PR agencies and PROs are being granted access to greater amounts of mission critical
information than ever before. Sensitive financial information, public advocacy positions and legal arguments have become accessible to communicators as PR is seen as an increasingly critical tool in the success of such actions.
At the same time, a plethora of technologies are becoming available that place this information at risk from user error (i.e. losing a memory stick, or mobile phone). With this in mind this is a list of some key items to consider.
1. Never save anything confidential on anything smaller than your head
Yes, I do mean your head. This means that you shouldn’t save non-public information on the local hard drives of tablets, smartphones, USBs or preferably anything that you can remove from the office.
How do you access email? Well, your IT team can still set you up with a VPN on your tablet or you can still have a BlackBerry, but apart from email – there is NO REASON AT ALL to have a Smartphone which has company data saved on it.
If you have to use a USB, make sure it is an encrypted one with a password.
2. Dropbox, Google Drive and YouSendIt
Now that you cannot easily save your draft materials on a USB for easy transport, you will almost immediately stumble upon the next security flaw – the Cloud.
This is an exciting development where you can store your music, photos and personal information without having to carry it around with you. But, many of the services out there right now are meant for consumer usage, and have some limitations to be aware of.
Firstly there is Dropbox – one of my favourites. This is an easy way of creating a shared network of folders similar to the one that many of us will be used to in an office environment. You can put a significant amount of data within a folder and share the entire lot, or just one file with a click.
If you are using Dropbox, please make sure that all content is fully approved for public viewing! Don’t put draft material or internal content in a Dropbox folder. It’s not that the site itself is insecure, but it is possible that you will keep one folder alive longer than it’s needed. You will then need to administrate the folder properly to ensure the right people have access. There is also a problem with sending a link to a particular file – this can potentially be redistributed without your knowledge and the file then shared far and wide.
YouSendIt is better for socialising content and obtaining feedback on specific documents. This allows you to set a password and limit who can access the link you circulate. It also has a deadline when the link will expire taking that headache from you.
Both cost a little bit of money – YouSendIt is more expensive, but that is because it is offering greater information security. Dropbox may be an effective virtual press room and complements other tools such as Flickr and YouTube.
Google Drive is another online storage system which you can synch with your google account. It’s quite easy to use and access from pretty much anywhere. You could possible use this for data you need to have personally to hand, but again, don’t keep sensitive materials there.
In all cases, check with your IT Security team about the corporate cloud technologies they may be in process of developing.
3. Prepare for the worst
At some point we will all suffer a misfortune and will have our mobile stolen or a laptop lost at the airport. It is essential that you know what to do next. Chances are you have synched your smart device and laptop to just about every social media service you have subscribed to.
All your passwords will be saved to its browser and apps galore will be keeping you alerted to everything from the latest Gordon Ramsey recipe to the status of your 10 year old nephew’s football team.
In the far past, all you needed to do was to call the telecom company and stop your number. Recently you went about changing your passwords.
But now, some software systems let you be even more clever. Use of Samsung devices (and possibly others) allows you to track your lost mobile and wipe the data remotely. This includes data on the phone and on removable memory.
Needless to say, you should always lock your device with a secure password.
4. Don’t take the easy route
With all the services and applications we subscribe to, we are being overwhelmed with passwords. Because of this, browsers and Web services are offering us the chance to ‘be remembered on this computer’ or to ‘save your password’.
Don’t do this.
It takes you a little bit longer and might frustrate you to have to continuously enter your WordPress account details when you want to update your blog, but it’s much preferred over the alternatives when the worst strikes. Many laptops have fingerprint readers – learn how to use them.
Also, set your browser up to delete your history upon closing. Again, you will need to type every address in yourself every time, but it can be an extra layer of security.
5. Relying on Smartphones is not smart
In the rules of communication, email is supposed to be the least urgent method of requesting something slightly above a letter. First is face to face, then phone calls. Therefore if email isn’t that urgent, why do we need a BlackBerry and why do we need constant access to our corporate email?
There are workarounds everywhere, and if something is so urgent you can have a USB modem for your laptop (which you probably do anyway) or have your email connected to a tablet which is harder to lose.
Further, with the increasing use of Messaging software which can be used on smart phones, then email is becoming less important.
A word of warning on Whatsapp – although it looks pretty and is easy to use, you cannot delete your account remotely! This means that if you do lose your phone, there is no easy way of preventing anyone from using it to send messages to your contacts.
I went through a long period with a very basic feature phone. It was rugged, did the job i.e. telephone calls and SMS, and I didn’t really feel a need for more. If you take a smartphone you start to get the itch to try new applications such as Hootsuite, Twitter, Facebook, and then you start synching everything, using OpenID and before you know it, your security is like a plate of spaghetti and for no real productivity benefit.
In my last summer holidays I was accessing my Facebook account from a cyber cafe. Because I had allowed Facebook to act as a gateway to my Yahoo via OpenID, someone was able to hack my email account without my knowledge. Whilst I was happily posting pictures of my trip, someone was sending emails to my friends and family alerting them to my urgent need for $x,000. This is what happens to you when your Yahoo is hacked:
- An email is sent to your entire data base requesting money
- Your contacts list is deleted so you cannot send an immediate response
- They alter your settings so if you send any email to your friends and they reply, their reply goes to the hacker NOT to you (the hacker tends to use the same email ID as yours but put a number in there eg email@example.com)
My advice, if you need to look cool for your clients/manager, get a Vertu or an Aston Martin mobile. Then when asked, explain why you are not using the latest Apple or Google device and reflect in their growing admiration..