Daniel Rosenbaum for The New York Times
Case Study
What would you do with this business?
A case study we’ve just published explains the challenges faced by Peter Justen, chief executive of MyBizHomepage, a Middleburg, Va., provider of business accounting software. The business was shut down by a wave of cyber attacks that apparently came from a disgruntled former employee.
Mr. Justen founded the company in 2006 to give small-business owners an easy way to view their financials and isolate important metrics. A serial entrepreneur, Mr. Justen raised several million dollars from investors to start the company, which its investors valued at $100 million at its peak in 2008. At about that time, Mr. Justen and his board, seeing tremendous growth opportunity for the business, especially in international markets, turned down an offer to buy the company.
Mr. Justen believes the decision not to sell rankled the company’s chief technology officer, who decided to try to form a competing software company. Upon learning of his technology officer’s action, Mr. Justen says he fired him. A series of cyber attacks against the MyBizHomepage Web site followed and essentially shut the company down. You can read the case study to learn the details.
We asked a business owner and several experts in the realm of digital law and security what they thought Mr. Justen should do to save his company. Please tell us what you think in the comments section below, and next week, we’ll follow up with another blog post that will explain what Mr. Justen decided to do.
Norm Brodsky, a serial entrepreneur and columnist for Inc. magazine in New York City: “Mr. Justen should focus on restructuring or starting a new company using his intellectual property. Bankruptcy won’t help. His only asset is his software, which they will just auction off and sell to the highest bidder. He should also be honest about how he played a role in what went wrong. Why didn’t he run a background check on his C.T.O.? And why did he fire him without first putting a plan in place to protect the software? He can’t afford to make those mistakes again. I always say you should trust everyone but also keep your eyes open.”
Mark Davis, senior director at the White House Writers Group, a consulting company in Washington, and the co-author of “Digital Assassination,” a book on cyber-terrorism: “Mr. Justen has no choice but to go public with an apology and an explanation. He should put up a YouTube video explaining what happened and what action steps they are taking to rectify the situation and make sure it won’t happen again. On a personal level, he should take the time to snail mail everyone who received a fake e-mail from him as a way to set things right.”
Joy Butler, a business and entertainment lawyer in Washington who wrote “The Cyber Citizen’s Guide Through the Legal Jungle”: “Mr. Justen and his company have limited legal options going forward unless they can locate the C.T.O. The company might then seek redress by suing for breach of any non-compete or confidentiality provisions that may have been in the former C.T.O.’s employment agreement. I would also caution Mr. Justen about how much information he discloses about the events at his company. On the other hand, he does need to let his customers know about the fact that there was a security breach or the company could face legal ramifications itself.”
John Mutch, chief executive of BeyondTrust, a global provider of security software: “I think the first wave of security was focused on external threats. Now people are realizing that the threat from the insider is a malicious threat that can be catastrophic in a lot of ways. Unfortunately for Mr. Justen, he probably needed to lock the system down before firing his C.T.O. If he decides to go forward, he should consider building role-based security around his company’s critical assets that limits who can access what.”
What do you think?
Article source: http://boss.blogs.nytimes.com/2012/08/22/can-this-company-recover-from-a-cyberattack/?partner=rss&emc=rss