Bang the Table

As some of you may be aware, Bang the Table was subject to intense interest from the NSW media over recent weeks. This followed a security lapse that allowed the early release of elements of the NSW Metro Transport plan.

Given there has been a lot of interest in this event, we have taken the time to answer some of the questions here for the benefit of our clients and partners.

What was the security issue?

The security concerns discussed in the media were essentially two fold;

1. The site was subjected to what we believe was an automated attack on the evening of 18th of February; including 488 hits in a two minute period from a single IP. At no time has Bang the Table accused anyone of responsibility for this – we have no idea who it was. This attack was not the cause of the security breach although is currently under investigation by the NSW Police Force to determine if there has been any criminal behaviour.
2. Shortly after 6pm on the same evening a member of our team removed one of two levels of site security to upgrade the software. The security level was not reinstated as it should have been. Unfortunately, while the site was in this partially unprotected mode internal pages could be accessed via direct URL; we do not suggest that this level of protection provided adequate security and Bang The Table has subsequently implemented new security measures which will avoid future such instances across its EngagementHQ platform in the future.

By the time the lapse was noticed and security reinstated the following day, someone had tipped off journalists at the Sydney Morning Herald with a URL that gained direct access to a limited amount of content.

Whose fault was it?

Robust security is about both sound technology and ensuring adequate processes. Projects of this type are highly collaborative in nature and they require fail proof processes to ensure they are appropriate for a wide range of operational scenarios. We have learnt valuable lessons from this experience, into which we will go into in more detail on this blog at a later date.

We take the view that the error was the result of a failure of systems as a result of our very rapid growth and was not the fault of any one person. We have undertaken a comprehensive audit of our processes and have refined our security procedures. We have included more detail in this document about the exact steps we have taken.

What content could be accessed from this breach?

• At no time were any areas of the site containing user details accessed. Account holder anonymity and privacy was maintained at all times.
• At no time was the Content Management System accessed. The unauthorised visitor had “read only” access to the site. They did not have the ability to upload, or change any content on the site.
• At no time was the security of the locked landing page breached. We can be confident that the level of protection provided by the current password system on this page is adequate to deter unauthorised visitors.

What have you done to ensure that this situation does not happen again?

• All currently protected sites have been reviewed to ensure their security.
• We have tightened operating procedures to re-emphasise security checks as part of all software upgrades. The password barrier will now be automatically reinstated after upgrades.
• We have added an optional password barrier so new sites can have two levels of password security prior to their launch. The new “outer shell” security level will provide complete protection for the branding on your new site until you are ready to launch.
• For new sites, clients with sensitive material will be given a proxy site with an “un- searchable” URL to load material to. The site will then be linked to your project URL just prior to launch on your instructions.

Why haven’t you spoken out on the issue?

We did issue a single statement to media which can be found here.

While this issue has been exceptionally high profile, it was imperative that we afforded our client, in this case the NSW Department of Transport the same confidentiality and considerations that we offer all of our clients. Inevitably each party’s understanding of events will differ, however we are committed to maintaining client confidence and maintaining a professional, and considerate position despite the intensity of the publicity. We believe this is something that all of our clients can take comfort in.

Did you accuse the SMH journalists of hacking into the site?

No, we did not at any time do this. An article in the Sydney Morning Herald on Friday 26 February best sums up our response in regards to this question.

Do you have any limitation from working with the NSW or other state governments in the future?

Not that we are aware of. There is no doubt that the intense and confusing public dialogue about these matters over recent weeks has resulted in some wariness within some government departments. That being said, we have also received huge support from past and present clients from within the government sector.

Our credentials in this area are unparalleled in Australia and we will continue our work on a wide range of projects within both the public and private sector.

There was an allegation that the directors of Bang The Table are politically affiliated – is this true?

No, it isn’t. Neither Matthew Crozier nor Crispin Butteriss belong, or have belonged to a political party or are politically aligned. Both have spent time working in the public sector however, and the insights gained throughout their time in Government have informed the Bang the Table solutions so that they are ideally suited to facilitating public debate within our community.

Are you abandoning the Bang The Table business, or name?

No, we will do neither. Integrity is the cornerstone of the Bang the Table brand, and there is no denying that the recent activity has been damaging to our business name.

However we believe that our reputation for providing online community engagement services is strong enough to move beyond recent events.

Our business spans across the public and private sector, and includes projects in five Australian states, as well as Canada and New Zealand. We are the leaders in our sector and we believe the quality and the consistency of our work to date counts for a great deal. We have also received great support from our clients and partners who fully support this business moving forward.

We have implemented plans that resulted from our security process audit and plan to move forward stronger than ever.

And a word from the directors

We will never shirk from the mistakes we made on this occasion and we have embarked on a steep and valuable learning curve since the events of February 18.

We also think it’s important to take a moment and provide some context. Bang The Table has worked with over 80 clients across Australia, Canada and New Zealand. We employ a team of seven and have partners across the country. Since we began operations we have provided the forum for over 180 projects involving roughly 140,000 members of the community. Businesses will always encounter challenges, and some will be more high profile than others. We don’t believe that this particular challenge should, or will eclipse the terrific work our team has done over the years.

Thank You

Thank you to all of you who have contacted us with messages of support. We have been delighted, surprised and emotional at the messages that have come in from friends, colleagues, clients and sometimes from people we have never met, offering moral support and a vote of confidence.

Bang the Table’s mission is to improve the quality of public debate and level of community involvement in public life. We know our service is valued and is necessary to get more people involved in the decisions that affect their lives. We remain focused on that goal.

This work by Bang the Table Pty Ltd is licensed under a Creative Commons Attribution 3.0 Australia License.

This entry was posted in Online Community Engagement. Bookmark the permalink. Follow any comments here with the RSS feed for this post.