The News International phone hacking scandal is front page news, a result of its scale and depravity.
In addition to the seriousness of what was perpetrated, what shocked was the nature of the hack. Popular mythology has it that a phone hack requires deep technical expertise, but that was definitely not the case here. What the hackers took advantage of was the simple fact that many people don’t reset their voice mail passwords after signing up for the service. The absence of a password reset means that practically anyone can break in. All you have to do is use the default password issued by the phone company. That is, in fact, what happened in this case: http://www.nytimes.com/2011/07/07/world/europe/07phone.html?_r=2.
It strikes me that celebrities and other newsworthy individuals are not the only ones at risk. There are implications for directors of major corporations as well.
Even if you, as a director, are disciplined enough to secure your voice mail with an effective password, when you leave a message on someone else’s voice mail what guarantee exists that the recipient has done the same? Without a proper password on the part of the recipient, the sender of the voice mail is unknowingly exposed.
How many directors are aware of this risk? It is widely assumed that certain communication media are more secure than others. The phone is considered one of the more secure forms, thought to be virtually immune to breaches. As this episode has highlighted, this is a falsehood. On the other hand, directors have always been aware of the risk surrounding email communication. It is time that they treat voice mail in the same way they treat email – with extreme caution.
Here’s something to consider: if you are a director, and you need to leave a message on a sensitive topic, skip the phone and instead use a system designed and tested for secure communications.