Can your business withstand a Wikileak-type attack?
What is a regular business to learn from the fallout from the Wiki-leaks affair?
First, any presence you have on the internet, from just providing information to your clients to actual sales, is subject to two forces that may disrupt your business at any time.
You may possibly fall afoul of rules put in place by your service providers. For most businesses this is a minor, almost non-existent threat.
But the threat does exist. Witness how easily Amazon, PayPal, Visa and MasterCard used seemingly innocent phrases in their providers' agreements to shut down services to Wikileaks.
While your business is probably not engaging in controversial activities that upset the world's major governments, dependence on one provider and not having an alternative arrangement with a competitor could lead to shutdown or a temporary suspension.
Your providers and your business are more under threat from the second force that is now flexing its muscles more boldly since the release of the US diplomatic cables by Wikileaks.
These underground cyber hackers, an anonymous and loosely connected bunch of individuals, have retaliated against any service provider that stopped doing business with Wikileaks.
They have done so through coordinated denial-of-service attacks against the websites of those providers. Some have been successful.
Others failed due to the anarchic nature of the groups. They just could not decide amongst themselves who to attack.
However, they managed to create a lot of trouble for those businesses that did come under concentrated attack.
They largely slow down or prevent a site from working by flooding it with requests, overloading the servers on which a site is based.
The attacks demonstrate that your business does not have to be the direct reason for the attack just your service provider. Since the software to attack sites is freely available, even disgruntled staff or ex-staff may use it to cause problems. So, while you may think the problems affecting Wikileaks is happening to someone else, they could happen to you, even in a minor way.
Of course, these dangers are separate from the regular threat to your business due to a data breach, or, to put it more properly, a leak of information.
A data breach could be caused by a hack attack, an accident, or, more likely by an employee.
With more sites now being established to collect and publish the leaked data, the temptation is greater for an employee to provide sensitive information to them.
Greater anonymity is an attraction. The act of leaking documents also encourages others to do the same.
Responsible IT managers will admit there are no completely secure systems.
Perhaps, more precisely there are no completely secure businesses unless you get rid of all the employees. But you can focus on damage limitation.
You can focus on placing more controls on the data that carries the highest risk of damaging your business. Once you have weighed the risks for each type of data, resources can be concentrated on reducing those risks.
Some companies even take out insurance to pay for business continuity if a data breach could shut them down completely.
Another method of protection is to limit access to data by having a tiered system. Business crucial information should only be provided to those with the highest level of access.
As many have pointed out, the US government granted access to sensitive diplomatic cables to about three million people, anyone of whom could copy them and take them out of their offices, even a private, the lowest level employee.
The problem for the US government is not with Wikileaks, but with itself. Allowing unrestricted access to all the data was stupidity in itself.
It is a basic business decision to put controls on what can be accessed by whom.
Finally, many commentators suggest having a contract with a professional response team who has handled such situations in the past. But you have to be careful about who you hire.
Major data breaches are few and far behind and may companies claim to be able to handle such situations. Do they really?
That is a question you must ask before handing over a huge retainer fee.
Send any comments and gadget gift suggestions to elamin.ahmed[AT]gmail.com