Wikileaks is in the news due to their release of US government files, but for many years the site has been releasing both government and corporate secrets – and with a pending release of files from a large US bank, it provides an opportunity to think about the lessons this teaches business managers. A business generates a lot of internal documents from the inane emails to complex, secret business processes that provide us a competitive advantage. Learn 5 lessons every manager should know from the WikiLeaks affair.
1. There Are No Completely Secure Systems
Most companies have systems which they consider business sensitive and possibly even secret data. These systems contain financial data, customer information, or documentation about internal business processes. Though you may consider these systems secure, as the top secret government data file leaks have shown, there is not such thing as a truly secure system. You should make an effort to secure your systems and your data, but understand the risks involved with a data breach.
2. Weigh the Risks of a Data Breach
Since there are no truly secure systems, what are the risks if your data is breached? What are the financial penalties that could be levied? What embarrassing information do you have on file? Should you have some electronic communication refresher courses for your employees to re-teach them what is and isn’t appropriate to communicate via email or instant messenger?
There are ways to mitigate the risks of a data breach and you should consider some of them. Insurance companies offer data breach insurance to help pay for business continuity in the case of a data breach. Discuss data security with your Information Technology staff. If you handle sensitive credit card data, make sure your company is PCI compliant.
3. Segment Your Data
One recent estimate said the embassy cables released to Wikileaks was available to 3 million people with security clearances. 3 million people! Millions of files were available to the leaker who simply had to download it onto a CD-R or a USB thumb drive. If you do have a lot of sensitive information, you should create segmented systems and only provide data on a “need to know” basis to your employees. No one employee should have access to everything unless the person needs it to do his job. Segmented systems also reduce your chances of total data loss if one system fails.
We’re not suggesting putting in place a bunch of new and complex IT security rules, but instead just limiting access to individuals who really need access to the data. Do not shut down your business by limiting what your employees can do, just make sure they have access only to the things they really need.
4. Understand the Maturity of Your Staff
The government security files may have been leaked by a young Private with more data access than he should have to match his maturity. Where he thought he was idealistically revealing potential crimes, more likely he was just releasing a lot of very embarrassing material. Understand that some of your staff is not mature enough to handle what you’re asking of them and if you have staff who are handling your business finances who don’t know how to handle their own personal finances, you might want to rethink the control and power you give them.
5. There Are Right Ways and Wrong Ways to Handle an Embarrassing Data Breach
Many of our government officials did not handle this data release very well and said some things which just embarrassed them. If you do have a data breach, consider your response before discussing it in public. We recommend bringing in a professional response team who has handled these types of situations. Most managers are not trained in dealing with the media and can quickly find themselves in an awkward position without proper preparation.
The WikiLeaks situation has taught us several lessons and business managers can learn a lot of this situation.