Category Archives: Risk Management

How a Sneaky Data Hack Increases Liability Risks for Corporate Directors

Adsero Security develops long-term solutions that are supported by written policies. Issues arise such as hacking. This can be prevented via penetration testing. Check out this article about how easy it is for organizations to be hacked.

Directors Facing Increased Liability for Data Breaches

Because two of my clients – 360 Advanced and Adsero Security – provide IT data breach auditing and remediation services, I was especially interested when I learned of how a major corporation had been so easily hacked recently.

The hackers got inside the corporation’s accounts payable department and had a pretty hefty check sent to them, which was cashed and cleared. The corporation’s vice president for information technology (IT) and his team reported to the board at its monthly directors and management meeting that “everything’s OK now.”

Is it? Could the hackers still be inside, or worse, inside the company’s vendor and partner IT systems?

“Duty of care” Demands Auditing Risks as Hacks Increase

Statistics show that once data thieves are in, they can hide for months undiscovered until they strike again – this time at an even greater cost to the victim and their vendors and partners. Data thieves got inside Target through an air conditioning/heating vendor and loitered at their leisure, and Yahoo! and Equifax still aren’t certain who or how they were breached.

Which brings me back to the corporate board of directors. The corporation victimized by the hackers in this instance has not had an outside, third-party audit of its IT systems and data security processes and protocols by a QSR – Qualified Security Assessor. Could that failure lead to a lawsuit against its officers and directors for failure to exercise the concept of duty of care when there is another future hack? With news of major hacks every day now, should boards be more diligent in ordering management to have such audits? Read more »