Sunday, March 7, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

Protecting Yourself Against Data Breach: Don’t Be a Target

by Shamoil Shipchandler
May 12, 2014
in Risk
Protecting Yourself Against Data Breach: Don’t Be a Target

with contributing author Chris Rentzel

On May 5, 2014, Target Corporation Chief Executive Officer Gregg Steinhafel resigned after having been with the company for 35 years, another casualty of the massive data breach that continues to damage the nation’s third-largest retailer. The data breach already claimed the job of Target Chief Information Officer Beth Jacob, who resigned shortly after the breach had been discovered and disclosed. But both of these high-profile resignations pale in comparison to the impact on Target itself, its business, its profits and its future.

The data breach occurred around November 12, 2013, at which time hackers began to access more than 40 million credit card numbers and 70 million addresses, phone numbers and other personal information. From that time through February 1, 2014, Target spent a whopping $61 million responding to the breach. This total does not include the costs (and potential liability) incurred in the more than 90 lawsuits filed against Target by their customers and banks, and it does not account for the fact that Target’s holiday sales fell by more 46 percent from the same quarter in the previous year due to shaken consumer confidence. Also, the $61 million does not capture the spectacle of Target Chief Financial Officer John Mulligan appearing before the Senate and testifying that Target was “deeply sorry” but that it failed to have responded to multiple intrusion warnings from its software prior to the breach.

The Target breach was followed by high-profile breaches at Neiman Marcus and Sally’s Beauty Supply, although none on the same scale as Target. Nonetheless, corporations remain at risk and the risks remain much the same: costs to repair the damage, costs to secure their systems, costs to repay the consumers, losses in profits, losses in consumer confidence, and lawsuits seeking damages for alleged negligence. Intense media and Congressional scrutiny have classified all data breaches as direct attacks on privacy, and any company that has possession of personal identification information should consider itself in possession of potentially explosive material.

The above description is the external view – in other words, how the public at large perceives the corporation. But what about the corporation itself? What should it be considering when faced with a data breach? Very little is going to prevent determined thieves from getting into protected systems, even well-protected systems. But the company’s response – from containing the damage to communicating with the public – will largely dictate whether it can survive intact.
So, in the event of a data breach we know the following must happen:

1. You’ve got to do something. There is a saying that ostriches bury their heads in the sand at the first sign of danger on the notion that if they can’t see reality, reality can’t see them either. But this is a myth. Actually, at the first sign of danger, ostriches take off running, at speeds of up to 40 miles per hour. Now, we are certainly not suggesting that a corporation flee from a data breach. But taking no action – much like what Target was criticized for doing – is tantamount to disaster.

2. You’ve got to do something fast. This is the age of instantaneous communication. Twitter, Facebook and many other forms of social media mean that information spreads at the click of a button, whether it is true or not. This places tremendous pressure on the victim of a data breach; the longer the delay, the more likely it is that the corporation will lose control of the news cycle. Target’s delay in responding to the data breach – a delay measured in weeks – was eons in Internet time. In the void created by Target’s silence, the narrative wrote itself.

3. You’ve got to do something effective. Effectiveness is measured in many different ways, and your response is going to involve corporate multi-tasking on a level that you will rarely ever see. For example, the corporation will need to provide information to law enforcement and its regulators, notify customers, publicly acknowledge the breach, repair the breach and protect the systems, almost all simultaneously.

Knowing this makes the takeaway lesson simple: every single corporation that has access to personal information must have a crisis response team and a crisis response plan. The team is a collection of key individuals who understand technology, communications and the core business; the crisis response plan sets forth the steps that must be taken in the event of a data breach. The plan must be rehearsed until it is second nature, and it must be continuously updated. Practice does make perfect.

The best course of action is to pair your experts – the people that know your business and your technology – with outside experts – people who know communication, law and technology. This concerted effort can make your corporation avoid being a target … or a Target.


Previous Post

Increase the Number of Women on Corporate Boards

Next Post

Data on the Move: The Evolution of Mobile Tech and Compliance

Shamoil Shipchandler

Shamoil Shipchandler headshot 5-12-14 (457x640)Shamoil T. Shipchandler is a white collar defense partner at Bracewell & Giuliani in Dallas, where he counsels corporate and individual clients regarding statutory and regulatory compliance and advises companies and corporations who were victimized through white collar crime or cybercrime.  Previously, Shamoil was a former Deputy Criminal Chief with the United States Attorney’s Office for the Eastern District of Texas, where he served for nearly 10 years as the Attorney-in-Charge of the Plano Office and as the Asset Forfeiture Chief. During his tenure with the Department of Justice, Shamoil handled the prosecution of some of the largest and most significant complex white collar matters in North Texas, including cases involving securities fraud, mortgage fraud, tax evasion, bank fraud, mail and wire fraud, computer sabotage, money laundering, public corruption, theft of trade secrets and immigration fraud. Shamoil is a frequent nationwide instructor regarding trial techniques, professional responsibility, asset forfeiture, money laundering and substantive white collar crimes. Shamoil has developed and presented financial investigations courses to U.S. Attorney’s offices and local state and federal law enforcement, as well as to Bosnian and Macedonian prosecutors and judges. Shamoil received the 2011 Director’s Award, a Department of Justice-wide recognition, for his work in the United States v. Barry, et al. prosecution. He can be reached at shamoil.shipchandler@bgllp.com  

Related Posts

blue road sign with arrow on black asphalt background

Dynamic Risk Governance: Linking Strategy and Risk Management

February 15, 2021
three red dice on green felt tabletop

The COVID Trio: 3 Top Risks from a Year of Upset

February 4, 2021
Deloitte: Global Risk Management Survey, 12th Edition

Deloitte: Global Risk Management Survey, 12th Edition

February 2, 2021
illustration of businessman holding giant shield to protect him from falling arrows

Is Your Risk Culture Aligned With the Realities of the Digital Age?

February 2, 2021
Next Post
Data on the Move: The Evolution of Mobile Tech and Compliance

Data on the Move: The Evolution of Mobile Tech and Compliance

OneTrust offers download to demonstrate privacy management leadership
Access realtime data
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence ESG fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights