The Ashley Madison Lesson – Part 2

People are, of course, focusing on the sensational aspect of the Ashley Madison data breach. But since this has really captured the attention of so many people, I should like to point out something about the data that was stolen and shared with the public (so far).

There are, of course, information about the members, their profiles, their login information, their credit card transactions, etc. But it also includes loan agreements, compensation records, corporate bank account information and corporate strategy plans, including domains registrations. Even if this was an isolated incident that had already been contained, the whole business is not at risk.

This data breach now may have breached the Chinese wall. Chinese wall is an information wall that protects firms by blocking employees from being able to access information about a client when their interests present a conflict. All the work that was done to create that wall now must be examined because the wall is still there but this breach has served the information on a silver plate, no effort needed by the employee. This isn’t to say that employees are trying to breach the Chinese wall, but they may do so inadvertently.

Some refresher notices and training should developed to remind people about conflicts of interest issues, including changes in policies and procedures being made to adapt to the post-AshMad world. There isn’t much more that can be done on the compliance front because the rest is a technology issue. Some new testing of controls might also be required, now that there was a leak.


Do you have an account on Ashley Madison?
Shhh… I won’t tell…


About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and other clients manage investigations and regulatory responses.


btn_donateCC_LG

Advertisements

The Ashley Madison Lesson – Part 1

Ashley Madison Home Page Background

The Ashley Madison data breach scandal is exploding because of the nature of the business, but technologically it is no different than any other breach scandal: some hackers found a way into a system, stole data, and then released it to the public. Okay, so that last part doesn’t always happen. In the case of most credit card data breaches, the information is auctioned off in the Dark Web.

For compliance officers, there’s an additional issue: insider information. It is unfortunate to find out that one of your traders’ Ashley Madison account has initiated divorce proceedings. Even worse, that trader may have used insider information to brag about his role in an important market movement. Or maybe your trader created one of those fake accounts and has been targeting traders at other banks to milk them for information. Essentially, any place where there could be interaction between people is a information security risk. And sites where people must keep mum are places where legitimacy must be won in ways other than outright bragging. This is the kind of situation that could easily lead to slip ups.

If your trader, or anyone else at your institution, has been found to be using Ashley Madison, now that their identity is assuredly exposed along with information they might have shared on their profiles or in messages, an investigation must be performed to make certain that nothing else has been leaked.

 


Do you have an account on Ashley Madison?
Shhh… I won’t tell…


About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and other clients manage investigations and regulatory responses.


btn_donateCC_LG

KYD Mean Know Your Data

http://datamigrationresources.com/
Data Migration from Data Migration Resources

Knowing your data is very important and I find that many bankers think they know data. I’m not exactly sure what they are envisioning, but if they are envisioning pivot tables and vlookups, then they know about as much as a freshman MIS student after week of classes. (MIS means management information systems.) All systems can be configured to generate data.

This subject is just too big to even do an overview, which would take a semester worth of  classroom work. The best thing for any organization is to make sure to hire a team of technical experts in both computer sciences and statistics to manage and analyze data to get a good understanding about what the data is saying. For now, I will just briefly mention the two sides of KYD – data management and data analysis. Knowing one does not make one remotely close to knowing the other.

Data Management is the work of software and hardware professionals who keep data like inventory. They are often under-appreciated. For the data layman, data management looks like a bunch of overpaid people who move around bits of information from one server to the next. Data Analysts, however, know how crucial these people are. In order to do data analysis, understanding of all of the issues to maintain data analyzable is incredible difficult, especially as the organization gets larger. Size of data sets present technical problems that most people do not encounter, but data analysts do. Software often cannot handle computing data set size beyond a certain point. Data managers are the people who solve these issues, making it technically possible for data analysts to do their work. Also, data managers can keep data safe from corruption or breaches in security or controls.

Data analysts have received lots of attention over the past decade. Almost all consuming facing internet now is feeding data centers so that analysis about potential customers can be mined. But newspaper reporters are often poor interpreters of data. So, reading their work might lead one to have false sense of confidence about this topic. The only place I can think of right now that a data layman can go for news and data analysis is Nate Silver‘s Five Thirty Eight, the blog that first used to do data analysis of baseball stats and then turned to using the same type of analysis to predict presidential campaign results for every county in the United States. In 2012, he correctly predicted the presidential election results for each state and 31 of the 33 senate elections as well. This type of work cannot be done through mere argument. One cannot convince someone else of the correctness of a prediction. One must simply wait for the results. And then one must analyze whether the predictions were correct due to luck or predicted causes.

Opinion

In order for banks to be able to better protect their businesses from cybercrime and enhance business opportunities, they will need to hire data managers and data scientists in every area of the bank. Currently, most of these people are in operations. But this simply isn’t going to be enough. A large portion of the world, even a large portion of Americans, are not in the traditional banking system and now they are being provided options without having to join the banking system. This is good for an economy up to a certain point. And then it will hinder economic growth. Why? Because banking is the industry that finds excess money and invest into areas of the economy that needs money. Providing transaction services might facilitate transactions that could not be done before but as long as those funds never enter the banking system, governments will be required to borrow more money to fund their private sector growth, rather than private sector figuring it out for itself.