I remember a time, not so long ago, when the collective UK public gasped in shock at the unsurprising news that journalists from major news outlets were hacking into phones to gain access to hot gossip. Most British papers didn’t even cover it, simply because they were guilty and to throw stones in this particular glass house would be a little crazy, even for the ever-reliable News of the World.
But Wikileaks reveals a ton of stolen information from the USA vaults, and we’re practically celebrating. Sure, I’m one of them – it’s nice to watch people like Hilary Clinton squirm as they’re forced to face up to the fact that the rest of the world doesn’t like the USA’s “world police” tactics as much as the US government seems to think they do. But at the same time, it’s also made me consider how secure our networks really are.
You’re a small business, and you’ve got a big supplier. All it takes is one grouchy email sent to the wrong address, and that supplier will vanish. It’s a struggle, but of course, if you’ve not got the funding to set up a firewall system reminiscent of Dan Brown’s Digital Fortress, then you’re going to have to start monitoring your communication.
Let’s take a closer look at the info we gained from Wikileaks. US ambassadors and other major figures were doing what a lot of people do in life – moaning about the difficult people at work. The key difference? They’re representatives of a global superpower, and those moaning, whining colleagues are in fact entire nations and/or world leaders.
Firewalls are obvious, and you’re not looking at major money just to encrypt servers and use an SSL internal email system. But when it comes to your staff, you have to ensure you’re hiring the right people.
Don’t give responsibility of your company Twitter account to the guy who keeps using his own to tweet inappropriately during working hours, because he might confuse accounts (and although it’s usually a lie, many companies point at these people when their social media campaigns go to pot). Don’t grab that intern who’s always making tea and give them a major email marketing campaign either, because you’d be surprised how many people forget which account to use when they’ve got six plugged into Outlook.
When writing about the Wikileaks, well, leaks, Evening Standard journalist Roy Greenslade asks a few valid questions about the nature of the journalist:
“It’s the major reason so many are wary of journalists. Can we be trusted? Are we ever off duty? Do we lack a sense of responsibility for our actions?”
Personally, I don’t think journalists ever stop being journalists. After working in that field, it’s pretty difficult not to see the “angle” on any particular event, and just like members of the Metropolitan Police don’t hang up their helmets at the door, we don’t put our notepads down. Ever.
And it’s for this reason that online security is going to have to change. We’re prepared for attacks from cyber-terrorists, foreign Google hackers, and the occasional virus or key-logger. But we’re not protected against the increasingly aggressive tactics journalists are using to get their stories. There was a time where not a newspaper in the world would’ve published the Wikileaks cables, but now it’s hard to stop them. We’re finally taking freedom of speech and pushing it into every mould we can.
But what does this mean for small businesses building their enterprise up in the age of the tweet, the email and the FourSquare check-in? More security and better staff. If you’re releasing expensive add-ons, for example – and it’s justified, don’t ever back away from charging for software expansions – ensure there’s no one snooping around your IMAP server.
Wikileaks will eventually turn its eye to the other half of the problem, because when Wikileaks ceases to have anything to criticise (it won’t, but let’s be positively hypothetical for a second, here) it’ll turn on the corporations and the businesses who it might have a problem with. Wikileaks has set a rather far-reaching precedent – if you’re doing something people disagree with, it’s no longer just illegal to dig into someone’s server and get it, then release it as news. It’s now both illegal… and heroic.