WikiLeaks and Your Business: Is Your Data at Risk?

Last Updated Dec 9, 2010 9:06 AM EST

WikiLeaks has been nothing short of catastrophic for the US military and State Department. With more than a quarter of a million secret documents appearing online last week, the US is suffering what might be the single greatest case of espionage since Theodore Alvin Hall gave the Soviets a recipe book for making nuclear bombs back in 1945. The question some are asking: Do too many people, at too many levels, have access to classified information? And if that's true, does it mean your business should close ranks to protect its business information as well?

Those are some of the questions being asked by Andrew McAfee in the Harvard Business Review. McAfee points out that pundits are asking if too many people have too much access to information.

That might be the kneejerk reaction to such a colossal security failure, but not so fast -- there's nothing inherently broken here. Bradley Manning -- the suspect in the leak -- was indeed a very low ranking enlisted member, but he needed access to classified information to conduct his duties. McAfee asserts:

Excessive stovepiping and hoarding of information were a big part of the reason that the US Intelligence Community (IC) as a whole couldn't 'connect the dots' among the available pieces of information well enough to prevent the 9/11 attacks.
I've personally seen this kind of stovepiping in the business world. At one company I consulted for some years ago, critical information about product development was so tightly guarded by the engineering department that everyone else was completely shut out of the conversation until it was too late to have an impact on design, marketing messaging, and other critical elements. The product, not surprisingly, floundered.

McAfee contends that shutting employees out of information and processes is not the solution to controlling business information -- and I agree. The most likely result will be a demotivated, poorly performing organization that doesn't have the information it needs to do its job. Consider that when discussing how current events should inform your corporate security policies.