Remember the Sony hack? It is the most devastating cyber security breach any big company has faced in the past decade. Sony lost millions of dollars due to the hack, not to mention the devastating blow to the company’s reputation.
The authorities are still investigating the group responsible for the attack. The U.S. government has said the hack was initiated by a North Korea-affiliated group. Regardless, Sony is not getting back what it lost. The U.S.-based studio and the parent corporation in Japan are still recovering from the loss. Sony has become an exemplar of what not to do when securing a system. Here are a number of important lessons the Sony hack teaches other companies:
Secure Your Passwords
The hackers did not execute complicated code to get into some accounts. Once the hackers got into Sony’s system, they managed to locate files containing passwords. In a shockingly amateurish manner, the company’s network managers had stored employee passwords in unprotected word documents titled “passwords”. Really, the hackers had their work done for them. Your business should not be careless in this regard when it comes to corporate password management. Buy software to protect your company passwords. You will not regret it.
Use Two Factor Authentication
Even if the hackers had gotten hold of the passwords somehow, the damage could have been mitigated had Sony taken precautionary means, such as two-factor authentication for employee accounts. The company obviously hadn’t, and the hackers easily walked right in. The company should have at least bothered with extra security for executives’ accounts. The hackers leaked thousands of highly confidential and private e-mails sent and received by the top executives of the company. The leaked e-mails caused a scandal in the media, hurting more than Sony’s stock prices. Your company can protect itself from a disaster like this by using two-factor authentication.
Segment the Network
The Sony hackers got easy access to high-level employees soon after hacking into unsecure low-level employee accounts. There’s a reason for this. Sony has not segmented the network and classified internal documents. Basically, everybody had access to everything. This is another amateur security mistake Sony made. A company’s most sensitive data, like contracts, should be secured in a separate server or network. These files should only be accessible to some. Low-level positions are filled and vacated all the time. So there chances are high that a dissatisfied low-level employee could initiate or provide support to a hack. If this happens, your company should have precautions in place to contain the breach from spreading to all levels of data.
Invest in Security Software
When the Sony hack was being investigated, experts were baffled by the lack of security measures Sony had taken. The network was laid bare to anyone with a computer. Hackers try the simplest methods first to breach a system. The Sony hack was conducted using the most basic hacking tactics even a high schooler could master. Sony had not invested in software, infrastructure or IT personnel to secure its system up to standards. The logic had been that there’s no point in spending 10 million for IT tech to mitigate the loss of one million. Sony was obviously wrong in this regard. Don’t let your company be the next Sony Pictures. Investing in security infrastructure could save your business one day.
Sony could have easily prevented this devastating hack by taking simple security measures. Let Sony be a warning to your company; take steps to make your system safe today.