How loose lips still sink ships
Inadvertent information loss can have a devastating effect on a firm's reputation and financial well-being, warns Andrew Pearson
When it comes to security concerns, businesses have traditionally focused their efforts on protecting data against hackers, viruses and theft. However, organisations need to wake up to the risks of inadvertent information loss – one of the greatest threats not only to a company’s financial well-being, but to its reputation and customer base.
The National Audit Office (NAO) recently published a remarkably upbeat report on the National Programme for IT (NPfIT). However, an earlier version of the report was requested under the Freedom of Information Act.
This version showed that previous drafts were different to the published report. Simply cutting and pasting the PDF report into a Microsoft Word document revealed badly retracked information, including the admission that ‘not all contractual arrangements have worked’, as well as a table comparing estimated costs with actual costs. As a result, two leading suppliers pulled out of the programme.
In another case, incriminating data regarding the link between heart attacks and the use of Vioxx, a drug manufactured by pharmaceutical giant Merck, was discovered deleted from Merck’s study submission to the New England Journal of Medicine. The deleted content was revealed through a simple ‘track changes’ manipulation in Microsoft Word. The impact on Merck’s business has been huge, with more than 7,000 personal injury lawsuits filed. Unfortunately, neither the regularity nor severity of such high-profile leaks has prompted organisations to rectify the situation and many are still exposed to the risks of data loss.
The first step for VARs is to raise awareness of the issue. Firms need to encourage employees to be vigilant with the information they are creating and sharing.
Most information leakage is unintentional, caused by users who do not realise that data they are sending could be risky. Here education is vital. That said, while company policies are important, they are worthless if not enforced. Proven technologies need to be put in place to ensure that everything from emails and documents, to PDAs are managed in a controlled way.
These measures will also prevent the minority of cases where information leaks occur maliciously. With the huge amount of information being shared between organisations it is largely a question of when, not if, the firms will face this type of problem unless it takes steps to prevent it.
Andrew Pearson is executive vice-president EMEA at Workshare.