How should the Flayton Electronics team respond to the crisis? 1. Introduction
As information technology (IT) and information systems (IS) improving rapidly, a massive number of business activities can be done by IT and IS. However, it is inevitable that the risks and threats are increasing at the same time. Thus, new kinds of risks and crimes, which mentioned by Choo and Smith, may emerge during doing the cyber events like online payments, auctions, gaming, social networking sites and blogs (Choo & Smith, 2008). Obviously, in Flayton’s case, the company suffering from data breach which happened at the processes of online payments is a typical and common information technology problem recently.
Adebayo have defined data breach as well as security breach is an action that disclosing the secure and confidential information to an untrusted environment by an unauthorized individual (Adebayo, 2012). The Data Breach Investigations Report (DBIR) has shown that there were 855 incidents of data breach and 174 million compromised records in the world in 2011, most of which were attacked by hacker and malware (DBIR, 2012). As we can see that the probability of data breach happened in 2011 was relatively high, and what Caldwell predicted that the number of data breaches will continue to rise up in the later years (Caldwell, 2012). Thus, there is no doubt that it will be an enormous challenge for the companies like Flayton Electronics.
In Flayton’s case, the data breach informed by the Union Century Bank actually occurred in Flayton Electronics, a 25- year company. Because the young company never encountered such situation, the top management team face the new territory and difficulties, and the whole company were at stake. In this paper, the solution will be provided by the author. On the one hand, there is a debate on whether the company should inform their customers that their data and information had been revealed, if so, when and how to make notifications are of great importance for the reputation of Flayton Electronics. On the other hand, investigation should be done to find out the reason and the crime culprit of the accident, and then it is necessary to fix the problems and clarify the fact to the public. After that, long-term measures of protect the IT/IS security for Flayton Electronics will be set. At last, the compensation for the victims and punishment for the inefficient staffs in the company will be done. Totally, those are the all solutions to the Flayton’s case, and the details of them will be recommended later in this paper.
2.1 Communicating to the Customers
The most significant decision which may be associated with the reputation of the Flayton Electronics in the future is about the means of reporting the truth of the data breach accident, because different ways of releasing the incident may cause the completely different results. Fortunately, a research conducted by Romanosky, Hoffman and Acquisti which explored two questions “First, what kinds of data breaches are being litigated in federal court, and why? Second, what kinds of data breach lawsuits are settling, and why?” can be regarded as a useful guide to cope with such confused problem. The results of their investigation of more than 230 data breach lawsuits from 2000-2010 have been shown that the possibility of a company being sued in federal court are 3.5 times greater when people suffer financial loss, but more than 6 times lower when the company provides free credit monitoring after the breach, and defendants settle 30% more often when plaintiffs put financial damage as a reason from a data breach (Romanosky, Hoffman & Acquisti, 2011).
Totally, there are many ways to report the fact of the security breach, some of which have been recommended by the staffs of Flayton Electronics the banks and those experts who commented in this case. However different people hold different views, for example: The Secret...
Please join StudyMode to read the full document