The recent disclosure of roughly a quarter-million classified US diplomatic files on the WikiLeaks website is certainly astonishing, and not just for the secrets that the documents reveal. What’s truly astonishing is the ease with which the information was stolen. Army intelligence analyst Pfc. Bradley Manning apparently copied the first round of documents, released last summer, by inserting a rewritable CD into a computer drive bay. Manning is also suspected to be the source of this most recent leak. He was quoted on Wired.com in June as saying:
“I would come in with music on a CD-RW labeled with something like ‘Lady Gaga,’ erase the music then write a compressed split file,” he wrote. “No one suspected a thing and, odds are, they never will.”
“[I] listened and lip-synced to Lady Gaga’s ‘Telephone’ while exfiltrating possibly the largest data spillage in American history,” he added later. “Weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis … a perfect storm,” Manning said.
Much like 9/11, Hurricane Katrina, and the Gulf oil spill, the two leaks raise basic questions like “How does this happen without anyone noticing, and why aren’t there safeguards in place?” But business owners and corporate communicators should also be asking what the WikiLeaks scandal means for them. While your company may not deal in national security secrets, it probably does have proprietary processes, patented formulas, and confidential e-mail communication that you wouldn’t want your competitors to see.
Protecting your company from a cyber-attack is a job for a qualified IT provider. But there are simple, common sense steps that anyone can take with regard to their communication to help prevent embarrassing and potentially costly leaks of your company’s confidential information.
- The “preacher” rule: Ask yourself before you click send on that e-mail: Is this something you’d say in front of a member of the clergy? Sure, it’s old-fashioned, but what was funny on the golf course or at girl’s night out may not be appropriate for an e-mail or office memo. And once something is out there in cyberspace, it’s completely beyond your control.
- Don’t mad mail: Never send an e-mail while angry. Cool off first, then reassess.
- Use passwords: Both Windows and Mac encourage password use to access a computer, and also restrict what users can access based on their profile. Microsoft Office documents can be password-protected, and access to hard drives or certain folders can be password protected or limited by a user’s profile. Make sure your IT staff has these systems in place. Managers should set passwords and change them frequently.
- Lock things down: Laptops, smart phones, tablets, hard drives and even entire desktop PCs can grow legs and walk away from an office, taking all their confidential data with them. Locked office doors and cable locks can prevent this, as can tools like ID scanners that are common on many business laptops.
- Close your files. Writing a confidential report or memo? Close the file and log out if you leave your desk to use the restroom or get a cup of coffee. Don’t let the wandering eyes and fingers of passersby steal important information.
- Shred. Invest a good-quality document shredder, or hire a company to destroy paper documents, CDs or other materials you wish to throw away.
- Ban the plug-ins. Don’t allow plug-in USB flash drives or optical (CD or DVD) drives on computers that can access confidential information.
Every office is unique, and there are probably more and different steps you could develop if you did a review of your own document practices. Above all, the most important thing to be aware of is simply to “be aware” that confidential information can and will escape if given a chance.