5 Lessons to Take Away From the Sony Cyberattack

(via Wikimedia Commons)

Nearly a month ago, Sony Pictures faced a devastating cyberattack that exposed employees’ personal data, leaked upcoming films, took over company Twitter feeds, and ultimately forced the entertainment giant to shut down its computer systems, leaving employees without email, internet, and voicemail. The attack was committed by a hacker group called Guardians of Peace, who are threatening to release more data if their demands are not met. The attack has been a major interest of news outlets, revealing how much damage a high-profile data breach can inflict on a company’s reputation and business operations. Around 100 terabytes of data, including Social Security numbers, medical information, credit card numbers, and more, were exposed in the hack. Two employees, so far, have filed suit against Sony for failing to properly protect their sensitive information. Sony’s financial fallout is estimated at upwards of $100 million. The Sony attack should be seen as a sobering learning experience and a chance for companies to reflect on their own cybersecurity practices. Here are 5 lessons from the Sony attack that you can use to make your company safer:

1. Encrypt company email.

Encryption is an easy and low-cost way to protect information sent over email. News outlets have thoroughly documented the contents of Sony executives’ unencrypted email inboxes in the aftermath of the attack. Emails contain a wealth of both personal and company information, so their exposure can be devastating for a business. Email encryption scrambles messages in transit, preventing hackers from reading them. Gpg4win is a free, open-source email encryption solution for Windows, and GPGTools is a free Mac solution. Paid solutions with additional features are also available from various companies.

2. Encrypt your drives.

Thousands of Sony employees’ Social Security numbers and other personal data were exposed in the attack. To protect your employees and customers, make sure human resource data and client data files, as well as any other sensitive files, are encrypted. BitLocker for Windows, and FileVault for Mac, provide full-disk encryption to keep intruders out of your files.

3. Educate employees about cybersecurity.

People are often the weakest link in a company’s security, as hackers use techniques like phishing to gain access to a company’s network without advanced technical tools. Cybersecurity training is a smart defensive move to prevent hackers from taking advantage of your employees.

4. Conduct penetration tests so you know if your system is vulnerable before a hacker does.

Get a leg up on hackers by hiring LMG to conduct a penetration test on your systems. With a penetration test, you will be able to identify any vulnerabilities in your network before hackers do. LMG will provide you with a detailed report of our findings including a prioritized list of recommendations, so you can address any problems before they give hackers a gateway into your network.

5. Have a cyberattack response and recovery plan in place.

Ultimately, the sad reality is that even the best cybersecurity defense measures can fail. For instance, JPMorgan, a major cybersecurity spender in an industry known to have better security than most, was still vulnerable at the hands of a targeted attack. Take all the defensive measures you can, but just as importantly, create a cyberattack response and recovery plan so you can get back on your feet in the event of an attack. By documenting a plan in advance, you will be able to respond promptly to your customers and the media, and get your employees back to business as quickly as possible.

As details of the Sony attack continue to emerge, consider how your company can improve its cybersecurity protocol.