As the WikiLeaks drama unfolds, I wonder if this isn’t a perfect teachable moment for MSPs and businesses alike. Most businesses don’t have super secret information like the US government, but most businesses do have information that is either sensitive, valuable, or secret, that if it were to be leaked out it would be harmful to that company. So, what are the lessons to be learned?
First, data can be hijacked and ransomed. Just today, it appears that the Julian Assange (the mastermind behind the WikiLeaks) has created a rather clever insurance policy against being caught one day. If arrested by the authorities, Assange will decrypt a very sensitive file containing data on it that has already been downloaded and disseminated to thousands of supporters throughout the world. Imagine if this happened to your company’s most sensitive and secret data. What would it be worth to you?
Second, the US Army private who is suspected of leaking this information to WikiLeaks, underscores the importance for internal controls when it comes to data security, storage, and archiving. For companies today, you may not have a Julian Assange waiting to broadcast your secret files all over the world, but it is statistically likely that an existing or former (even soon to be former) employee could cause your organization to suffer such a humiliating data loss.
Third, your corporate image can be harmed over something as simple as an exposed data file. WikiLeaks represents the most extreme case we’ve seen in a long time, but these scenarios do happen every day; they just don’t get reported like a WikiLeaks case does. The U.S. government has suffered a rather significant PR setback. This data breach has caused our state department, and many other branches, to go into damage control. The same can happen to a private company if it were to lose similar information.
If you think a WikiLeaks can’t happen to you, think again. It can, and it probably will. The question is whether you have anything that can cause your company embarrassment. Talk to your IT department about ways to safeguard your sensitive data. If your IT department doesn’t have the answers, talk to your MSP. Chances are they can help.