Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Boss I think someone stole our customers
Flayton Electronics Case Study
Brett Flayton, CEO of Flayton Electronics, is facing the most critical crisis of his career when it is discovered that 1,500 of 10,000 transactions have been compromised through an unprotected wireless link in the real-time inventory management system. Brett has to evaluate his obligation to let customers know of the massive leak of private data, define a communication strategy that would notify customers across all states of the potential security breach, and also evaluate the extent to which the Flayton Electronics' brand has been damaged in the security breach. In addition, steps that the company can take in the future to avert such a massive loss of customer data also needs to be defined and implemented.
Assessing the Obligations to Customers vs. Keeping It Quiet
Ethically, Brett Flayton has a responsibility to tell the customers immediately of the security breach (Sanderson, 2011). How he chooses to sequence the communicating of the breach to customers has clear implications on the ongoing investigation by the security service. It will also have a major impact on the ability to completely solve the firewall situation, determine if it was negligence or if in fact the company was hacked, and whether those responsible have greater control than the senior management team at Flayton Electronics realize.
In all data breaches there are major impacts on profitability and long-term viability of a business (Gatzlaff, McCullough, 2010). The costs associated with a data breach, both directly and indirectly, can cripple a business. Worse still, not responding at all and being seen as trying to cover it up can virtually assure a business will not be trusted anymore. Brett, the CEO, must decide if this risk is worth taking or not, and whether disclosing the information to customer's would lead to the investigation being compromised. The also has to consider how pervasive the potential link is as well.
Based on these considerations and the potential that customer's...
Before making the statement however he needs to contact Experian, Transunion and Equifax, the three top credit reporting agencies, and tell them the credit cards numbers that have been breached. He also needs to pay for lifetime monitoring for all credit cards and identities of those affected, offering it to the victims of the theft at no charge if they choose to enroll. He needs to move beyond just protecting his company to actively protecting his customers too, no matter what the cost.
Proposed Communications Strategy
Brett needs to push his CIO to complete a thorough audit in less than 24 hours and lock down the entire IT complex of systems immediately to make sure there are no additional threats. This is a vital first step to ensuring that any and all promises made during the communications plan will be capable of being kept. When dealing with data security threats and the communications plan to inform the public and customers, it's critical that the catalyst of the communication strategy be based on actions already taken and verified as effective, which underscores responsiveness and urgency (Kelly, 2005). The senior management team at Flayton also needs to define the future data protection strategy, showing that they are entirely focused on deterring any activity like this in the future (Sanderson, 2011). In short there must be a very concerted, enterprise-wide security strategy defined and a strong platform of deterrence also described so the communications plan resonates with credibility.
Starting with an emergency security plan completed and deterrence in place, even if it meant working 24/7 until done, then the communications plan would be ready to go. The first phase of the communication plan would be personalized letters to the 1,500 people known to have had their credit cards compromised. In the letter would be the numbers of Experian, Equifax and Transunion, and an offer of lifetime credit monitoring and identity protection with all for free…
References
Aldhizer, George R., I.,II, & Bowles, John R.,,Jr. (2011). Mitigating the growing threat to sensitive data: 21st century mobile devices. The CPA Journal, 81(5), 58-63.
Gatzlaff, K.M., & McCullough, K.A. (2010). The effect of data breaches on shareholder wealth. Risk Management and Insurance Review, 13(1), 61-83.
Gregory, A. (2008). Conserving customer value: Improving data security measures in business. Journal of Database Marketing & Customer Strategy Management, 15(4), 233-238.
Kelly, C. (2005). Data security: A new concern for PR practitioners. Public Relations Quarterly, 50(2), 25-26.
sorts of legal protections should BUG have. Bug automatically has protection of its trade secrets, which involve confidential issues such as product plans and new designs, any sort of business proceedings, and products under development prior to patent application. Bug does not need to file anything to maintain these rights other than take all reasonable precautions to keep them secret, such as informing employees that these are trade secrets, refraining
Coffee and Life As the story goes Kaldi, a goat herder in Ethiopia in the year 850, noticed that his goats were acting a little strange. They were dashing around the fields and for some reason seemed to have a lot more energy than they normally did. This behavior continued for some time and the goat herder began to think that they had eaten something to make them act this way
In "Piaf," Pam Gems provides a view into the life of the great French singer and arguably the greatest singer of her generation -- Edith Piaf. (Fildier and Primack, 1981), the slices that the playwright provides, more than adequately trace her life. Edith was born a waif on the streets of Paris (literally under a lamp-post). Abandoned by her parents -- a drunken street singer for a mother and a