Since it planned to release The Interview, a movie that depicted an assassination attempt on the leader of North Korea, Sony has been the target of a series of hacker attacks by a group calling themselves the Guardians of Peace. Here are some of the lessons your business might learn from the fallout, even if you’re not a major Hollywood studio:
- Don’t store private customer and employee information on unencrypted storage. A report on Gawker shows that Sony tracked where personal information was and wasn’t encrypted in a 2011 file. Almost all of the records catalogued were not encrypted, meaning that if they were to be stolen, the information would be totally exposed. Practicing encryption on your critical storage will help foil hackers even if they do manage to steal your data – because they won’t be able to make sense of it without cracking the encryption.
- Don’t store your passwords in a document labelled “passwords” which Sony apparently did. If social media passwords must be shared between employees, consider sending around an old-fashioned paper memo. That’s not always practical, but if it has to go online, make sure it is shared with as few people as possible and consider carefully how you label that document.
- Don’t hide a breach from those affected. Sony has been hiding a server breach since February, when it could have been informing affected parties that their information was exposed. To mitigate the fallout, make sure to inform of a breach so individuals and businesses that are exposed can make moves to protect themselves.