Posted 01-12-2014

It sounds like a movie plot: In late November, 2014 cybercriminals (perhaps sponsored by a secretive foreign nation) hacked into Sony Pictures’ computer systems, paralyzed the entertainment giant’s operations, and stole 100 terabytes of internal information. Then, the hackers began to release their finds to the press and the internet community, including personal, financial, and medical information about Sony employees and their families, e-mails between employees, company financial data, copies of unreleased Sony films, and more.
The losses to Sony have been staggering, starting with the cancellation of a major movie release (later rescheduled and scaled back), a class action by current and former employees angered by the disclosure of their Social Security numbers and other personal information, and the disclosure of many emails that the writers now sorely regret. Among the embarrassing revelations in the hacked emails are Hitler jokes, racial comments about President Obama’s presumed movie choices, and trash talk about Sony’s own movies, as well as film stars, directors, producers, and Hollywood personalities.
There are a number of lessons we can all learn from Sony’s experience:

  1. Take internet security seriously. Encrypt your sensitive data. If Sony employees had done this, it would have been a lot harder for hackers and journalists to reveal so much information that Sony wanted to keep confidential.
  2. Don’t store your passwords in a computer file called “Password”! There were close to 150 such files at Sony, chock-full of usernames and passwords. Also, don’t e-mail passwords, which is what the Sony CEO’s staff did when their boss needed a reminder.
  3. Remember that email=evidence, and think before you hit “send”. You really have to assume that anything you put in email might end up in the hands of your boss, the press, or your company’s competitors. Or Congress, as a Goldman Sachs manager found to his discomfort when he was cross-examined in a 2010 Senate hearing about an email discussing the “sh***y deal” his employer had recommended to clients. Or a prosecutor, like the one investigating whether as aides to NJ Governor Chris Christie broke federal laws when they sent emails calling for the rush-hour closure of lanes on the world’s busiest motor vehicle bridge, thereby causing a massive traffic snarl, in apparent political retribution against a Democratic mayor who did not endorse Christie’s reelection bid.

What this means to you:
E-mail, instant messaging, social networks, and blogs can be a gold mine—or a land mine! They make your business more productive, and more liable for lawsuits.

Information here is correct at the time it is posted. Case decisions cited here may be reversed. Please do not rely on this information without consulting an attorney first.