This week Wikileaks started publishing more than 250,000 US embassy cables—the largest number of confidential documents released to the public so far. Imagine if something like this happened to your organization. What would happen to your brand? How would it affect your ability to do business? To compete? To negotiate new deals? To hire and retain talent? These are the questions now bouncing from diplomatic circles to executive boardrooms to newsrooms across the globe. As well as “how could this happen?”
But another question raised in my mind is how much information should organizations really share—even if they think it is being done privately–through the internet? And how do you train your workforce to understand the advantages and perils of file-sharing and social networks?
To answer these questions, let’s back up and see just how this leak happened. Starting in 2000, as part of a number of federal initiatives to improve information-sharing between agencies, the State Department made software changes that effectively lowered its inter-agency firewall so that Pentagon staff could now peer into embassy cables, among other documents. Of course, there were restrictions in place on who could do this, but obviously an industrious army private was able to defeat them rather easily.
This prompts several thoughts as we all begin to review internal systems. Organizations with multiple locations and that use servers or file-sharing systems should always be working to ensure the right people are reviewing the right materials. But what about once a project is completed? Take the time to consider how you are archiving the materials and who has access and for how long.
The next issue is people—always at the heart of both brand and security. The army private who allegedly got hold of all these documents was able to download them remotely and efficiently. Was there software missing to detect mass downloads? Was he so clever as to defeat this? Was he able to retrieve redacted material? Regardless of the answers, the question raised is how companies and agencies vet their “army privates.” Who are the young, digital natives (yes this is ageist of me—bring on the comments!) with access to critical information affecting your brand? The reality is that right now–and this will change over time–the younger generation is more likely to know how to defeat security systems and navigate social networks to disseminate the information. Because of this knowledge they can also help you protect it. So plan to include them in those conversations. And consider how you vet and train them–not just about internal systems, but about how critical this information is to your brand and effectiveness. Also take time to train (and re-train) your older employees–the ones of the cable-writing diplomat’s generation–to ensure they understand social networks and understand file-sharing protocols and the impact on your work.
File-sharing is a dangerous business, but also consistent with the workings of a democratic and open society. I certainly don’t think we should try to stop it. But we do need to reconsider people and processes, so we minimize the brand damage to our nation, our organizations, and ourselves.