In “Boss, I Think Someone Stole Our Customer Data,” four potential solutions for the problem of Flayton Electronics’ recent security leak, in which thousands of customers had their information leaked and abused due to a downed firewall that left them vulnerable. The company must determine what step to take next - this paper will address the most effective of the four commentaries, and the project management plan that arises from it.
James E. Lee’s solution, involving repairing the weaknesses in the firm’s data security, is the most effective solution available to them. In his commentary, Lee states that the company must move quickly in order to address the lawsuits that are sure to occur, as addressing the situation as fast as possible will prevent people from having a case for them hiding this information from their customers. This will provide effective risk management, lessening the likelihood of damage the company receives from this development (Alexander & Sheedy, 2005).
In addition to ensuring the data security of the company and fixing those weaknesses, brand restoration has to take place. The biggest problem that Flayton faces is the decimation of their reputation and the trust that customers are meant to have in them. The restoration of their data security will not mean anything if steps are not taken to appease the customers and urge them to stay with Flayton Electronics. The customers must be given immediate transparency, as that will make them feel like a part of the process, and the steps to provide customer support will make sure they are taken care of. The most important thing to consider is responsiveness; seeming like they are on top of a situation is much better than hiding things from the customers, who will suspect a problem if nothing is told to them.
James E. Lee’s report suggests the following actions:
Fixing firm’s weaknesses in data security
This is the first priority, as the basics of network and data security must be attended to so another attack like this does not happen again.
Develop brand-restoration strategy
A close second in priority, steps must be quickly taken to ensure the perception that Flayton is a transparent company that respects its customers and is honest with them. The following steps outlined by Lee can provide incentive for existing customers to remain with Flayton, and lessen the negative perception of the company:
Notify affected customers rapidly
Set up toll free information hotlines
Offer credit-monitoring services
Offer discounts and sales
Meet with critics of company
Develop and promote new web pages outlining reforms
Develop responsiveness of developments in communiqués to stakeholders
These keep the customers well-informed on the process that Flayton is taking to address this very public and dangerous breach of security. To leave customers out of the loop on their data being stolen would be nothing short of criminal, and so the better solution is to own up to the error as quickly as possible and enlist the help of the customer in solving this crisis. These steps help to do that, while making the customer feel like a part of the solution. Involving them in the fixing of the problem will engender greater customer sympathy.
In the case of Flayton Electronics, the problem occurred when the firewall in the wireless inventory-control system was left open, allowing the customer information and internal company data to be broadcast for all to see. From this downed firewall, which had been open for an indeterminate amount of time, the data was easily hacked into and retrieved, due to negligence on the part of the data security staff. This came as a result of severe lack of oversight and continuity between the staff who oversaw the system; they had left it down at some point for whatever reason, and forgot to take it back up.
In light of this particular problem, the most helpful solution is to find a way to make sure that firewalls are never down. This can be done through ensuring a trustworthy, loyal staff that avoids the quick turnover problems that were encountered in those previous positions. Providing greater financial and benefit incentives to these employees could facilitate longer retention of staff. What’s more, the networking department should have tighter oversight, with more dedicated and long-working staff maintaining control and supervision over the areas the newer employees are overseeing. This would prevent sections of data security from being forgotten about by fired or resigned employees – supervisors would be able to access their files and projects at any time, and scheduled, detailed network security scans should be implemented to detect any holes in security at any given time.
Flayton Electronics requires a substantial change in its data security measures, as recent history indicates. In order to prevent future breaches, the existing holes in data security must be filled, and precautions must be taken to prevent this same incident from occurring again. In this project management plan, measures and safeguards will be detailed to make the changes necessary to make the data security sufficient once more. Maintaining the safety of the network infrastructure is absolutely vital to the continued success of the company (Moteff, 2005).
As the primary problem was the firewall downage, this is the most important factor to address. Regular security scans must be performed on a twice-a-day basis to perform a thorough check on the status of the firewall and overall network security. These would be supervised by the network administrator, and would be comprehensive to ensure that no intentional leaks were created. Brand reputation would be restored through transparency in these checks; reports on network security would be emailed to customers to ensure that they know the status of their information.
Supervisors and network administrators would be given master codes to oversee all aspects of network software and hardware, and higher starting salaries and benefits would be offered to network security personnel, thus decreasing the chances of turnover (Stoneburner et al., 2002). In the event of personnel changes, steps would be immediately taken to ensure that all of their work is recognized and finished for them. Potential obstacles would be the budgetary restrictions of that department, which might already be thin, if the employee turnover is sufficiently high (Gorrod, 2004).
With the help of these measures, Flayton Electronics can prove itself a trustworthy and secure company to provide one’s contact information to. The retention and security of one’s personal data is a big component in deciding whether or not to continue business with a company – as a result, this is one of the most important factors in a company that deals primarily with this information. Through using a project management and risk assessment plan based on James E. Lee’s commentary, which emphasizes the repairing of data security and the restoration of brand reputation, Flayton can find the most effective and expedient way to repair its business after this catastrophe.
Alexander, C. and Sheedy, E. (2005). The Professional Risk Managers' Handbook: A
Comprehensive Guide to Current Theory and Best Practices. PRMIA Publications.
Gorrod, M. (2004). Risk Management Systems: Technology Trends (Finance and Capital
Markets). Basingstoke: Palgrave Macmillan.
McNulty, E. (2007) Boss, I think someone stole our customer data. Harvard Business Review
Sept 07: 48-56.
Moteff, J. (2005). Risk Management and Critical Infrastructure Protection: Assessing,
Integrating, and Managing Threats, Vulnerabilities and Consequences (Report). Washington DC: Congressional Research Service.
Stoneburner, G.; Goguen, A. and Feringa, A. (July 2002). Risk Management
Guide for Information Technology Systems. Gaithersburg, MD: National Institute of Standards and Technology.