Suggested Lessons We Can Learn from WikiLeaks Events

 WikiLeaks is an international non-profit organization that publishes news leaks and classified information provided by anonymous sources. Founded by Julian Assange, the group has been responsible for disseminating hundreds of thousands of formerly classified files. The Australian-born Assange is a computer programmer and activist who set up WikiLeaks in 2006. In 2010, Wikileaks published a video from a US military helicopter showing the killing of civilians in Baghdad, Iraq. Reuters photographer Namir Noor-Eldeen and his assistant Saeed Chmagh were both killed in the attack. 

This isn't the first time Wikileaks is in the news due to its release of classified files. In the past, Wikileaks even released many sensitive government files. However, it also provides an opportunity to reconsider how these kinds of data should be handled and the lessons we can learn from these events.

A business generates a lot of internal documents from the inane emails to complex, secret business processes that provide us a competitive advantage. For example, the hospitals where you get medical help, store your personal information and medical records so they are able to give you better treatment. However, that data can also be used to threaten you if it is leaked or stolen.

In 2022, this year, MCG Health reported a data breach after discovering an unauthorized party obtained certain personal information about affected individuals that matched data stored on MCG’s systems, including the names, the social security numbers, addresses, phone numbers, emails, dates of birth, and even genders. In response, MCG secured its systems and enlisted the help of cybersecurity professionals to investigate the incident. MCG Health also reviewed the affected files to determine what information was compromised and to whom it belonged. 

Among these cases, I reckon that these events have taught us several lessons and we can learn a lot from them. I listed my suggested five lessons in sequence and priority from the most important to the less important that I as a leader would want to learn from. The sequence is from prevention, minimizing the risks, to how it is supposed to be handled after the leak or breach.

i. Keep The Door Locked

A locked door keeping an honest man honest. Many impulsive actions are for petty reasons which the criminal then regrets after the fact. Locking your door saves a person from doing something they would most likely regret later. Knowing the door is locked or everyone is armed causes most people to think twice about their actions. As the IT technology help companies operate smoothly with efficiency, those sensitive data is also like tasty meat to great white sharks. Companies must make enough effort to secure their systems and the data.

ii. Understand and Lead Your Staff Effectively

Even though you have locked the door, there are still many tactful ways to unlock the door or break it. Therefore, not each of your staff should have the authority to handle all the sensitive information. In addition, business owners and executives must ally the same goal with their employees or subordinates.

iii. Evaluating The Risks and Benefits of Holding These Data

As mentioned above, holding the critical or necessary information provides businesses competitive advantages. That's why they desire to know more about their customers. However, since there are no truly secure systems, what are the risks if the data is breached? Trust is hard to build but easy to lose. Many popular brands build their reputation not only on preferences but also mostly on trust. Therefore, if the information is highly sensitive and very likely to destroy your credibility, you must have a strong plan to handle them.

iv. Diversify The Risks

As long as there are no truly secure systems, businesses must segment the data to diversify the risks when they leak. For example, when a doctor is only permitted to the records of their patients, sensitive data of other patients will be affected if the doctor leaks out the data. Create segmented systems and only provide data on a need-to-know basis to your employees rather than providing a gold mining opportunity for all.

v. Learn How to Handle an Embarrassing Data Breach

As always, bad things happen all the time. Just like the reason why Wikileaks founder Julian Assange was arrested at Ecuador's London embassy, where he had been granted asylum since 2012, Wikileaks has published hundreds of thousands of documents leaked by former US Army intelligence analyst Chelsea Manning. Many of the government officials did not handle this data release very well and said some things which just embarrassed them. Instead of just trying to cover or telling more lies, bringing in a professional response team who has handled these types of situations would be much more appropriate. For example, in response, MCG secured its systems and enlisted the help of cybersecurity professionals to investigate the incident. MCG Health also reviewed the affected files to determine what information was compromised and to whom it belonged. The MCG was attempting to rebuild its credibility.

One More Thing & Thinking Box

The 2018 Google data breach was also a major data privacy scandal in which the Google+ API exposed the private data of over five million users, although it was fixed immediately, exposing the private data of approximately 500,000 Google+ users to the public. In August 2019, Google declared a shutdown of Google+ due to low use and technological challenges. Do you think it is a good way to handle it? Why? Let's discuss it.

References

BBC. (2019, April 12). Wikileaks: Document dumps that shook the world. BBC News. Retrieved June 17, 2022, from https://www.bbc.com/news/technology-47907890 

Reis, J. (n.d.). 5 lessons businesses can learn from Wikileaks. Learnthat. http://learnthat.com/5-lessons-every-manager-should-learn-from-wikileaks/