What the Sony Hack Has Taught Companies About Security
Reach Laura @BizReviewAu
The breach of Sony Pictures Entertainment’s security in November is proving to be far more prolific than anyone—especially at Sony—could imagine. Besides the gossipy bits (there is no way Leonardo DiCaprio could be “despicable”, thank you very much) a lot of important, serious information was released to the public and could have far-reaching ramifications for years to come. Information security is no joke, especially when personal information, more along the lines of US Social Security numbers than how the CEO felt about Angelina Jolie, is on the line.
Contracts, termination dates, termination reasons, salaries, home addresses and contact information for the stars made it onto file-sharing networks. The downfall? Information was stored in Microsoft Excel files without password protection. This should be a huge red flag for any company that stores customer and employee information on computers that are connected to the Internet—basically, all computers.
"This is a common theme of corporations today," Todd Feinman, Identity Finder CEO shared with CNET. "They think they are protected by firewalls and perimeter security, but the border is becoming blurred, and attacks get through."
Read related articles on Business Review Australia:
Three Reasons Why Cyber Security Should Be A Priority For Company Directors
Why Information Security Departments Are Under-Resourced
[Infographic] The History Of Email: From M.I.T. to 1bn Gmail Accounts
To make matters worse, multiple copies of data were found, meaning the Excel spreadsheets were saved more times than necessary, and dramatically increased the security risk of the company.
"When you have multiple copies of this data, you are giving hackers multiple opportunities to steal sensitive information when they get through," he said. "If Sony had reduced its sensitive data footprint by reducing the number of copies of data and reducing the number of employees with access to the data, we would have seen zero or only one file."
Although nothing is guaranteed safe as the border continues to be “blurred”, there are several ways to make it harder for potential hackers to get into your system. Perhaps the most basic lesson: Don’t store passwords in the same places as your password protected documents. Consider investing in password managing software or apps, and keep these databases on machines separate from ones containing the documents or programs that need the password. Another separation tip: keep financial and healthcare documents separate from other data.
If you still think these few tips aren’t enough, don’t hesitate to invest in security upfront. Sony will spend a hell of a lot more money at this stage of the game to clean up the mess than the company ever would have if they had paid for tighter security upfront.