While the headline on this post is a bit tongue-in-cheek, it’s accurate. On June 27 and 28, unauthorized parties attacked the job boards at the online Washington Post site. While the publication says no passwords or personal data was affected, their response - in a full-page explanation of the event - is indicative of how the public expects companies to respond these days when a breach occurs.
I don’t mean to be the harbinger of horrors, but the attacks keep coming. Reports of Apple iPhones getting hacked. Reports of smaller organizations becoming targets. And here we have a job board of a newspaper. How much value do you think this information has for anyone? But it keeps happening.
This puts IT professionals in a difficult spot. Where is your loyalty and what harm can come if you disclose information on a data breach or other access event? I’d say plenty. Especially in an age where compliance dictates that organizations report every little thing.
Let’s look at a few scenarios and ask What If?
Is it too much to let your customers know that you’ve been hacked? What if the hackers didn’t even get access to your cloud data - or the attack didn’t affect data you maintain elsewhere? Sometimes the damage is done even when the breach is as simple as one record being compromised.
What if the only thing affected was cloud application security and you closed that down almost immediately? Nothing lost, nothing stolen, you still have complete control.
Ultimately, where does this leave you and your communications strategy? What can you tell your clients? What will you tell the media? What do you have to disclose to anyone? This might be a matter for you and your board of directors or your compliance team. But these days you need to start thinking about your crisis communications plan in the event that your next big news isn’t great earnings or a new product, but a breach of your customers’ data somewhere in the cloud.
What do you think?
Posted
Jul 11 2011, 11:02 AM
by
JeffCutler