09 October 2014

Too big for your breaches.

I received an email from the Reflect Digital Online Marketing Agency this morning (thanks, folks!) with a link to a lovely little image explaining the disaster of security breaches. My gut feeling is that it seems to go both too far (the joy of cyber liability policies) and not far enough. The unfortunate fact of life is that nearly every company has had a security breach, so it is not truly the end of the world. However, the problem is that most do their best to cover it up.

Every business wants to present their best side. If they are doing something or had something happen that does not look particularly flattering then they will toss a cloak of invisibility over it and pray for the best. California has some of the strongest laws forcing notification following a security breach and, as a result, some organizations will do only what the law requires for identification and action to minimize the impact and/or never really learn from the mistake.  Knowledge is bliss but to never know is perhaps even blissier.

The naughty people looking to infect your systems are communication gurus and share every piece of knowledge they can. When companies have their head in the sand the bad guys are welcome to rape and pillage the electronic ports for whatever they want. Seemingly every day we learn about another company that had a major hack, whether it is the one third of the United States taken down by Target or another third banking at Chase. If the largest bank in the capital of the free world cannot keep your data safe then it is time to step back and acknowledge the truth about where we are today: Every network has holes and will be breached. The question is whether we are going to stop hiding from the truth and finally start doing something substantial about it.

Everyone needs to stop worrying about their reputation and communicate honestly about the problem. Consumers (and the media) need to stop making breaches seem like the worst thing in the world when they are actually happening to all of us. When someone discovers a breach then dig in and let the world know how it happened so we can all learn from it and keep it from happening to anyone else. Better yet - the government needs to stop penalizing companies for having breaches and, instead, help everyone find out the source and how to stop it in the future.

It should go without saying, but I will type it anyway .. The only way to truly protect consumers is for everyone to work together and stop a problem from repeating.