New Spy Chief Slip-Up Highlights Technology Dilemma
Virtually every household’s lexicon is replete these days with terms like Facebook, My Space, Twitter, MSN Chat, hi5 and Skype. As useful as social networking is to many people, we need to consider what happens when this private world meets – if not intrudes upon – the professional domain of business and government? In some cases the answer is disaster. The security, for example, that your firm’s operations depend upon can be obliterated in one innocent flash, and possibly without you even knowing. In this day and age it pays to have experts in forensic investigation on side who can warn you of where your danger spots are. Corporate intellectual property can be exposed by over zealous engineers posting their findings on the web or by marketing personnel giving `sneak’ previews of a new product launch to their Twitter group.
A lesson in how alert you have to be came in Britain a few days ago when the country’s new spy chief, Sir John Sawers, 53, found himself in hot water over his wife’s Facebook page. It was speedily removed by the government after its contents were published in a newspaper. To many, it looked innocent enough: shots of the Sawers and their three children at the beach and a selection of vacation photos. David Miliband, the Foreign Secretary – read Minister – who is responsible for the Secret Intelligence Service (commonly known as MI6), ducked and weaved by claiming that it was hardly a state secret that Sir John wore Speedos.
The problem was that the Facebook site also revealed the location of the family’s London home, transport details and shots of other senior officials with whom Sawers and his wife are friendly. Lady Sawers had imposed no privacy protection on her account and hence it was available to some 200 million users. Currently Britain’s ambassador to the United Nations, Sawers is due to take over MI6 in November. Even before he went to New York, the Facebook site should have been removed for simple security reasons. He was, after all, an MI6 spy himself before he moved on in his career to work in Yemen, Syria, Egypt and Iraq. He has also been closely involved at the policy level with Iran, Iraq and Afghanistan.
This incident, which should have been avoided by standard MI6 screening processes, has two implications: one is that criminals or terrorists now know more about Sawers than they should, and the other is that when he takes over the Secret Intelligence Service, what sort of respect will he command from his subordinates, especially when he needs to discipline them for security breaches?
It’s not difficult to transpose this embarrassing and potentially dangerous scenario into your business environment.
Most Britons, of course, still have images in mind of Scotland Yard’s counter-terrorism chief striding into the front door of 10 Downing Street in early April this year to brief the Prime Minister on a huge MI5 (domestic security service) and police operation against Al-Qaeda suspects in the UK. The explicit briefing notes he was carrying were fully exposed to the cameras of waiting journalists and were soon all over newspaper front pages and television screens. As a result, the operation had to be brought forward at short notice, which, to put it mildly, wasn’t helpful.
If you’re reading this in your office, take a moment to reflect on how many staff members in your firm are presently on social networking sites and what they might be revealing, innocently or otherwise. Sometimes it’s just a chart on the wall in the background or the file that’s open on their computer screen. But it can be much worse.
It pays to remember that what your competitors, or possibly some state-run intelligence agency, wants from you isn’t necessarily all of your company’s most closely guarded secrets. It’s usually just a missing link in the chain that they’re after. And it’s at that “innocent” point of contact, where your professional world overlaps with that of your social networking employees that something of great commercial value goes out the window.
Forensic specialists are experienced not only in how to safeguard against such threats but also in where things most commonly go wrong. They can run an audit on your firm’s vulnerabilities and in the process provide your staff with a sense of security they’re otherwise unlikely to have. Computer forensics and the capacity to monitor web activity is nowadays a sophisticated art. Don’t wait until disaster strikes to avail yourself of it.
simon sunderland says:
Many good points made here - as cyber hackers become more focused they will pick up on any data that’s available on the web to help them. Too many people still think that posting things for their friends are private!
July 11th, 2009 at 12:32 am