The massive cyberattack against Sony Pictures Entertainment that resulted in thousands of employees’ emails and personal data being posted online may have been the work of expert hackers with North Korean support—but that doesn’t mean we can’t all learn something from the incident.
Reporting around the Sony hack revealed the company and its employees did little to keep passwords and other sensitive data secure. Here are four things we can all learn about data security from the Sony hack.
Never open suspicious links
While some reports suggest the Sony hackers had inside help, it’s just as likely they accessed Sony’s systems after a hapless employee clicked a suspicious link in what’s called a “phishing” email. Those emails increasingly target specific employees with very personal messages that make it look like they’re from somebody you trust, but clicking the links they contain can result in malware hitting your computer, infecting your company’s network and leaving it vulnerable.
Learn more about phishing emails and how to detect them on this helpful Microsoft site.
Don’t email your passwords
Sony Pictures CEO Michael Lynton’s assistants emailed him unencrypted reminders of his passwords for email, banking and online shopping accounts, according to the Associated Press. How does the AP know that? Because those emails were leaked by the Sony hackers along with troves of other data, exposing Lynton to a serious personal security problem. All a hacker with Lynton’s emails had to do was search the cache for “password,” and voila, tons of access credentials.
Encrypt your most sensitive data
Every business has sensitive files, like contracts or employees’ medical information. Encryption basically makes files look like a jumbled mess to anyone who doesn’t have the right decoding software, meaning it would have made it much harder for hackers and journalists to get anything useful from Sony’s documents.
Most people don’t go the extra mile and encrypt their private files, but the Sony hack shows we really ought to do that. Lifehacker has a good list of encryption tools here, though top tech companies have increasingly been making encryption the default, especially on mobile devices.
Make sure you’ve got an ace security team
This tip is more for corporate executives than rank-and-file employees, but it’s crucial that your company’s IT team is up to snuff. Sony Pictures CFO David C. Hendler complained about the company’s poor security policies as recently as October, according to emails leaked in the hack. The Sony hack would have caught many companies flat-footed, but having better security and IT practices might have helped Sony ward off the worst of it—and rebuilding after a hack is far harder and costlier than deflecting one to begin with.