Chris Coonan, CEO, has departed with immediate effect citing “…the changing nature of our business and market conditions – combined with major reputational challenges caused by the recent cyber-attack – has changed the requirements for this role and the executive leadership of LMW”.
He probably didn’t have a direct hand in leaving a programming interface exposed on a public server (it was later used by a yet-unknown party to access the data of individuals), but he’s been made to give up his circa $300k job as the company addresses its clients’ calls for blood in the wake of the scandal.
If you haven’t been following the story, the listed property valuation company entered a trading halt in February after all its major clients suspended their business with the firm. That action followed the disclosure in February that an Application Programming Interface, or API, that was designed to allow external services to use the LMW dataset, was exposed on a public server from late December through to January 23rd and that during that time, a data breach containing 137,500 individual valuation records had occurred.
Arguably, the way the incident was handled was worse than the exposure of data in the first place, contributing to the response of the clients and the CEO’s departure, but that’s the kind of thing that should be part of a data breach response plan precisely because it’s hard to think clearly and react well when you’re under pressure.
Mistakes will always happen even in the most tightly-controlled working environments, but the risk of a mistake that costs your job can be mitigated by a thorough ICT Security Audit and associated Data Breach Response Plan.
If you’re a CEO or CFO or Chairman of the Board of a company dealing with any kind of personally identifiable information (PII) and you haven’t had a security audit in the last 12 months, you’re running the risk of the same outcome as poor Chris Coonan.
If you have decided to conduct an audit, don’t make the mistake of asking your current IT provider to carry it out. There’s a fundamental conflict of interest that cannot be excluded in that arrangement. You must conduct an independent audit to be sure that a light has been shone into all the dark corners of your business and how it secures the information it contains.
That’s where we come in. Give us a call on 1300 667 871 and let’s talk about your particular situation. It could just save your job.