WikiLeaks signs its own death warrant with threat to businesses

In its death throes, it makes the best case for good data protection

As if WikiLeaks hasn't created enough enemies by leaking revelatory and sometimes incriminating documents on American efforts in Iraq and Afghanistan, now it's threatening similar dish on Bank of America and is encouraging cube-rodents nationwide to open up their hard drives and fess up to their own companies' evil (or just prurient) deeds.

Like many journalists, I'm generally a fan of any kind of whistleblower -- the more we know about the behavior of our own government and the corporations that sometimes serve and sometimes oppress us, the closer to the straight and narrow everyone involved tends to stay.

There are limits, though, especially if it's your job to make sure the data in your company stays safe rather being squirted through the firewall or carried out on phones or flash drives by corporate malcontents, WikiLeaks is an object lesson: lock down your data, your email and your collections of open, collaborative, unstructured discussions about acquisitions, sales strategies, analysis of competitors and industry gossip.

Except for a few pieces of critical customer data, legal or financial documents, or discussions specifically related to things that could cause the stock price to tank, most companies don't put a high priority on internally generated information.

As Cablegate shows, though, those informal, evaluative, sometimes chatty communications between colleagues, or from employee to manager -- which may or may not reflect the real policy involved -- can be a disaster if they're revealed.

WikiLeaks founder Julian Assange told Forbes he had a megaleak ready to be relased about a big bank, but wouldn't name the bank. Last year he told Computerworld he had several gigs worth of data from a BofA exec's hard drive.

How embarrassing or financially disastrous could that be to your company? It almost doesn't matter which executive it is, either. Data from the ones who are most plugged in with the CEO would be the most accurate, but the outliers and has-beens could have an awful lot of data and speculation stored as text that could be taken as truth and be even more damaging.

Luckily for those who don't like WikiLeaks or any other source of unsanctioned data, it looks as if Assange has finally pissed off enough people that he and it can't possibly survive much longer.

Unluckily for those hoping never to see their own companies embarrassed, others will pop up in his place to distribute embarrassing information on their company and others.

Remember F***edCompany.com, the site that invented the dot-com dead pool to give bitter techies and Webslaves a place to bitch about their companies and make anonymous accusations about management? It was eventually acquired and mostly disappeared. It had a huge impact while it was around, though, and set the tone for a lot of other snarky Web-company news sites.

There will be a lot of those cropping up after WikiLeaks is eventually crushed.

The only way to keep your company from being featured is to make sure you know what information is actually circulating through your company and use data loss protection or other security mechanisms to make sure you know where it's going and with whom.

The technology is a little challenging; it's hard to characterize and control unstructured data without making it impossible for users to share what they need to share. The politics is harder.

You'll never get beyond both at once, and you'll never plug every hole. If anyone could, WikiLeaks and Cablegate wouldn't exist. You can reduce the risk by a lot, though.

Just as importantly to your personal career, you can make it clear to your bosses and their bosses that you know the company is at risk and you're doing what you can to protect it.

Otherwise, you have any kind of security responsibility at all and the next big revelation is about your company, you'll be the target an awful lot of crap falling from a very great height. Just like Julian Assange.

Kevin Fogarty writes about enterprise IT for ITworld. Follow him on Twitter @KevinFogarty.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies