3 Lessons From Sony Pictures Cautionary Tale
It seems like as each day passes, another embarrassment unfolds in the Sony Pictures security breach saga -- from unflattering internal discussions to Sony’s ill-advised DDoS counter offensive against the sites leaking their data.
But more than just a PR disaster, the headlines spell out a cautionary tale for any business with sensitive data and high-value intellectual property. While the cost of the Sony hack has yet to be assessed, experts predict losses of up to $100 million resulting from the leak of personal financial info, unreleased movies and more.
The burning question on any business owner’s mind is: Could Sony have prevented this? Here are three key takeaways from the Sony hack, and what you can do to avoid these mistakes.
1. The risk of a data breach is bigger than you think.
In terms of probability and losses, the risk of a data breach is huge. If investing in security doesn’t provide a visible enough return to convince your chief financial officer, just look to the statistics: in the past year, 43 percent of companies have experienced a data breach. While the likelihood that you’ll get hacked is high, what makes or breaks your business is its ability to respond.
Unfortunately, Jason Spaltro, Sony senior vice president of information security, didn’t get that memo: “It’s a valid business decision to accept the risk. I will not invest $10 million to avoid a possible $1 million loss." Once he receives the final tally of damages from the Sony hack, he’ll likely revisit that ratio.
2. Behave yourself in your emails.
One of the biggest embarrassments from the Sony hack has been the leak of several unsavory emails, some of which may cost executive Amy Pascal her job. Racially insensitive comments about the president and declarations that Angelina Jolie is a “spoiled brat” count among her most egregious faux pas. Sony has hired attorney David Boies to try to put the lid on the leaked emails, but now that they’re out in the wild, there are no take-backs.
Most of us know better than to let our unscripted thoughts fly in business emails, but most of us also don’t expect our emails to show up on Gawker. If, by chance, you need a reminder to keep it classy, the Sony hack is a powerful example.
3. Use email encryption.
An email hack can cost you more than your reputation. Consider the sensitive data you send via email, from your business’s financials to important intellectual property. Encryption adds a layer of protection to your data by making it unintelligible to anyone who doesn’t have the decryption key. Even if a hacker manages to steal your data, without the key, they can’t do anything with it. End-to-end email encryption not only helps protect against data leaks, but also keeps your Angelina Jolie disses hush.
As the Sony hack continues to prove, with cyber crime, more than money is at stake -- besides the PR catastrophe, the threat to some jobs and leaks of unreleased films and other IP, employees and their families have had their medical data exposed and are receiving personal threats.
While the loss is staggering, one thing is clear: much of this could have been prevented. By adequately investing in data security and encrypting sensitive files and emails, Sony might have avoided much of the fallout from this data breach.
You never know where something you send could show up. Once you hit send, it's out of your control, right? Wrong. There are new technologies available that give email users back control over how their messages are viewed and shared online. These tools (such as Virtru) provide email users with easy to install, and use, end-to-end encryption and unique privacy controls such as the ability to revoke a message after it’s been sent, restrict forwarding and set expiry for sensitive emails to auto-delete.
The hard truth is that sending an email is like sending a postcard -- the message is there for virtually anyone to see and use. If you’re an email user who has mistakenly sent an email to the wrong person or wants to ensure your private information remains private and confidential, an extra layer of protection is needed. Just ask Sony.
Related: Make Hacking Harder (Infographic)