Some companies go to a lot of trouble trying to keep their intellectual property and corporate secrets safe. Naturally, they're on the lookout for corporate spies and extortion-minded cyberthieves, as well as insiders turned Benedict Arnolds. Few of them, though, give much thought to employees who unintentionally leak sensitive data. The problem is that the ways of doing that just keep growing, and most people are blissfully unaware of the dangers.
Social media has become a big part of this problem. Here's an example. You would be amazed how many corporate coders are apt to include in their LinkedIn profiles deeply detailed accounts of things like disasters they helped avert at their company. Say that a programmer helped fix a deeply flawed database implementation. It wouldn't be unusual for him to go on LinkedIn and name specific vendor products used and provide lots of specifics about how bad the problem was and how he helped craft a nontraditional fix. The coder's intent is to tout his own creativity and resourcefulness. But one result is that a lot of information that his employer would prefer to keep quiet is visible to just about anyone. And there are people who will go looking for that sort of thing, including competitors, financial analysts and reporters.
But there are subtler ways to give away information without ever suspecting that you had done so. Let's say that you and some co-workers take a business trip together. When you go out to dinner one night, one of you posts a photo of your smiling faces to Facebook or Instagram. It all looks like innocent fun. And it would be, except that the photo probably carries geotag information that can tell anyone who cares to know your precise location. If the point of the trip is to save the relationship with your company's biggest customer, a rival might be able to make something out of repeated trips to that customer's locale. If you're visiting a company that is being confidentially considered for acquisition, that geotagged photo could tip your hand.
One employer that takes the dangers of geotagging seriously is the U.S. Army. It has instructed personnel to always disable geotagging. For the military, of course, this amounts to a matter of life or death. A geotagged photo could broadcast the exact location of a unit. And it's not just a hypothetical danger. Steve Warren, deputy G2 for the Maneuver Center of Excellence, is quoted on the Army's website regarding an event that occurred in 2007: "When a new fleet of helicopters arrived with an aviation unit at a base in Iraq, some Soldiers took pictures on the flightline. From the photos that were uploaded to the Internet, the enemy was able to determine the exact location of the helicopters inside the compound and conduct a mortar attack, destroying four of the AH-64 Apaches."
Sign up for CIO Asia eNewsletters.