The Privacy Lawyer: Combat Cyberwarfare - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

04:23 PM

The Privacy Lawyer: Combat Cyberwarfare

To stop attacks against your company, have in place a plan before you're a victim.

When I was a little girl, Peter Pan (the one with Mary Martin) aired on television once a year. We would all sit there, on the floor, in our footed pajamas waiting for the good part: when we were asked for our help and given the power over life and death. At the point when Tinkerbell swallowed the poison meant for Peter and flickered, dying, children from everywhere were asked to clap if they "believed." And inspired by all the young children's clapping, she became stronger and survived. For my generation, it was the first demonstration of the power of the people.

People today have a different format for making a difference. Using the Internet, they can show their support for missions, people, and campaigns by blogging, redirecting traffic and search engine rankings, or engaging in "hacktivism" and shutting down child porn, fraud, and the Web sites of people and companies they oppose. Unfortunately, with the Internet as a soapbox, the potential for doing evil is as great as the potential for doing good. Angry, frustrated, and naive people--as well as those who may be misled by others acting out of greed, ego, and vindictiveness--can use their Net-power to do harm. Individuals may send hateful anonymous E-mails; launch IM, E-mail, text-messaging, denial-of-service, and spam campaign attacks; destroy or deface Web sites; or create Web sites that bash and threaten companies and individuals. They can even get others to join their cause; unfortunately, many people click before thinking and become the unwitting tools of another. In this "bizarro world," this blind support often means destruction, not inspiration. It often can destroy Tinkerbell's life, not save it.

These attacks are called cyberwarfare, cybersmear campaigns, or cyberbashing. They can be malicious and hateful. The instigators of such attacks are usually motivated by something personal, not for financial gain. They may have been fired, or denied a raise. They may feel that they are righting wrongs against them or others they want to protect. Perhaps they are jealous, or a rejected lover. Sometimes they're looking for media or other attention or trying to exert power or control over another. They may even be mentally unbalanced. Many of the people who launch such attacks are looking to feed their egos, humiliate their victims, and enjoy their roles as intimidators.

These attacks can affect stock prices, or get in the way of an important business deal. They can cost people their jobs and even their careers. They may be as impersonal as falsely accusing the company of a crime. Or they can be as personal as claims that the CEO is a child molester. These campaigns have several victims, not just the target. Those being misguided into supporting the attacks are victims. They may be criminally prosecuted or sued for their actions. They may lose their jobs or ISP accounts. The hosting companies of the sites being attacked also are victims, with other sites and services provided by that hosting company often being disrupted or destroyed in the attacks. And the employees and stockholders of the target company, and the family members and loved ones of the people being targeted, are victims as well.

But, obviously, the company or person being targeted is hurt the most--often irreparably.

So, what can you do if you or your company is being victimized by one of these attacks? How do you stop it, avoid unnecessary hemorrhaging, and get the correct word out? Can you survive it long enough to get a handle on it? The answer depends on how you are being bashed, why, and who you are. The wrong move can help boost the profile of the basher and his message. The right one can help bring things back under control. Knowing the difference often requires the help of professionals.

No one is safe from these kinds of attacks, so careful planning to combat them is crucial. You need to be able to compile a team to help deal with the different aspects of the bashing. The team must include technology experts, security, human resources, legal pros, and, most important, a well-informed public-relations expert. If your company employs a separate media relations person, he or she needs to be included as well. The team needs to be prepared to act quickly if necessary; they must be familiar with places where information about your company is normally sourced online, and be able to deploy your own information broadcast resources. They must know how to reach the decision makers within the company, as well as investor groups and analysts. Contact information should be circulated, including off-hours contact information. Any delay in the early crucial hours of a cyberattack can cost a company and individual dearly.

Policies should be implemented in advance of becoming a victim. They should include policies relating to confidential or proprietary information, passing rumors, cyberharassment, and trade secrets. It's also helpful that they include a prohibition (to the extent permitted by law) of public statements or passing rumors about, or attacking the reputations of the company or its executives and board members, as well as a reporting method for valid complaints about these people, and the penalties for violation of that policy. Good monitoring software should be deployed to help avoid security breaches. Monitoring polices should be implemented, with the employees warned that their cybercommunications are being monitored, and preferably signed and acknowledged in advance of a problem by the employee. Trained supervisors should review the logs generated by the monitoring software in accordance with the monitoring policy, with an aim of protecting both the privacy of the employee while also protecting the reputation and legal rights of the employer. A clear chain of communication should be set out, so that employees and the supervisors can report policy violations and get a quick response. And anonymous reporting options can be very helpful in getting early reports of cyberbashing campaigns, when the reporting employee isn't willing to be identified.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 3
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Future IT Teams Will Include More Non-Traditional Members
Lisa Morgan, Freelance Writer,  4/1/2020
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll