Days before Thanksgiving, Sony Entertainment became the latest corporate victim of a wide-scale cyber attack. An organized group known as the “Guardians of Peace” allegedly orchestrated the hack, stealing thousands of files detailing everything from Sony’s internal politics and sensitive employee health information to celebrity salaries.
Unlike many of the recent high-profile data breaches, however, the majority of Sony’s leaked intel came from thousands of emails.
Early reports about the technical aspects of the Sony hack concede that there’s little the organization could’ve done to prevent such a massive, well-planned assault. But at the same time, there’s something to be said for companies’ increasing reliance on email—especially if it puts their reputations and legal standing at risk.
The medium is the message.
For most employees today, email is a requisite tool for all forms of internal and external company communication. In fact, according to the Email Statistics Report by Radicati Group, global emails sent per day will surpass 200 billion by 2016 and business emails sent per day will reach 132 billion by 2017.
Emails Sent per Day (billions)
With more professionals working outside of the physical office, and a study by Cisco predicteing the device to employee ratio will be 3:1 in 2014, email has trumped traditional calls and desk-side conversations. Despite email’s efficiency, it’s not always the right platform for every business situation.
Office politics and the crossfire it breeds aren’t a new phenomenon, but the advent of email makes it much easier to leave a precarious paper trail of regrettable gossip. If the breaches at Albertson’s, The Home Depot and countless others have taught us anything, it’s the need to err on the side of caution when handling sensitive information. Employee wages, health records and other transactional data are best discussed in more secure arenas.
If not email, what?
Companies don’t need to pry employees away from their beloved email, but they should promote more diversity in the communication and collaboration tools staff use. By offering mobile or video conferencing solutions, companies can still accommodate employees’ location-independent work styles while safeguarding private data.
Simply rolling out new technology, however, will have a minimal impact unless there’s sufficient user training to support it. As is the case with any consumer or business technology, more problems stem from user error than from the tool itself. Sony employees weren’t necessarily using email in the wrong way or intentionally exposing their messages to intruders. Rather, they forgot that email isn’t the only way (or most cautious way) to communicate.
What are your thoughts on the Sony scandal? Does your organization have policies around how to communicate sensitive corporate information?