John Reed Stark is president of John Reed Stark Consulting, a firm that advises companies and corporate boards on data breach response, cyber-security and digital compliance. Stark’s experience with data breaches touches upon all aspects of cyber-incident response, especially during early phases of crisis management, and forensic analysis. Stark’s lengthy career includes: almost 20 years with the SEC’s Division of Enforcement; over five years as managing director of an international cyber-security and data breach response firm; and an early stint as special assistant U.S. attorney in Washington, D.C.
Weak cyber-security is as much a hallmark of corporate mismanagement as poor corporate governance, bad tone from the top, and check-the-box compliance. But by taking the due diligence aspects of cyber-security seriously, compliance officers can turn data protection into an opportunity. John Reed Stark has more.
A recent incident at Vanguard in which the company unintentionally sent 71 e-mails pertaining to different customer transactions to a random Vanguard customer triggered a flawed response from the company that demonstrates how SEC-registered entities can underestimate just how difficult it is to manage customer data-related predicaments. CW’s John Reed Stark shares some imperatives for surviving a customer data crisis, while emerging stronger, healthier, and more successful.
The Securities and Exchange Commission has broad subpoena powers that this dedicated corps of highly credentialed professionals—inspired by a noble sense of mission, and rich with a long history of investor advocacy—tries to use in the best way possible. But when it comes to issuing subpoenas for electronic storage devices, the SEC needs a reality check against asking too much of its witnesses with overly broad requests that might actually do more harm than good.
Penetration testing is the exercise of testing a company’s cyber-security defenses, and finding the right “pen tester” to do that can be difficult. Learn how to find the right blend of capable, trustworthy, and innovative cyber-security professionals. More inside.
Though data breaches are inevitable, companies still remain too focused on fortification rather than response, failing to adopt to the harsh realities of rapidly emerging international and multifarious cyber-security threats. Inside, columnist John Reed Stark recommends a three-step cyber-security transformation for companies to undertake to combat recent rapidly evolving cyber-dangers.