With the focus on the confidential content of electronic conversations, these assaults are now much more personal than ever before. This ought to give us reason to learn some pertinent lessons.
First Lesson - No organization is safe
Despite the high-profile and large-scale nature of this recent hacking incident, there is still the wide-spread attitude among organizations that this won’t happen to them, that they are somehow excluded or safe from similar breaches. These careless attitudes are particularly widespread among American corporations. No longer - the Sony hack has sounded a cloud and clear alarm with widespread reverberations.
Sony is not alone though with this apparent easy-going and casual attitude towards data security; experts observe the same negligent approaches in many other organizations, where many that display exactly the same type of security issues which lead to the Sony breach. The imminent danger is that copycat hackers will attack exactly the same security holes that already compromised Sony. Every day, employees send and receive confidential and potentially delicate or strategic corporate knowledge , data or commentary via emails or other forms of exchange without the required encryptions and other security measures.
Second Lesson – Humans prefer things to be simple and easy
It’s an important fact that data security ought to be simple and straight-forward. The ubiquity and pervasiveness of email, SMS and the likes for our everyday communication needs means we often neglect even the most rudimentary security measures and practices… it ought to be obvious that passwords or credit card numbers must never be shared via unencrypted emails…and yet many of us still do. Despite most of us understanding the real risks of such practices, we ignore this knowledge especially when acting prudently and safely requires us to jump through too many hoops. It’s human nature to make every day repetitive tasks as simple and pain free as possible.
Because of this ‘sloth’-like aspect of our nature, the user-friendliness of data security must be an imperative for the organization’s security experts. Data security provisions and processes ought to be easily integrated into people’s workflows and never make their work more difficult.
Third Lesson – Build shortlivedness into the system
The shortlivedness, or ‘ephemerality’, of messages is something that has long been embraced by technology-trendsetting teenagers, as always in recognition of trends and possibilities before these take off among other members of society. Adopting this aspect into our communication protocols will provide significant security advantages. Essentially, communications that self-destruct mean that there is less information for hackers to pilfer. This in turn also reduces an organizations exposure to risk and liability.
In a world where people bring their own devices, communications and exchanges should not exist longer than absolutely required. The lesson that shortlivedness isn’t simply a marginal feature but an essential security requirement is now making the rounds since the Sony hack. Why? Because what doesn’t exist cannot be stolen.
Forth Lesson - Emails must be secured and backed up
One of the initial serious consequences of the Sony breach was that Sony staff were left without email access…for days! This meant employees had to resort to telephoning and faxing to communicate. In this day and age it should never happen that electronic communication becomes impossible only because emails go down. IT departments need to offer another way to communicate electronically.
Additionally, even an email message that is intercepted and stolen by a hacker does not necessarily mean its contents can be read or used by a third party. This is what encryption is for, and companies should secure all important email messages through modern encryption technologies.
We are confronting some challenging facts in this modern day and age. With the click of a button a company’s success or individual’s career can be ruined. Using electronic communication in the 21st century context means we are connected in ever more ways, and this creates both new risks and opportunities. The risks cannot be ignored, but they can be managed and neutralized, so that the organization, its employees and its knowledge are always safeguarded. Safe work practices must be made easy to follow so that employee behaviors adapt to security needs. The hackers have learned from the Sony incident how easily great havoc can be wrought…so companies need to learn the lessons as well. Without doing so, the inevitable next hack could well make your company the victim.
Read more about SoftControl’s solutions for secure network and IT.