Loose Lips Sink Ships…and Maybe Companies Too
I’m sure we all remember growing up being told by parents, teachers, and others to be careful of what we say and who we say it to. World War II GIs were taught “Loose Lips Sink Ships”. These sage words ring true today. Business environments are highly competitive, rich in proprietary data, and intricately dependent on the actions of its employees and business partners.
While the use of Information Technology has enabled organizations to increase information sharing and collaboration, streamline operations, reduce time to market, and grow profit margins it has come at a cost, RISK; most specifically risk to proprietary information, a cornerstone of any business.
Connectivity to the internet and email in general have been catalysts in a variety of high profile information exploits including mass credit card theft, private and personal data loss, and many other information compromises. Most exploits are carried out by well organized crime groups and government sponsored espionage focused on extracting and exploiting information for profit, political and technological advantage.
I have personally participated in investigating a variety of information compromises that have cost corporations millions to clean up, not including the value of the lost intellectual property and forward potential revenue. These events are rarely reported unless required by law and most fall outside of such mandates. Equally disturbing most are never prosecuted.
A new wave of social networking tools now presents increased risk to proprietary and competitive business information. While we all have heard of personal social networking sites like Facebook and MySpace where people tell their life stories unedited (the good, bad, and very ugly), or have visited blogs hosted by Blogger or Technorati where the latest buzz is debated, similar forums are being utilized for “business discussions”. Now I am fine with the “my dog is better than your dog” confrontations when it comes to social matters but this is strictly off limits when it comes to the heart of what my company is doing that provides specific business advantage be it product, process, or know how.
In order to address missteps on the part of its employees and partners, companies must establish acceptable use polices for the organization to limit the boundaries and forums in which company privileged data may be discussed. Sites such as Yammer promote the posting and discussion of company proprietary data on their servers, governed within the confines of a company discussion group limited by email address and for company member eyes only.
While the integrity of such information is claimed to be secure is this the manner in which corporations should handle their proprietary data? I think not but maybe I’m just old school.
If I produce it, I want my organization to drive the bus in order to prevent, monitor, and identify when protections break down and direct what we need to do to recover, something we call preventative, detective and corrective controls.
Corporate counsel and executive management must set limits on the use of such sites or may find that protections extended by law of their most critical asset proprietary information, is lost or eroded and perhaps their products or trade secrets in the hands of the competition. Well intentioned employees and IT staff need to be guided by policy, procedures, security awareness and ongoing audit measures. Remember “Loose Lips Sink Ships” and maybe companies too.