Featured Product
This Week in Quality Digest Live
Quality Insider Features
Eric Whitley
Seven tips for efficient maintenance
Rick Gould
As climate change reveals the vulnerabilities of infrastructure, ISO is providing the tools to assess risk and adapt to it
Alonso Diaz
The need for transparency in a changing regulatory landscape
Zhanna Lyubykh
Consequences and costs of abusive supervision
Dario Lirio
Modernization is critical to enhance patient experience and boost clinical trial productivity

More Features

Quality Insider News
Reduces the time it takes to complete an XRF measurement
Hexagon’s calibration service meets advanced manufacturing needs in Canada
Attendees will learn how three top manufacturing companies use quality data to predict and prevent problems, improve efficiency, and reduce costs
Unique global product configuration event fosters an atmosphere of learning, not selling
Project annotations, images, videos, and more in a stereo microscope’s field of view
More than 40% of directors surveyed cite the ability of companies to execute as one of the biggest threats to improving ESG performance
How to quickly prototype 4x machine vision applications on one small embedded system
Industry research finds sustainability challenges remain for automakers in the electric vehicle market

More News

Paul Naysmith

Quality Insider

Right on Target

Business continuity management in the age of data theft

Published: Monday, February 3, 2014 - 11:58

I’m one of those 40 million customers who had their bank card and PIN stolen while shopping at Target, one of America’s largest chains of general super-stores. Like most of the affected consumers, I first heard about the breach from my bank, another large network known as Chase. In a very frank email that arrived a few days before Christmas, I was told I’d be limited to $100 cash ATM withdrawals, a $300 spending cap per day, and would soon receive a new card and PIN in the mail—all because of a security breach at a place where I shop for food.

For weeks U.S. television and online news networks lambasted Target’s poor defenses and how awful its response was to its customers. Personally, I thought Target did a good job of managing the issue. It gave out 10-percent discounts during the weekend before Christmas to all who passed through its doors, along with free credit checks to any customer who asked. I’m sure that behind the scenes, Target was tightening security and working with law-enforcement agencies to find the perpetrators.

We now live in a world where, thankfully, we are starting to see a reduction in violent organized crime. The BBC even went to great lengths to provide a study concluding that “the number of robberies on British bank branches has dropped by 90 percent in the past decade,” and that the “bank job” is a thing of the past. This is great; it’s an improvement in the quality of life, since I would never wish to have a sawn-off shotgun thrust in my face during my daily work routine, or carry the permanent emotional scars that would persist afterward.

However, as criminals become smarter going after this valuable commodity called “data,” we must be prepared for more “card jobs.” Unfortunately, I’ve been a victim of card fraud multiple times. I believe I’m particularly careful with my data, spending habits, and choice of where and how I buy, but the “bad guys” somehow have gotten my information. Although I’m sure my bank and retailers work hard to protect my data, I sense that criminals are working harder to overcome every new blocker put in their way.

How banks, retailers, or companies deal with the aftereffects of cyber-crimes has come under intense scrutiny. If I had the gift of prediction, I’d foresee that we’re entering an age of improved customer-based disaster management from businesses. This will be nice, but I think businesses would be wiser to put that same energy into preventing the crime from occurring in the first place.

All this got me thinking about how I would deal with a data breach at my workplace. What post-event, mitigating measures are in place? Most companies of a certain size and with a certain QMS maturity have a suite of plans that deal with business continuity, media, or emergency response, and quality professionals often assist in developing or revising these documents. Perhaps Target’s high-profile event can be viewed as a lessons-learned opportunity to improve your company’s business-continuity plans.

If you are like me, naturally you would focus on prevention measures; however, I would strongly recommend taking the time to look into reputation management as well and preparing your executives to address the media. Granted, the data theft at Target was terrible, but the media’s attack on the company’s inadequate safeguards has been equally damaging.

If we cast our minds back a few years to the BP disaster in the Gulf of Mexico, we’ll recall that an unprepared executive put his foot into his mouth several times during his dealings with the media. This was perhaps the worst example of public relations management recorded this century. The consequences to the company only compounded its problems. Even Tony Hayward, BP’s former CEO, was quoted by the BBC as saying the company’s contingency plans were inadequate, and “we were making it up day by day.”

We’re used to polished media appearances, so when we see something that looks like it’s being made up on the spot, we recognize it instantly. Viewers are professionals at spotting a gaffe, and this can be massively detrimental to a company’s reputation, even when compared to the problem that initiated it. History is littered with poor preparation and worse management of companies’ reputations.

So how should we prepare our executives to speak to the media? I’d approach it as I would any contingency measure, by first assessing the impact of the potential event. Identify the worst possible outcome, and from there, determine which stakeholder groups would be affected. Should you find that these include government bodies, community groups, or an international platform, I would state with great confidence that you need to be prepared.

You may be fortunate to have your own internal communications or media group in your business, but if not, many PR companies would welcome the opportunity to consult with or prepare your business. This could involve anything from developing procedures to conducting mock interviews with executives.

For quality professionals, being involved in this aspect of continuity management is a great way to be exposed to new skill sets and ideas that could prove useful in other aspects of your job. Brand image and reputation are very delicate things. You may have the best product or service in the world, but its reputation can be easily destroyed by a few unprepared words from the company’s leaders.

Returning to my own loss of information, this is for the person who took my card information: To help you spend my money faster, my PIN is ****.


About The Author

Paul Naysmith’s picture

Paul Naysmith

Paul Naysmith is the author of Business Management Tips From an Improvement Ninja and Business Management Tips From a Quality Punk. He’s also a Fellow and Chartered Quality Professional with the UK’s Chartered Quality Institute (CQI), and an honorary member of the South African Quality Institute (SAQI). Connect with him at www.paulnaysmith.com, or follow him on twitter @PNaysmith.

Those who have read Paul’s columns might be wondering why they haven’t heard from him in a while. After his stint working in the United States, he moved back to his homeland of Scotland, where he quickly found a new career in the medical-device industry; became a dad to his first child, Florence; and decided to restore a classic car back to its roadworthy glory. With the help of his current employer, he’s also started the first-of-its-kind quality apprenticeship scheme, which he hopes will become a pipeline for future improvement ninjas and quality punks.