What businesses should learn from Wikileaks

Cablegate forces us to question computer security and the stability of the Internet

The Wikileaks Cablegate affair has been entertaining us now for two weeks as we see diplomats and politicians around the world squirming with embarrassment as we learn what US diplomats really think about the foreign powers they deal with.

Both the leak of the cables and the treatment of Wikileaks and its founder, Julian Assange, by various Internet companies raises some important questions about the Internet, cloud computing and office security in the digital era.

Security

It’s believed the source of the leaked cables is Private First Class Bradley Manning, who is alleged to be responsible for leaking the Iraq tapes released by Wikileaks earlier this year.

The lesson is don’t give junior staff unrestricted access to your data, access to important information such as bank account details, staff salaries and other matters best kept confidential needs to be protected.

You can stop data leaving the building by locking USB ports, CDs and DVDs through either software or hardware settings on your computers and you should ask your IT support about this, keep in mind that locking down systems may affect some of your staff’s productivity.

Locking the physical means though doesn’t stop the possibility of data being sent across the Internet and access logs may only tell you this has happened after the fact. So it’s important to review your organisation’s acceptable use policy. Check with your lawyers and HR specialists that your staff are aware of the consequences of accessing company data without permission.

Incidentally, the idea that Pfc Manning was just one US Army staffer of thousands who were able to access these cables raises the suspicion that the information Wikileaks is now releasing was long ago delivered to the desks of interested parties in London, Moscow, Tel Aviv, Beijing and cave hideouts in remote mountain ranges.

Don’t rely on one platform

Wikileaks found itself hounded from various web hosting and payment providers. As we’ve discussed previously, relying on other people’s services to deliver your product raises a number of risks. Make sure you have alternatives should one of your service providers fail and never allow an external supplier to become your single point of failure.

Concerns about the cloud

This column has been an unabashed fan of cloud computing, but the Wikileaks saga shows the cloud is not necessarily secure or trustworthy. Not only is there the risk of a PFC Manning working at the data center compromising your passwords or data, but the arbitrary shutdown of Wikileaks’ services is a stark lesson of relying on another company’s Terms of Service.

Within most terms of service are clauses that allow the provider to shut down your service if you are accused of breaking the law or straying outside of the providers’ definition of acceptable use. As we saw with Amazon’s treatment of Wikileaks, you can be cut off at any time and without notice.

Amazon’s shutting down of Wikileaks is a pivotal point in the development of cloud services. Trust is essential to moving your operations to the cloud, and Amazon’s actions shown much of that trust may be misplaced.

Should you be considering moving to the cloud, you’ll need to ensure your data and services are being backed up locally and not held hostage to the arbitrary actions of your business partner.

Don’t put your misgivings in writing

So your business partner is a control freak? Great but don’t put it in writing.

Be careful of gossip and big noting

One interesting aspect of Wikileaks to date is how senior politicians like gossip and showing how worldly they are to US diplomats.

That’s great, but it probably isn’t a good idea to tell your best friend they should consider beating up your most important customer. As mentioned earlier, this little gem was probably on polished desks of the Chinese Politburo long before the cables found their way to Wikileaks.

Resist the temptation to gossip, remember your grandmother’s line about not saying anything if you can’t say something nice.

Ultimately what Wikileaks shows us is all digital communications are capable of being copied and endlessly distributed. In a digital economy, the assumption has to be that everything you do is likely to become public and you should carry out your business conduct as if you will be exposed on Wikileaks or the six o’clock news.

Wikileaks is a lesson on transparency, we are entering an era of accountability and the easiest way to deal with this is to be more honest and open. That’s the big lesson for us in our business and home lives.

Similar posts:

Dealing with a telco dispute

ten ways to resolve a phone company or Internet problem

Once again, Australian telcos find themselves being criticised by regulators and consumer groups for their poor performance. This time over poor service, complexity of bills and overcharging on “freecall” numbers.

The frustrating thing with all of these complaint is they are nothing new, as shown by an earlier version of this article in 2007.

So the problems with phone and Internet companies remain and many customers, both consumers and businesses, are forced to go through the time wasting dance of dealing with call centres, complex contracts and often finishing with consumer protection organisations like the Telecommunications Industry Ombudsman or other state and Federal authorities.

However there are ways of reducing the problems and improving your chances of resolving issues quickly and on your terms;

Call them

The first step when you realise you have a problem is to call them. This is the quickest and easiest way to resolve things. If you can solve the problem at this point, you will save a lot of time, money and frustration.

When dealing with any call centre, there are a few important things to remember. You must remain polite, you must never make threats and you should note everything. A lot of this can be easier said than done.

Take notes

From the first call, you must take notes. Every time you speak to the call centre you must note the date and time you have made the call, the time they answered, the name of the person you spoke to, what you discussed, what was agreed (if anything) and the time the call ended. Any important discussions should be confirmed in writing.

Be Calm and Polite

At every stage of the process you must stay cool and polite. Do not lose your temper and do not abuse people. If you find the person you are dealing with is rude or provocative, or if find your blood pressure rising, then politely finish the conversation and call back later later.

Don’t Make Threats

Making threats will hurt your argument and draw the process out. Threatening people only makes their attitude harder or locks them into a position where they cannot negotiate with you.

Suing the ISP, complaining to the TIO, going to the media or calling consumer affairs are all options you have available should everything else fail but the aim is to settle the matter quickly and amicably without going to the time and expense of complaining to other authorities.

