The recent Sony hack is yet another reminder that our digital communications, whether conducted over desktop or mobile devices, can be easily compromised. And it’s not just our passwords and social security numbers that are at risk. Private electronic conversations that require context and an intimate understanding of the persons involved are being used to damage the reputations of individuals as well as companies. This attack has become much more personal than we’ve seen in the past, and there are many important lessons for enterprises to learn from it.
Lesson 1: This could happen to any organization
Even in the midst of such a large, high-profile security breach many think, “That would never happen here. I have nothing to worry about.” This thinking is prevalent across corporate America. However, the Sony hack has provided a big wakeup call. Sony’s seemingly lax approach to data security is not unique, though. I have encountered many companies on a regular basis with the same security holes that doomed Sony, and unfortunately, what’s happening with Sony will likely open the floodgates for hackers to exploit the same weaknesses elsewhere. Every day, employees exchange sensitive corporate information and strategies through unencrypted email and other unsecure forms of internal communication. Sony is not alone.
Lesson 2: People are lazy
Data security is better when made simple. Everyone is so reliant on unencrypted email and SMS for daily communication that they often disregard basic security practices, like not sharing passwords or credit card numbers over these channels. Although one might be fully cognizant of the risks, if sending something securely requires too many extra steps, he or she will likely take their chances with standard email and SMS. People want to get their jobs done as quickly and seamlessly as possible.
To put it bluntly — people are lazy. Because of this, ease of use needs to be top of mind for corporate IT when it comes to security. Security protocols shouldn’t make it harder for people to do their jobs.
Lesson 3: There is a need for ephemerality in the enterprise
Message ephemerality has been adopted in droves by teens who already comprehend shifts in technology trends ahead of the rest of the population. Nevertheless, ephemeral communication in the enterprise will prevail because of the security benefits alone. Fundamentally, self-destructing messages provide less information to steal, which in turn limits corporate liability.
Messages shouldn’t live longer than necessary in a BYOD (bring-your-own-device) world. Since the Sony hack, there is now more recognition across the board that ephemerality isn’t simply a “nice-to-have” functionality anymore. After all, you can’t hack what isn’t there.
Lesson 4: Corporate email needs a backup
When the Sony breach first took place, employees were left without access to email for days, forcing them to communicate by phone and share information through faxes. Companies shouldn’t ever find themselves in a situation where they don’t have the means to communicate electronically because email went down. They need a backup way to communicate.
At the end of the day, we are confronting a brave new world. Someone’s career or tangible enterprise value can be destroyed in a keystroke. We are more connected that ever, and as a result more vulnerable. Companies must keep moving forward and take the steps necessary to ensure protection of their organization and employees. They must also make it easier for employees to abide by essential security protocols. The reality is, the Sony hack has demonstrated an increased incentive for hackers knowing what damage can be wrought so quickly. It will happen again, but you don’t have to let it happen to you.
Brad Brooks is the founder and CEO of TigerText, a secure workplace texting solution. He is also the cofounder of Whisper, an anonymous social app that lets people share confessions and secrets.