Brett the CEO of flayton electronics learns that the security of its customer data has been compromised and they are faced with tough decisions about what to do next. Data breach was noted after examining fraudulent accounts in the bank and a common point of purchase for an above number of bad cards realized.
Don't use plagiarized sources. Get Your Custom Essay on
just from $13,9 / page
The CEO after surveying through the internet he realized that data theft was apparently common, and companies could be breached in various ways. The thieves stole credit card information, social security numbers, bank account information, and even e-mail addresses. He learned that criminals were become increasingly clearer and that no one was immune. He took some comfort in his company’s having recently spent considerable time, and money becoming compliant with new payment
Card Industry Or PCI, Standards For Data Protection.
A routine analysis by union century Bank fraudulent credit card charges identified purchases at Flayton’s on almost 15% of the cards in a batch of about 10,000 compromised accounts so roughly 1,500 in all. It was a surprising high number for a routine check. Union century had begun to notify other banks as well as visa and MasterCard, to see whether they had observed similar patterns.
The CEO wondered whether the firm’s PIC compliance would provide sufficient protection. He resorted to informing the customers that their accounts have been compromised.
Laurie had briefed key managers about the data chain. The chain itself was simple, but identifying its weakest point was not at the cash register, a customer presented a payment card, which was swiped through the reader. The information from the card and the specifics of the purchase were transmitted to a bank for approval or rejection. It all happed in seconds. Transaction information was stored on company computers and showed up in a number of reports.
Detecting how data was hacked was difficulty, could the card reader have been hacked, could the data lines between the stores and bank have been topped, were the stored data secure, might someone have inserted code into the company’s software to divert certain information to a remote computer, could it have been an inside job or the job of somebody who had been fired.
Laurie was really concerned and affected because the bank connected her with the secret service, of handling the investigation because accounts in multiple states were affected. They started running background checks on everyone who could possibly have access to data on the scale of the breach.
The CEO counterchecked all cars, trying to identify causes of hacking. They suggested that they also involve some state and local fraud units on top of the secret service.
The CEO took a step of knowing the real problem to the PCL systems, whether they were compliant. He was informed that it was difficult for the PCL to be compliant especially since they were constantly improving their project in various stages of implementation. Their system had 75% of the PCL requirements.
Core Values at Risk.
The CEO had to work hard in achieving the mission of the company. He had to overlook the following issues; had he been short sighted about the infrastructure needed to run a much larger company, had his company’s needs outgrown the capabilities of his long-term staff, had he left Flayton’s vulnerable by under investing in systems, or had he pushed for too much to fast.
Into the Breach:
By the day’s end, Brett had assembled the top management team to review the crisis in plan. Sergei the person in charge of the computer systems reported finding a hole a disabled firewall that was supposed to be part of the wireless inventory control system, which used real-time data from each transaction to trigger replenishment from the distribution centre and customer recorders from supplies. The system helped keep inventories low, shelves full, and costs and lost sales to a minimum.
With the firewall disabled however, supposedly internal company data were essentially being broadcast. The management suggested that their should be a firewall back up as soon as the caps gives a go ahead. It became difficult for Silgei to tell how the firewall got down. He said that it could have been deliberately or accidental and he also explained that the system is new and things were turned off and on at various times as he was working out the bugs.
The human resources director Ben Friedman, had several personal folders in front of him. The company had five departures of people who were involved with that system in some way. Two of them were registrations one to return to school, one termination for a jailed drug test, and one termination for downloading inappropriate materials using company computers a couple of the human resources director gave, the CEO a couple of suspects. Sally the communication director has presented 3 memo that could have brought Flay ton’s out in front of the story. And it would be the most forthright approach. She had also informed customers by letter that there had been a breach and that the situation was being address.
Darrell Huntington longtime outsides counsel Layton’s informed the management that the company would be sued on a number of breaches; he informed them that other breaches have brought la suits from customers, banks, and even investors. He said that there would be a lot of media coverage whether, they win or lose, and it is all costly. Among the states that are registered with Flay ton three of them require immediate disclose and the other three do not.
