Friday Sep 20, 2024
Friday Sep 20, 2024
Thursday, 27 January 2011 00:07 - - {{hitsCtrl.values.hits}}
A confluence of new technologies, content, web, social phenomena, mobility and context is revolutionising the way we engage with one another, be it with employees, business partners or customers. It’s also revolutionising the way all of these groups engage with one another as collaborators.
WikiLeaks a product of confluence of technologies
While leading business minds were busy strategising on how to leverage the opportunities inherent in this new era of anyone, anywhere, anytime connectivity to drive business growth, Julian Assange was busy innovating a platform that would empower him to decide what should or shouldn’t be classified as secret by the governments and organisations across the world.
The self-proclaimed freedom of information activist, spurred by his underlying philosophy that organisations which are abusive need to be in the public eye, was quick to take advantage of the opportunity that was presented by the confluence of technology to unveil WikiLeaks, a website that serves as a drop box for anyone, anywhere, who disagreed with any organisation’s activities or secrets, irrespective of location.
It is said that: “The most obvious lesson [of the WikiLeaks case] is that it represents the first really sustained confrontation between the established order and the culture of the internet that allows the free flow of information. Digital technology makes it much easier for ‘one disgruntled individual’ to unleash massive troves of information, almost instantaneously to be accessed by millions. There have been ski mishes before, but this is the real thing.”
Information security to the fore
In November 2010 Assange sent shock waves across the corporate world when he declared that at least half the treasure trove of documents the organisation is sitting on belong to private corporations, and that WikiLeaks plans to focus its attention on releasing internal documents from corporations in the near future.
The impact of the disclosure of sensitive information that is confidential in nature could be manifold. It could range from spoiling long-established relationships with employees, shareholders, customers, vendors and regulators to causing irreparable damage to the reputation of the corporate built over the years. In the case of public quoted companies, potential leak of price sensitive information could precipitate the downward spiral of its shares.
In essence it’s a timely reminder to the board of directors and the top management of companies to review and revamp their strategy on information security to take swift action to plug in avenues of ad hoc disclosures and potential leaks to protect any unplanned attacks mainly on its reputation.
WikiLeaks has set the pace for many others across the world to initiate secondary or mirror sites as havens for whistleblowers, thus forcing the top management of companies to understand the importance of information security and work out ways to mitigate the level of risk emanating through potential leaks. This adds a new dimension to the enterprise wide risk management portfolio.
From 2011 onwards top corporates are bound to classify the exposure online of sensitive company information on the top right hand corner of the risk quadrant, usually reserved for risks that are catastrophic in nature, thus enabling information security to earn its legitimate place in the risk matrix of companies.
Establishing a cyber security programme within organisations
For corporations, the type of information at risk of leaking is trade secrets, such as business/product plans or financial records. As aptly stated by experts, governments and corporations should focus less on WikiLeaks and more on the initial source of disclosures. A few suggestions on how an organisation can effectively address the potential threat posed by WikiLeaks can be summarised as follows:
Reduce the quantity of secrets
The cardinal rule is that if you don’t need sensitive information, don’t collect it. If you do collect and store sensitive information, it is in your interest to destroy same as soon as practicable (subject to any minimum time limits imposed by laws on preservation of records).
Maintain a credible policy on whistle-blowing
Create a platform (hotline, email address) for employees, vendors, customers and other key constituents to lodge complaints regarding legal/ethical lapses of the organisation. If stakeholders have a forum to be heard and see that complaints are investigated and remedied, then they are less likely to be discontented and become whistleblowers.
Effective engagement of employees
Apart from ensuring that employees sign nondisclosure agreements, earn the trust of employees through demonstrated value of transparency, to establish in the minds of the employees that their employer is an open and transparent organisation that reveals information about itself as warranted. In short, the companies need to provide multiple opportunities for employees to be heard internally.
Most often, leaks are a manifestation of employee sentiment that they are not being engaged by their employers. Periodic engagement of employees about secrecy will make them understand the justifications for organisations to maintain secrecy in selected spheres of activity for its own survival.
Provide employees the tools required for secure execution of their jobs
This will eliminate the need to create improvised solutions. Most often internal documents get published on the web due to creative employees inventing their own quick solutions to common business problems such as:
Organisations should also formulate explicit internal guidelines on how information should be treated by employees and maintain sound protocols on email policy applicable to impress upon the staff that ‘if you wouldn’t put it on a postcard – where the source, route and destination can read it – don’t put it in an email’.
Bottom line: Maximum possible disclosure, the hallmark of a truly effective internal security system
Time and again it has been demonstrated that the public’s greatest indictment of corporations in crisis is the lack of transparency, integrity and candour. Assange is propelled by the belief that, abusive organisations have two choices – they can either reform in such a way that they can be proud of their endeavours and display them to the public or they can lock down internally and to balkanise and as a result cease to be as efficient as they were.
Accordingly, the best possible measure any company could take to prevent unwarranted leaks is to strive towards more transparency, credibility, truthfulness and accountability.
WikiLeaks is a wakeup call for organisations to be true to their corporate value on commitment to transparency through demonstrated action instead of paying just lip service to it. This is increasingly critical to determining how badly the reputation will be damaged.
Truth, like oil, will always come to the surface. Hence the goal of all institutions, be it governments or companies, should be to strike a credible balance between maintaining secrecy and ensuring maximum transparency as applicable and required.
This in fact will be the only way forward for organisations to successfully weather attacks of WikiLeaks et al.
After all, its founder admiringly cites the following words as an integral part of his philosophy on the WikiLeaks website: “The hallmark of a truly effective internal security system would be the maximum possible disclosure, recognising that secrecy can best be preserved only when credibility is truly maintained.”
e writer is a lawyer by profession with over 15 years of senior management experience in the technology sector and international wholesale telecom business.)
