Wednesday, December 7, 2011

Management Inattention and Two Security Fiascos

Wow! How can big companies with reputations to protect fumble so badly?

That’s the reaction to two unbelievable stories of the past two days.

  1. PayPal froze the account of a well-known business, Regretsy, just because it was collecting donations for a Christmas-season toy drive. There was not the slightest indication that the business was doing anything wrong or anything different from what PayPal publicly recommends. News outlets accused PayPal of ruining Christmas for hundreds of children.
  2. CBS-owned CNet Download.com, one of the best-known software download sites, has been bundling malware with its downloads for at least two days. The new CNet installers trigger alarms in security software, and computer security experts say the extra software they install could damage users’ computers. Dozens of news headlines combine “CNet” and “malware,” words that previously no one would think of putting together.

In both cases, the big question is, where are the managers? CBS cannot afford the malware association any more than Sony could with its music CD spyware (the Sony spyware saga, recall, led to the closing of most U.S. record stores), and PayPal could lose billions in revenue because of the chilling effect of so publicly freezing innocent customers’ money. So why are low-level workers being permitted to put the company’s future at risk, while the real business people at the company learn of the problem only through the news media?

It is the same thing that happened to AIG. That insurance company’s executives did not even know that technicians routinely traded the company’s net worth thousands of times over in securities of the most dubious kind. By the time senior managers understood what this actually implied, it was too late to save the company.

With these two stories, PayPal and CNet, popping up simultaneously, it makes me wonder if this is a trend. Have big businesses in general given up on oversight of their own operations and employees? If they have, of course, then there is more trouble on the way.