Friday, March 5, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

Target Lessons – Another Reminder on Responding to Employee Concerns

by Michael Volkov
February 24, 2014
in Risk
Target brand logo

Ken Wolter / Shutterstock.com


Target’s consumer data breach was massive in scope and impact – 70 million consumers had their payment information hacked/stolen, along with other personal information.  Federal and state regulators are now picking through the morass to assign blame, responsibility and extract penalties and promises of reforms and improvements.

Recent press reports have revealed that Target’s senior management had been warned internally about vulnerabilities in its payment card system.  Members of Target’s computer security staff raised concerns about this specific issue weeks before the hacking attack occurred.

Target’s failure to act is just another example of second-guessing senior management and Board oversight in the wake of a corporate scandal.  Each senior manager now will be asked why he or she did not take these warnings seriously, assuming they were even aware of the specific warnings.

In many cases, the failure of a company to react to important information raised by managers and employees can be a very important indication of information sharing and management processes.

A company like Target can take this information and review it for how they can do things better in the future.  It is important to analyze where the information breakdown occurred.  Was the information accurately communicated in the organization?  Did the recipients of such information appreciate the importance of the warnings?  If not, why not?

Senior managers have to assess their own performance in the handling of such important information.  When a warning of a data security issue is known, what are the expectations for how such information is reviewed, assessed and acted upon?

Mistakes can lead to improvements in corporate decision making.  Information flow is the key and companies spend millions of dollars analyzing their own information sharing and assessment systems.  As reflected by the Target scandal, it is money that is well spent.

The Target attack was a sophisticated hacking that was directed at a well-known vulnerability in its system.  The hackers entered Target’s payment system through a Target vendor and crossed from the entry system over to Target’s payment system, an event that should have been prevented by basic techniques used to wall off a retailer’s payment system from other parts of its computer network.

The attack against Target occurred because of this specific vulnerability.  This strategy is referred to as “segmentation.”  In Target’s case, the payment system should have been segmented from other components of its software system.

In the aftermath of most corporate scandals, companies usually find that key actors involved in the incident failed to appreciate the information or were never given adequate information to prevent a problem from occurring.  Sometimes companies find that key functions have been compartmentalized and prevented key actors from having access to critical information needed to identify a problem.

In the Target case, it seems like the problem may be a little different – key decision makers failed to respond to important warnings.  The information was available but no one reacted or took responsibility for responding to the warnings.

Not all failures to act are the same – they can differ in how the underlying process unfolded – who knew or did not know the important facts?  Who acted or failed to act in response to the important facts?  These are the usual questions and they usually generate some interesting responses.


Previous Post

The FCPA and Fight Against Terrorism

Next Post

Encryption and the Payment Ecosystem

Michael Volkov

Michael-Volkov-leclairryan Michael Volkov is the CEO of The Volkov Law Group LLC, where he provides compliance, internal investigation and white collar defense services.  He can be reached at mvolkov@volkovlaw.com. Michael has extensive experience representing clients on matters involving the Foreign Corrupt Practices Act, the UK Bribery Act, money laundering, Office of Foreign Asset Control (OFAC), export controls, sanctions and International Traffic in Arms, False Claims Act, Congressional investigations, online gambling and regulatory enforcement issues. Michael served for more than 17 years as a federal prosecutor in the U.S. Attorney’s Office in the District of Columbia; for five years as the Chief Crime and Terrorism Counsel for the Senate Judiciary Committee, and Chief Crime, Terrorism and Homeland Security Counsel for the Senate and House Judiciary Committees; and as a Trial Attorney in the Antitrust Division of the U.S. Department of Justice. Michael also maintains a well-known blog: Corruption Crime & Compliance, which is frequently cited by anti-corruption professionals and professionals in the compliance industry.

Related Posts

blue road sign with arrow on black asphalt background

Dynamic Risk Governance: Linking Strategy and Risk Management

February 15, 2021
three red dice on green felt tabletop

The COVID Trio: 3 Top Risks from a Year of Upset

February 4, 2021
Deloitte: Global Risk Management Survey, 12th Edition

Deloitte: Global Risk Management Survey, 12th Edition

February 2, 2021
illustration of businessman holding giant shield to protect him from falling arrows

Is Your Risk Culture Aligned With the Realities of the Digital Age?

February 2, 2021
Next Post
coded key inserted into binary code

Encryption and the Payment Ecosystem

OneTrust offers download to demonstrate privacy management leadership
Access realtime data
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence ESG fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights