POSTED JAN 16, 2015 11:45 AM CST
BY MARTHA NEIL
Image from Shutterstock
After a stunning attack late last year by hackers who stole and publicly released a wide array of confidential Sony Pictures documents, business executives are rethinking their approach to confidential information.
Many are now urging employees not to use email for confidential conversations and rely on in-person and telephone communications instead, reports Bloomberg.
Company leaders may also want to revise their email preservation policies, says partner David Zetoony of Bryan Cave, who heads the law firm’s data privacy and security practice. He is urging clients to store email only 30 days, and to limit workers’ ability to save email on their computer hard drives.
“If you don’t have information in your system, it can’t be taken,” he tells the news agency.
However, executives need to consult their accountants and lawyers to be sure their document-retention policies are in compliance with legal requirements, chairman Chuck Mathews of WGM Associates tells the Phoenix Business Journal. In addition to shortening retention periods and enhancing document-storage safeguards, companies may also want to make sure they have appropriate cyber liability coverage, Matthews’ security and information consulting company is advising clients.
The sophisticated attack on Sony, which the FBI now attributes to the North Korean government, would likely have defeated almost any company’s defenses, wrote Bruce Schneier, a security expert affiliated with Harvard Law School, in a Wall Street Journal (sub. req.) op-ed article. But better preventative measures could have lessened its impact.
“Sony would have fared much better if its executives simply hadn’t made racist jokes about Mr. Obama or insulted its stars—or if their response systems had been agile enough to kick the hackers out before they grabbed everything,” he wrote.
Key lessons from the attack on Sony include the need for companies to actively monitor their systems for evidence of any security breach, chief security strategist Richard Bejtlich of FireEye tells CBS News.
Every business owner should ask three questions of the company’s security team, he said:
“First, what sorts of bad things have happened on our network in the last year? The second question is, how long did it take for use to detect it and how long did it take for us to deal with it? The third question you should ask is, are we a member of an organization called Forum for Incident Response and Security Teams?”
ABAJournal.com: “Sony Pictures cancels ‘Interview’ movie release, cites ‘unprecedented criminal assault’ by hackers”
CBS News: “Sony Pictures email hack causing ‘big trouble,’ may lead to big change”