The management said that their communication strategy should be not to talk to anyone. They decided to refer the media to the secret service incase they want to know about the case. Darrell argued that for Flay ton to have a good reputation its customers should be informed about how hacking taking place is. Due to a bad reputation competitors will start running promotional specials to lure customer’s away first chance they get.
Brett said that the name of Flayton had a great meaning both to the employees to customers and to the management and she said that something should be done.
How Should the Flayton Electronics Team Respond to the Crisis?
Four commentators have offered expert advice on how to control hacking. The expert has recommended on how to react to news of a security breach.
How to react to news of a security breach at your company is a practical matter much more important than what actually happened, it will depend on how you communicate it to the various stakeholders.
The experience of one expert offers an excellent illustration. Their company in 2005 was a victim of a fraud scheme in which criminals posed as customers to obtain the personal information of 145,000 people from their data system.
The experts agonized over choosing the right strategy for alerting consumers whose data may have been obtained. They notified everyone believed to be at risk, they updated employees daily, and had frequent conference calls with managers and officers.
They took preventive steps including abandoning a line worth $ 20 million because of its potential to risk a future data breach. Changes in culture occurred where every employee had to pass yearly privacy and security training course as condition of employment. The expert noted that many points were beyond control like the media can be a huge distraction
The expert advised Flayton Electronics, to move swiftly in the face of crisis. Beyond fixing the firm’s weakens in data security, CEO Brett Flay ton must develop a brand restoration strategy. The company should, notify the affected customers rapidly, set up toll-free information holiness, and offer credit-monitoring services. Then they must exceed these basics with a broad range of extras to keep customers loyal.
Communication will also need to evolve to demonstrate responsiveness to developments. Tone is very important. Public statements must not only be accurate, but sincere, contrite, and honest. Layton’s will also have to address the influence of blogs, viral videos, and other social media.
Finally, Brett and his team will need patience in spades. The problem will not go away when the headlines do.
Messages from second expert-Bill Boni the corporate information security offer for Motorola. He said that businesses that are serious about protecting their data should have a high-level of information protection. He said that being full PCL compliant is of course, a vital first line of defense against data theft. During his tenure in information security, hobbits hacking had evolved to become a much more sophisticated, parasitic extraction of valuable data from targeted organizations. To protect data companies and people should invests heavily in some of the best protection technology available.
To prevent and cope with data breaches, you need people on hand with the digital expertise to match with tech-savry cyber criminals and to understand the system they are targeting. You can assemble an internal team of lawyers, accountants, and experienced digital-forensic investigators enforcement or defense agencies. Armed with facts from experts yet to be assembled Flayton should put law enforcement on notice that the company exists to serve customers and maintain its reputation. Until flay ton’s thoroughly understands its security status, it risks making poor choices.
The third expert John Philip Coghlan-He says that data breach can put an executive in an exceeding complex situation, where he must negotiate divergent interests multiple step holders. According to John Philip Coughlin Flayton electronic must communicate immediately to its customers, by using contact information from the stores own database. Also, Brett should make sure that Sergei addresses the known technological weakness immediately. Customers will want to know when the system is safe again, making data security a priority for the future.
The forth expert Jay Foley- says that the expert, at Flayton electronic are being misinformed by Darrell Huntington, their outside counsel. The companies that get sued are not those that are first to go public about a data breach but those that do so poorly.
According to Joy Foley law enforcement officials have asked Flayton’s to remain tight-lipped while they do their work, to give them a better chance of apprehending the criminals. If Flayton’s rushes into a public announcement, the bad guys have the chance to disappear.
According to Joy Foley the company’s first action should be to reduce the risk of future theft by any data-transaction loopholes that this incident has brought to light.
Remember. This is just a sample.
You can get your custom paper from our expert writers