WIKILEAKS – how does it affect your company?

December 12th, 2010 by Stephen Jones Leave a reply »

WikiLeaks’ release of secret government communications  serve as a warning to the world’s big companies: You’re next- there is nothing about WikiLeaks’ release of U.S. diplomatic documents to suggest that the group can’t — or won’t — use the same methods to reveal the secrets of powerful corporations.

There is a real threat  posed by disgruntled insiders and poorly crafted security  policies, which give too much access to confidential data.

WikiLeaks claims it has incriminating documents from a major U.S. bank, which gives new new urgency to addressing  security inside corporations and a reminder of its limits when confronted with a determined insider.

At risk are companies’ innermost secrets — e-mails, documents, databases and internal Web sites that are thought locked to the outside world. Companies create records of every decision they make, whether it’s rolling out new products, pursuing acquisitions, fighting legislation, foiling rivals or allowing executives to sell stock.

Although it’s easy technologically to limit who in a company sees specific types of information, many companies leave access far too open. And despite the best of intentions, mistakes happen and settings are inadvertently broad,  as networks grow more complex with reorganizations and acquisitions.

Even when security technology is doing its job, it’s often  a poor match if someone with legitimate access is determined enough. A cheap thumb drive  and a vendetta are all  an insider needs to obtain and leak secrets. Outside attackers often have to compromise personal computers , then use their skills and guile in hopes of working their way into your system.

Employees go rogue all the time — for ego, to expose hypocrisy, to exact revenge or simply for greed. A former analyst with mortgage lender Countrywide Financial Corp., now owned by Bank of America, is awaiting trial on charges he downloaded data on potentially 2 million customers over two years, charging $500 for each batch of 20,000 profiles. Prosecutors say the analyst worked secretly on Sundays, using an unsecured Countrywide computer that allowed downloads to personal thumb drives. Other home loan companies bought the  profiles, including Social Security numbers, for new sales leads, according to authorities an employee with Certegy Check Services Inc., a check authorization service, was accused of stealing information on more than 8 million people and selling it to telemarketers for a haul of $580,000. The worker was sentenced in 2008 to nearly five years in prison.

Despite the repeated warnings, many large companies lack clear policies on who should have access to certain data, .

WikiLeaks argues that revealing details of companies and governments behaving  is good for democracy. Julian Assange, WikiLeaks’ founder, told Forbes magazine that the number of leaks his site gets has been increasing “exponentially” as the site has gotten more publicity. He said it sometimes numbers in the thousands per day.

Assange told Forbes that half the unpublished material his organization has is about the private sector, including a “megaleak” involving a bank. Assange also told Forbes that Wikileaks has “lots” of information on BP PLC, the London-based oil company under fire for the massive Gulf of Mexico oil spill. WikiLeaks previously published confidential documents from the Swiss bank Julius Baer and the Kaupthing Bank in Iceland. The site also published an operation manual for the U.S. prison in Guantanamo Bay, Cuba.

WikiLeaks’ most recent leaks exposed frank and sometimes embarrassing communications from diplomats and world leaders. They included inflammatory assessments of their counterparts and international hot spots such as Iran and North Korea. The prime suspect  Army Pfc. Bradley Manning, is  held in a maximum-security military brig at with an earlier WikiLeaks release: of a video of  a 2007 U.S. Apache helicopter attack in Baghdad that killed a Reuters news photographer and his driver. Military investigators say Manning is a person of interest in the leak of nearly 77,000 Afghan war records WikiLeaks published online in July.

Manning boasted to a hacker confidant that security was so flimsy he was able to bring a homemade music CD into work, delete its contents and fill it with secrets, according to a log of the exchange posted by Experts said a key flaw in the military’s security was that Manning may not have even had to look all that hard for the data, as it was apparently available for many people to see. The Defense Department says it has bolstered its computer security since the leaks.

Companies have many options technologically to protect themselves.

 Configure  e-mail servers to restrict to whom certain people can send documents.

Prohibit certain people from copying and pasting from documents,

block downloads to thumb drives and CD-ROMs,

 deploy technologies that check if executives’ e-mail messages are being checked too often — a sign that an automated program is copying the contents.

The more companies control information, the more difficult it is for employees to access documents they are authorized to view. That lowers productivity and increases costs in the form of the additional help from technicians.

You run the risk of creating an environment that’s so rigid that people can’t do their jobs and need to find that balance.

Ask about our innovative solutions.


Comments are closed.