Do it in writing

It is important to confirm everything in writing. All too often people believe a matter has been settled only to find it is still a problem months or years later. Follow up any important conversations with a letter confirming the details including the time, date and person you discussed the issue with.

This is very important if you have reached an agreement settling a billing dispute. Confirm the details and the agreement in a letter sent by registered post to the organisation, any faxes or emails should be followed up by a letter.

Any emails about the matter should be printed out. Despite the claims of a paperless world, the only thing that really matters in disputes is what is written on paper.

Make sure you keep the full story in writing and this includes printing out emails and web pages.

Follow the ISPs complaint procedure

You may need to start a formal complaint within the organisation’s internal complaints or appeals procedures, the ISP or telco support line should be able to tell you how to do this. For smaller ISPs there may not be any formal procedures. A letter to the senior management may be necessary to get the right person to respond.

Contact the ISPs management

If the ISP doesn’t have a formal dispute procedure, or if it doesn’t respond, forward your complaints with copies of all the supporting documentation to the directors and Managing Director or CEO of the company concerned.

Generally directors and senior managers hate this and will make their displeasure known to the people responsible within their organisation. Again, be polite and respectful, make no threats and express your desire to settle the matter quickly and amicably.

Pay the bill

Some ISPs have a habit of calling in the debt collectors at an early stage. This complicates the matter and can also affect your credit record. Generally, it’s a good idea to pay any disputed amounts and then continue arguing about the facts of the dispute.

If you have direct debits with the ISP it may be necessary to stop these to avoid further disputed debits to your account. Do this in writing to the both the ISP and your bank with a cover letter informing them the direct debit has stopped. If you do this, make sure you are within your contract and you have a backup Internet service as the ISP will almost certainly stop your service immediately.

Complain to the TIO

If you are still unhappy, complain to the Telecommunications Industry Ombudsman. They like you fill in their web complaint form but they will accept phone calls and written complaints.

Keep in mind they will not help you unless you’ve already tried to resolve the problem with the provider, they also won’t assist if you’ve complained to other organisations which is another reason not to make threats earlier in the process.

Further complaints

Despite all of the above, it’s still possible not to have resolved the problem with an ISP. The next step is to complain to your state consumer affairs department or the ACCC. You can also seek advice from your solicitor or local community legal centre.

The aim with any dispute is to settle it quickly and amicably. The important thing is to contact your provider quickly if you have a problem. Internet providers can be difficult to deal with but with a combination of patience, persistence, good record keeping and a cool temper, you can resolve most problems on your terms.

Similar posts:

Why Internet filtering is bad for business

The proposals for an internet filter risk hurting innocent businesses by blocking websites.

This article orginally appeared in SmartCompany on the 14th November 2008

As reported in SmartCompany last week the Federal Government is proceeding with trials of internet filters that will restrict Australian access to the world wide web.

The aim of internet filtering is to block child abuse sites from Australian web surfers. While the idea is well meaning, the proposal will be an additional burden on business and won’t fix the problem.

There certainly is a problem – a study by the University of California, Berkeley, found around 1% of websites contain pornographic material. With over a billion websites indexed by Google, this translates to around 10 million sites containing things you’d rather not be seen in your workplace or by your kids.

To deal with this problem, most computer operating systems, browsers and search engines have built-in adult filters, and the Federal Government provides free software for home computer users on its NetAlert website.

The new filter will go a number of steps further, with it being compulsory for internet providers to deny access to around 10,000 sites, a number that falls dramatically short of the 10 million estimated pornographic sites and who knows how many terrorist, gambling and euthanasia sites that will probably be added to the list.

The task of deciding which of the billion websites to be blacked out will fall upon the Classification Board. In 2005-6, their 65 staff considered 9425 movies, video games and websites. To say the board will require a massive injection of resources is an understatement.

Under the current proposals, the banned list would be secret, and it’s uncertain if your business inadvertently found itself on the list how an appeal mechanism would work.

One serious risk for business is that many of the people who post illegal and inappropriate material do so on others’ computers to avoid detection. Hacked personal computers and corporate servers are frequently used by criminal gangs for exactly this purpose.

There is also the risk of sites being blocked for political reasons. Canberra has form on this, with the Federal Police using spurious copyright reasons to close down Richard Neville’s spoof John Howard site in 2006.

Recently, a staffer of the present Federal Government indirectly pressured a prominent critic of the filtering proposal through his industry association.

So there are real risks to your website if someone in your company does something illegal, messes up a security setting, or simply upsets the wrong person in a minister’s office.

However it’s not the censorship aspects of filtering that should be the main concern for businesses. The indirect consequences will be deep and far reaching for Australian commerce.

The immediate effect is filtering will increase internet costs. Given 98% of businesses use the internet, the increased ISP charges will be a tax on almost every Australian enterprise.

Business relies upon fast, reliable communications. Trials to date of the filtering systems show a decrease of speed between 2% and 84%. The filters will also add another level of complexity to the system, which in turn reduces reliability.

Those additional costs will become another barrier to entry. At the very time the Federal Government is struggling with competition in the communications industry, this proposal will eliminate many smaller operators and favour the larger incumbent providers.

Overall, this proposal will add costs and reduce the reliability of one of the modern economy’s critical business tools. The real tragedy is the filters simply won’t work.

Similar posts: