Be careful what you wish for

We’ve all been there. 4.30pm on a Friday; it’s been a hectic week; and now you’ve got to write another intranet story about a new company policy.

Much as we love to write positive, thought-provoking articles that leap off the page or screen and delight our readers, the reality is that much of what we communicate can be fairly routine – or just simply bad news.

But should we be careful what we wish for?

IC departments at HMRC, TJX, the Cabinet Office and Citigroup must look back with a wistful, nostalgic air at what they may consider to be a simpler time when charity events and CEO messages were the highlight of their day. You can almost imagine that periods of time are no longer split into BC and AD, but BB and AB: Before Breach and After Breach.

This is because these four organisations have suffered some of the biggest information security breaches in history, resulting in fines of millions and massive reputational damage.

But hang on – “why is it our problem?” I hear my fellow communicators cry. Simple: because we have to deal with the fall out.

When HMRC lost the data of 15,000 people after a hapless employee put a disc containing classified information in the post, it provoked a public outcry and widespread negative media coverage. Hardly a morale booster. In fact, I would be willing to bet not many people would have admitted to working for HMRC in 2007.

But this paled in comparison to Citigroup’s incident: the international finance conglomerate admitted that a cardboard box containing computer tapes with personal information on 3.9 million customers was lost by UPS.

As you can see, these are far from minor indiscretions.

But why worry about something that hasn’t happened to your company and may never happen? Again, it’s simple: because if it does, the consequences to you and your team can be spectacular.

Watch in amazement as projects you have been working hard on for months are wiped off the agenda in place of crisis management communications; job losses are mentioned in conjunction with the huge fines incurred; and new policies and procedures are introduced at warp speed — all of which need communicating, of course.

Quite a picture I’ve painted for you. So what am I really getting at? Ultimately it is that we shouldn’t be resting on our laurels: we need to be proactive and open our eyes to the threats all around us. We all talk to our peers about redundancies, budgets, and new technologies. But maybe it’s time security made it into our conversations and into our communications.

Something to think about.