Privacy. Passwords. Phishing. Breaches. Trolls. Hackers. Bots. No matter where you look, everyone seems to be using these terms in the context of cybersecurity. Any business with a digital presence is a potential target for cybercrime, which helps to explain why the words used to characterize and describe cybersecurity have crept into our business vernacular and become part of the daily news—and late night comedy—cycles.
No industry sector seems particularly immune from cyberattack. Attacks have been aimed at political organizations, credit bureaus, law enforcement agencies, retailers, universities and schools, entertainment companies, financial, automotive, insurance, pharmaceutical, health and hospital firms.
You might have noticed that most cybersecurity stories have to do with the release of—or unauthorized access to—personally identifiable information or sensitive personal information. That’s because this type of information is a valuable commodity as it can be combined with other data (or utilized on its own) to identify, contact, or locate a single person, or to identify individuals in context.
The National Institute of Standards and Technology define personally identifiable information as, “any information maintained about an individual, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.”
Protecting the Confidentiality of Personally Identifiable Information — bit.ly/protectingconfidentiality
50 million Facebook profiles harvested for Cambridge Analytica in major data breach — bit.ly/FacebookBreach
PREVENTING UNAUTHORIZED ACCESS
Unauthorized personal data disclosure is bad for business. It transforms a company’s carefully crafted image into headline fodder. A disclosure redirects corporate resources away from the advancement of products and services and toward the rebuilding of customer trust, brand loyalty, and operational integrity. It forces business leaders to make cybersecurity part of everything they do, and attempt to anticipate and prevent an increasing variety of cybercrimes.
Customers are not affected solely by the disclosure of personally identifiable and sensitive personal data; customers are also impacted by an organization’s content. That’s because content is the intellectual property of the company. When it is insufficiently protected, the entire organization is put at risk.
IT’S NOT JUST PERSONAL DATA: CORPORATE CONTENT SHOULD BE SECURE, TOO
History shows us that a motivated perpetrator of cyber-misdeeds can gain access to content stored in content management systems with the help of free or inexpensive software tools. Such access allows a digital hooligan to change, replace, or delete content that would otherwise be of help to a customer or prospect. Whereas in the past such tools required a certain level of digital wizardry, the widespread availability of free or low-priced hacking-as-a-service (yes, you read that right) “offerings” make it possible for novices to easily get into the mix.
The news media tends to focus most of their storytelling on sloppy data management practices and data theft at big name brands that impact hundreds of thousands or millions of consumers. There are actually plenty of examples where the lack of a formal cybersecurity plan made it relatively easy for a company to accidentally leave the data doors open for cyber-attackers to do damage to content.
All of this to say that content should be just as secure as any other type of intellectual property or data a firm collects, stores, and uses to conduct business. To be clear, the popular media’s focus on cybersecurity stories with big numbers and wide impact is designed to attract a lot of eyeballs for the benefit of their respective advertisers. Viewers get all the juicy details about data thefts and accidental disclosures reported by brands like Adobe, Exquifax, Bitly, Disqus, DropBox, Forbes, Home Depot, Yahoo, Linkedin, and Target. However, the situation is just as serious for the luncheon meat firm with lax content security.
While it may be hard to imagine how poor cybersecurity could damage a luncheon meat company, the examples that follow illustrate how casual corporate content security and laxed content governance can have a negative impact on revenue and public relations.
LEAVING CONTENT UNDER-PROTECTED: FEW EXAMPLES
HARGREAVES & SON: ALTERED LABEL CREATES NEED FOR PRODUCT RECALL
H.R. Hargreaves & Son, the makers of a luncheon meat product sold primarily in the UK, were shocked when they discovered in the news media that the ingredients list on their package had been altered. The primary ingredient was no longer ham; it was dog sh*t. The culprit was a disgruntled employee who had intentionally altered the label as a prank.
The company took a substantial financial hit as a result, having to do image repair and run a product recall.
CLOTHING MAKER: ALTERED LABEL LANDS MANUFACTURER IN POLITICAL TURMOIL
The management of a clothing line realized someone had added an extra line of text to the “Made in the USA” tag included in the inside of their garments. The additional slogan: “Don’t blame us, we didn’t vote for him.” The culprit was again a disgruntled employee.
No product recalls were necessary, but the altered label alienated a portion of its customer-base and recast the company’s image into something more political than patriotic.
Look it up: bit.ly/OreillyFluxCapacitor
O’REILLY AUTO PARTS: FICTIONAL PRODUCTS INTRODUCED ON WEBSITE
The automotive parts retailer, O’Reilly, received an increasing number of calls from prospective customers about their catalog item with part number “121G”. O’Reilly doesn’t sell this product—the Flux Capacitor is a time-travel device made famous in the science fiction comedy film, “Back to the Future”. The culprit is, at the time of this writing, unknown.
O’Reilly has not yet taken the item out of its online inventory, opting instead to add the words, “This item is
not available for purchase” to the listing.
YOUR NEXT ACTION
What would be the impact to your firm if you woke up one day to find out that your entire content catalog had been replaced with bogus information—or worse, erased and no longer available?
As is the case with many content snafus, having a proper response plan in place—and selecting the right tools for the job—are critical success factors that will help you minimize the negative impact content hackers could have on your business.
Take a page from the book of lessons learned from the data thefts and accidental disclosures suffered by the big brands. Reexamine how your content is created, curated, translated, and disseminated, and institute policies and procedures that treat your written intellectual property as valuable as your customers personally identifying information.