John Reed Stark’s excellent piece on what…
Read MoreBoring Lessons on Cybersecurity Controls
Last week the Securities and Exchange Commission dinged Morgan Stanley $1 million for poor cybersecurity controls. The case is an excellent primer on policy management, compliance, and cybersecurity risks, so let’s take a look. The case centers on Morgan Stanley Smith Barney, one of the bank’s subsidiaries; and a financial adviser there named Galen Marsh.…
Read MoreTale From the Front Lines of Small Frauds
I have always been a believer in paying my credit card balances in full, every month. So when Mrs. Radical Compliance had a few minutes last Saturday afternoon, I was happy to see that she decided to do the same with a personal credit card she has, too. This credit card is affiliated with one of…
Read MoreThe ‘This Seems Weird’ Control for Data Privacy
Not long ago I heard the story of a CEO who was the victim of attempted “spear phishing”—where some outside hacker impersonates the boss, and via email asks employees at the company to reply back with valuable information. In this specific case, the hacker posed as the CEO and contacted a junior member of the…
Read MoreCalendar Alert: Audit and Cybersecurity Event
Occasionally I call out events in the corporate compliance and audit world that seem particularly useful, and we have another one coming up that’s worthy of your time: a day-long conference in Connecticut of internal auditors and Justice Department cybersecurity experts, to talk about cooperation between government and corporate worlds. The formal hosts are the…
Read More