The recent hacking of Sony Pictures by North Korean activists was probably one of the biggest hacks of recent years – and perhaps of all time. Some of the world’s biggest names were embroiled in the controversy, from Barack Obama, Kim Jong-un and James Bond to Brad Pitt, Seth Rogan and Angelina Jolie.
Previously-unseen movie scripts were leaked, huge films such as Annie and Fury were released on pirate sites and the information of nearly 50,000 Sony employees was shared online.
The sheer size and scale of the hack could lead many businesses to think that it’s not their problem. It’s fair to say that not every business is likely to attract the attention of the North Korean state. But there’s plenty every IT department can learn from the Sony hack:
Lesson #1: Don’t talk sensitively via emailMany of the big ‘stories’ of the Sony hack were centred around Sony’s poor email security: from Angelina Jolie being called a “minimally talented spoiled brat” to messages that detailed how Jennifer Lawrence made less money than her male co-stars.
Why did these stories leak? Because email isn’t a secure platform. By default, information in emails travels in readable text and isn’t encrypted, so it’s easy to steal this information or get it compromised. Any private or potentially valuable information mustn’t be sent over email if you don’t want people seeing it. It needs to be shared over encrypted networks. Which leads us to....
Read more: Encryption: What it is and How You Can Use it
Lesson #2: Insist upon encryptionWhen you encrypt your files, or use a file sharing method that encrypts as standard, you’re ensuring that your files stay private – even if they end up in the wrong hands.
While it’s recommended to send any confidential or valuable files via secure data transfer networks that are protected by PGP or other strong encryption tools, it could be worthwhile ensuring that all information, whether precious or not, is sent using encryption. It’s always best to be safe rather than sorry.
Read more: Why You Need to Encrypt Your Data
Lesson #3:Control who in your organisation sees whatThe best, most secure organisations are those which segment different networks and define which people in an organisation can see what. This is something that Sony didn’t do.
A wiser organisation would have ensured that any communications that detailed, for instance, A-list celebrities took place on specific networks, or that some files could only be seen by a limited number of people.
Lesson #4: Invest in securityDespite being a world-renowned brand, Sony was shockingly lax when it came to security. A leaked file showed that the organisation had just 11 people in its Information Security team.
What’s more, in 2007 Sony’s Executive Director of Information Security said that risking a security breach was a “valid business decision” and wouldn’t invest $10m to avoid an attack that cost $1m.
According to Sony, the breach has only cost the company $15m so far. But some experts anticipate losses could reach $100m – and that’s without considering the reputational damages of both Sony and its affiliated celebrities and companies.
Every business needs to treat security with the necessary respect and invest in proper systems that keep essential files – and a brand’s reputation – intact.
Read more: The Security Challenges Facing 21st Century Business
Find out how Maytech can help your business stay safe. Take a look at our secure data transfer products today.