As CIO, we are aware of the importance of information technology and all of the threats that our firms are facing on an almost daily basis. We spend a lot of our time (and our budgets) trying very hard to protect our networks and our applications. However, it turns out that perhaps one of the biggest threats that we may be facing has nothing to do with our networks and instead has everything to do with the people who work for our firm. This new threat has its own name: doxing.
What Is Doxing?
The new challenge that the person with the CIO job is learning to deal with is the very real threat that hackers will somehow get their hands on personal emails and attempt to use them to embarrass employees or damage the firm’s reputation. This hacking technique is called doxing. Doxing is exactly what happened to Sony Pictures Company when their internal emails in which senior management discussions about actors and actresses were leaked to the public.
Doxing has also targeted famous individuals. Secretary of State Colin Powell had his emails stolen and then leaked to the press. Additionally, the chairwoman of the Democratic Party, Debbie Wasserman Schultz had the same thing happen to her. Business leaders have always been aware that in the case of a lawsuit, there was the possibility that their emails could get dragged into court. However, this rash of stolen emails has opened up a new way that private emails can end up in the public eye.
The arrival of doxing has started to cause a change in end user’s behavior. What is happening is that users are starting to send fewer emails. The emails that they do send tend to be shorter and contain less information. Doxing is not something that is new. It has been around for several decades. When it was first used, it was intended to be used as a revenge tactic between warring factions of hackers. Roughly about 10 years ago the technique was adopted by the hacking group Anonymous and since then it has become a tool that is being used by Russian hackers.
What Can CIOs Do About Doxing?
As the person in the CIO position, we may wish that doxing is just a fad – perhaps hackers will become bored with it and move on. Unfortunately, this is not the case. The experts all agree that doxing is here to stay. The reason is that our emails tend to provide so much interesting information that it is almost impossible for the bad guys to keep their hands off of it.
We all understand that the leaking of emails can cause an employee’s career to be derailed. The people who have looked into such things recommend that we change how we write our emails. They say that our emails should become bland. What your employees are going to want to keep in mind is that they don’t necessarily want their entire personality to come across in the emails that they are writing.
The very existence of doxing should cause everyone in the firm to be more cautious when it comes to sending emails. It turns out that the email systems that most of us are using are particularly vulnerable to attack by hackers. These systems may have been originally developed up to 35 years ago. When they were built, the world was a different place and security was not baked into their design from the beginning. This means that the people at your firm are putting some of their most valuable data into a system that was never designed to protect it.
What All Of This Means For You
As the CIO for your firm, it is your responsibility to establish security for all of the company’s digital assets. This includes such things as the network and the various applications that the company uses. However, there is one area where providing security can be very difficult to do: email.
In the past few years, hackers have been breaking into companies, stealing personal emails, and then releasing the emails to the public. This tactic is called doxing. Depending on the content of the emails that are released, an event like this can be very damaging. Companies, such as Sony, have been targeted as well as people, such as Colin Powell. People are starting to change how they use email because of the arrival of doxing – more people are using email less. Unfortunately, doxing appears to be here to stay. What this means for CIOs is that we need to work with the firm’s employees in order to help them protect themselves. They need to limit what they say in emails and they need to understand that email systems will never be totaly secure.
CIOs need to work hard to protect and secure the firm’s email systems. However, we also have to understand that we may not be able to keep all of the firm’s emails out of the hands of determined hackers. What this means is that we also need to educate the company’s employees about the risks and have them change how they use the company’s email system.
– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™
Question For You: If a hacker gets ahold of some of your company’s emails, how quickly do you think that you should inform people?
Click here to get automatic updates when The Accidental Successful CIO Blog is updated.
P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!
What We’ll Be Talking About Next Time
What does it take to be a successful CIO? The answer, of course, is that it takes a lot of different things. Most importantly you need to become good at selling both yourself and the importance of information technology to others. Another way of saying this is that you need to be good at persuading people. We’re not talking about finding ways to either pressure or manipulate people. Rather you just have a way of getting them to want to do what you need them to do. How can the person with the CIO job boost their ability to be persuasive?