It is difficult to turn on the news without hearing something more about Ashley Madison, and the confidential information of their customers being leaked into the press. The nature of this website makes much of our society giddy with thoughts of friends, co-workers, and acquaintances possibly showing up in the leaked data. I myself have been swept up in lunchtime conversations about this site.
A question that surfaces during each discussion is whether you should look at the personal data being released. I’m going to say that in my opinion, the answer is unequivocally “NO”. Looking at this question from an ethical angle I considered a few factors. Ashley Madison operates a legal business in Ontario, involving consenting adults of legal age. Second, the information is of a confidential nature, and was released publicly without the permission of the users.
Is the release of this information to the public any different from the personal data released by black hat hackers from other companies? When Sony, and Home Depot were hacked, and customer information released, did you seek it out? No you didn’t; likely because you really didn’t care about the information, but hopefully some belief that it would not be ethical would have affected your decision as well.
Is the Ashley Madison hack really different?
I am a HUGE advocate for privacy of both personal, and corporate information. My personal information is not anyone else’s business. Your personal information is yours, and everyone else should respect it. Businesses often survive only because their competitors do not have access to their confidential business information. Lanworks survives because we respect our customers’ absolute right to privacy regarding all aspects of their business. This is not restricted to their data, but to all aspects of how they run their businesses.
I would suggest that we take the high road and stand up for our desire for protection of our personal information, by not violating the personal information of others. If no one was to look at the stolen information, we would disempower those who steal and release such information. By viewing personal information obtained illegally, you are supporting criminal elements.
What if it was your information? What if next time, it is the release of critically important competitive information from your company? What can you do to prevent this from happening? The type of product you may want to explore is called Data Loss Prevention (DLP).
One concept of a DLP is to have it profile your important documents. Then should someone try to send these documents (or even a modified form of them), the DLP can be set to log the event, email an alert to your system administrator, and stop the document transfer immediately. DLP products go well beyond this capability, and are designed specifically to prevent inappropriate data from leaving your company.
This is but one step you can take, in a series of steps, from simple to complex. Think that perhaps you need help with your security posture? Let us know, and we can help.